025c2c7b6152ac3d599c1d4d66a30f0452baf20ae9f035560357d0afeffe4664

Analysis

max time kernel
116s
max time network
20s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21/09/2024, 22:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

025c2c7b6152ac3d599c1d4d66a30f0452baf20ae9f035560357d0afeffe4664N.exe
Size

468KB
MD5

7cfbd586333988e16a90393af0fbf090
SHA1

07021705009561bd7af103738078247643f1e7f9
SHA256

025c2c7b6152ac3d599c1d4d66a30f0452baf20ae9f035560357d0afeffe4664
SHA512

8699290366fb85fff1232e0bc26dcef8eab23f5797298ea461fb0ee15b32c40162662ed691c474d9728ecf7b811aa8926a582c6601ecda2c5660e40df65967ef
SSDEEP

3072:6RgBogBdSS5BtgYtPzpjOf8/ECOtZnpsnbHhYEhupUHMPdSCU3EF:6RSovGBtTPdjOfHpaGpUsVSCU

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2888	Unicorn-19474.exe
2216	Unicorn-50247.exe
1668	Unicorn-40495.exe
2596	Unicorn-10620.exe
2748	Unicorn-1797.exe
2812	Unicorn-46822.exe
2716	Unicorn-7927.exe
2668	Unicorn-64310.exe
2452	Unicorn-56261.exe
2632	Unicorn-17632.exe
2312	Unicorn-34059.exe
1480	Unicorn-10018.exe
2772	Unicorn-29884.exe
2692	Unicorn-10018.exe
2680	Unicorn-1295.exe
2628	Unicorn-10916.exe
1592	Unicorn-44336.exe
2080	Unicorn-40465.exe
2548	Unicorn-1470.exe
1012	Unicorn-52717.exe
2472	Unicorn-52717.exe
2260	Unicorn-21175.exe
1880	Unicorn-23942.exe
968	Unicorn-32873.exe
1316	Unicorn-12260.exe
2492	Unicorn-57932.exe
2440	Unicorn-20520.exe
1976	Unicorn-15010.exe
2920	Unicorn-15275.exe
2400	Unicorn-22929.exe
784	Unicorn-13713.exe
2212	Unicorn-34225.exe
2512	Unicorn-5545.exe
2984	Unicorn-44995.exe
1612	Unicorn-22074.exe
660	Unicorn-27444.exe
1744	Unicorn-10361.exe
2116	Unicorn-59925.exe
1804	Unicorn-59925.exe
2820	Unicorn-58000.exe
2844	Unicorn-44165.exe
2832	Unicorn-59946.exe
2852	Unicorn-39888.exe
2076	Unicorn-59754.exe
2636	Unicorn-27658.exe
2584	Unicorn-27393.exe
2640	Unicorn-17906.exe
1516	Unicorn-60330.exe
1096	Unicorn-64476.exe
1052	Unicorn-49266.exe
1328	Unicorn-18805.exe
1092	Unicorn-55561.exe
1984	Unicorn-30095.exe
2084	Unicorn-16667.exe
2364	Unicorn-39125.exe
1100	Unicorn-42301.exe
2960	Unicorn-62167.exe
2428	Unicorn-49815.exe
2060	Unicorn-43693.exe
2272	Unicorn-35333.exe
536	Unicorn-63921.exe
924	Unicorn-19551.exe
2996	Unicorn-1653.exe
1376	Unicorn-43315.exe

Loads dropped DLL 64 IoCs

pid	Process
1140	025c2c7b6152ac3d599c1d4d66a30f0452baf20ae9f035560357d0afeffe4664N.exe
1140	025c2c7b6152ac3d599c1d4d66a30f0452baf20ae9f035560357d0afeffe4664N.exe
2888	Unicorn-19474.exe
2888	Unicorn-19474.exe
1140	025c2c7b6152ac3d599c1d4d66a30f0452baf20ae9f035560357d0afeffe4664N.exe
1140	025c2c7b6152ac3d599c1d4d66a30f0452baf20ae9f035560357d0afeffe4664N.exe
1140	025c2c7b6152ac3d599c1d4d66a30f0452baf20ae9f035560357d0afeffe4664N.exe
2888	Unicorn-19474.exe
1668	Unicorn-40495.exe
2216	Unicorn-50247.exe
2888	Unicorn-19474.exe
1668	Unicorn-40495.exe
1140	025c2c7b6152ac3d599c1d4d66a30f0452baf20ae9f035560357d0afeffe4664N.exe
2216	Unicorn-50247.exe
2748	Unicorn-1797.exe
2748	Unicorn-1797.exe
1140	025c2c7b6152ac3d599c1d4d66a30f0452baf20ae9f035560357d0afeffe4664N.exe
2596	Unicorn-10620.exe
1140	025c2c7b6152ac3d599c1d4d66a30f0452baf20ae9f035560357d0afeffe4664N.exe
2596	Unicorn-10620.exe
2888	Unicorn-19474.exe
2888	Unicorn-19474.exe
1668	Unicorn-40495.exe
2812	Unicorn-46822.exe
1668	Unicorn-40495.exe
2812	Unicorn-46822.exe
2216	Unicorn-50247.exe
2216	Unicorn-50247.exe
2716	Unicorn-7927.exe
2716	Unicorn-7927.exe
2668	Unicorn-64310.exe
2668	Unicorn-64310.exe
2748	Unicorn-1797.exe
2748	Unicorn-1797.exe
2692	Unicorn-10018.exe
2692	Unicorn-10018.exe
2216	Unicorn-50247.exe
2216	Unicorn-50247.exe
2632	Unicorn-17632.exe
2452	Unicorn-56261.exe
2632	Unicorn-17632.exe
2452	Unicorn-56261.exe
2596	Unicorn-10620.exe
2596	Unicorn-10620.exe
1140	025c2c7b6152ac3d599c1d4d66a30f0452baf20ae9f035560357d0afeffe4664N.exe
1140	025c2c7b6152ac3d599c1d4d66a30f0452baf20ae9f035560357d0afeffe4664N.exe
2772	Unicorn-29884.exe
2772	Unicorn-29884.exe
2812	Unicorn-46822.exe
1480	Unicorn-10018.exe
2812	Unicorn-46822.exe
1480	Unicorn-10018.exe
1668	Unicorn-40495.exe
1668	Unicorn-40495.exe
2888	Unicorn-19474.exe
2888	Unicorn-19474.exe
2680	Unicorn-1295.exe
2680	Unicorn-1295.exe
2716	Unicorn-7927.exe
2716	Unicorn-7927.exe
1592	Unicorn-44336.exe
1592	Unicorn-44336.exe
2748	Unicorn-1797.exe
2748	Unicorn-1797.exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24634.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28673.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30092.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58778.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64310.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26235.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37138.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5836.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17757.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8192.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5231.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-584.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10620.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5545.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45016.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40967.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22296.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5231.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49695.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57932.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42599.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36103.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9427.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35565.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63127.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57656.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49863.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18914.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56416.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36136.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50124.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55561.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33639.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21731.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14253.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39125.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11871.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17802.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49763.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29249.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42570.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22929.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36480.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38373.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35572.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32873.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23500.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43003.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34868.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14253.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34952.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1653.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56640.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13843.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43003.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24637.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17632.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42680.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3562.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16667.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8172.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54300.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34868.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1140	025c2c7b6152ac3d599c1d4d66a30f0452baf20ae9f035560357d0afeffe4664N.exe
2888	Unicorn-19474.exe
2216	Unicorn-50247.exe
1668	Unicorn-40495.exe
2748	Unicorn-1797.exe
2596	Unicorn-10620.exe
2716	Unicorn-7927.exe
2812	Unicorn-46822.exe
2668	Unicorn-64310.exe
2452	Unicorn-56261.exe
2312	Unicorn-34059.exe
2632	Unicorn-17632.exe
2692	Unicorn-10018.exe
1480	Unicorn-10018.exe
2772	Unicorn-29884.exe
2680	Unicorn-1295.exe
1592	Unicorn-44336.exe
2628	Unicorn-10916.exe
2080	Unicorn-40465.exe
1012	Unicorn-52717.exe
2548	Unicorn-1470.exe
2472	Unicorn-52717.exe
2260	Unicorn-21175.exe
1880	Unicorn-23942.exe
968	Unicorn-32873.exe
1316	Unicorn-12260.exe
2440	Unicorn-20520.exe
1976	Unicorn-15010.exe
2920	Unicorn-15275.exe
2492	Unicorn-57932.exe
2400	Unicorn-22929.exe
784	Unicorn-13713.exe
2984	Unicorn-44995.exe
2212	Unicorn-34225.exe
2512	Unicorn-5545.exe
1612	Unicorn-22074.exe
660	Unicorn-27444.exe
1744	Unicorn-10361.exe
2116	Unicorn-59925.exe
1804	Unicorn-59925.exe
2820	Unicorn-58000.exe
2844	Unicorn-44165.exe
2832	Unicorn-59946.exe
2584	Unicorn-27393.exe
2076	Unicorn-59754.exe
2852	Unicorn-39888.exe
2636	Unicorn-27658.exe
1516	Unicorn-60330.exe
2640	Unicorn-17906.exe
1052	Unicorn-49266.exe
2084	Unicorn-16667.exe
1092	Unicorn-55561.exe
1984	Unicorn-30095.exe
1096	Unicorn-64476.exe
1328	Unicorn-18805.exe
2364	Unicorn-39125.exe
1100	Unicorn-42301.exe
2960	Unicorn-62167.exe
2428	Unicorn-49815.exe
2060	Unicorn-43693.exe
536	Unicorn-63921.exe
2272	Unicorn-35333.exe
924	Unicorn-19551.exe
1376	Unicorn-43315.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1140 wrote to memory of 2888	1140	025c2c7b6152ac3d599c1d4d66a30f0452baf20ae9f035560357d0afeffe4664N.exe	29
PID 1140 wrote to memory of 2888	1140	025c2c7b6152ac3d599c1d4d66a30f0452baf20ae9f035560357d0afeffe4664N.exe	29
PID 1140 wrote to memory of 2888	1140	025c2c7b6152ac3d599c1d4d66a30f0452baf20ae9f035560357d0afeffe4664N.exe	29
PID 1140 wrote to memory of 2888	1140	025c2c7b6152ac3d599c1d4d66a30f0452baf20ae9f035560357d0afeffe4664N.exe	29
PID 2888 wrote to memory of 2216	2888	Unicorn-19474.exe	30
PID 2888 wrote to memory of 2216	2888	Unicorn-19474.exe	30
PID 2888 wrote to memory of 2216	2888	Unicorn-19474.exe	30
PID 2888 wrote to memory of 2216	2888	Unicorn-19474.exe	30
PID 1140 wrote to memory of 1668	1140	025c2c7b6152ac3d599c1d4d66a30f0452baf20ae9f035560357d0afeffe4664N.exe	31
PID 1140 wrote to memory of 1668	1140	025c2c7b6152ac3d599c1d4d66a30f0452baf20ae9f035560357d0afeffe4664N.exe	31
PID 1140 wrote to memory of 1668	1140	025c2c7b6152ac3d599c1d4d66a30f0452baf20ae9f035560357d0afeffe4664N.exe	31
PID 1140 wrote to memory of 1668	1140	025c2c7b6152ac3d599c1d4d66a30f0452baf20ae9f035560357d0afeffe4664N.exe	31
PID 2888 wrote to memory of 2596	2888	Unicorn-19474.exe	35
PID 2888 wrote to memory of 2596	2888	Unicorn-19474.exe	35
PID 2888 wrote to memory of 2596	2888	Unicorn-19474.exe	35
PID 2888 wrote to memory of 2596	2888	Unicorn-19474.exe	35
PID 1668 wrote to memory of 2812	1668	Unicorn-40495.exe	32
PID 1668 wrote to memory of 2812	1668	Unicorn-40495.exe	32
PID 1668 wrote to memory of 2812	1668	Unicorn-40495.exe	32
PID 1668 wrote to memory of 2812	1668	Unicorn-40495.exe	32
PID 1140 wrote to memory of 2748	1140	025c2c7b6152ac3d599c1d4d66a30f0452baf20ae9f035560357d0afeffe4664N.exe	33
PID 1140 wrote to memory of 2748	1140	025c2c7b6152ac3d599c1d4d66a30f0452baf20ae9f035560357d0afeffe4664N.exe	33
PID 1140 wrote to memory of 2748	1140	025c2c7b6152ac3d599c1d4d66a30f0452baf20ae9f035560357d0afeffe4664N.exe	33
PID 1140 wrote to memory of 2748	1140	025c2c7b6152ac3d599c1d4d66a30f0452baf20ae9f035560357d0afeffe4664N.exe	33
PID 2216 wrote to memory of 2716	2216	Unicorn-50247.exe	34
PID 2216 wrote to memory of 2716	2216	Unicorn-50247.exe	34
PID 2216 wrote to memory of 2716	2216	Unicorn-50247.exe	34
PID 2216 wrote to memory of 2716	2216	Unicorn-50247.exe	34
PID 2748 wrote to memory of 2668	2748	Unicorn-1797.exe	36
PID 2748 wrote to memory of 2668	2748	Unicorn-1797.exe	36
PID 2748 wrote to memory of 2668	2748	Unicorn-1797.exe	36
PID 2748 wrote to memory of 2668	2748	Unicorn-1797.exe	36
PID 1140 wrote to memory of 2452	1140	025c2c7b6152ac3d599c1d4d66a30f0452baf20ae9f035560357d0afeffe4664N.exe	37
PID 1140 wrote to memory of 2452	1140	025c2c7b6152ac3d599c1d4d66a30f0452baf20ae9f035560357d0afeffe4664N.exe	37
PID 1140 wrote to memory of 2452	1140	025c2c7b6152ac3d599c1d4d66a30f0452baf20ae9f035560357d0afeffe4664N.exe	37
PID 1140 wrote to memory of 2452	1140	025c2c7b6152ac3d599c1d4d66a30f0452baf20ae9f035560357d0afeffe4664N.exe	37
PID 2596 wrote to memory of 2632	2596	Unicorn-10620.exe	38
PID 2596 wrote to memory of 2632	2596	Unicorn-10620.exe	38
PID 2596 wrote to memory of 2632	2596	Unicorn-10620.exe	38
PID 2596 wrote to memory of 2632	2596	Unicorn-10620.exe	38
PID 2888 wrote to memory of 2312	2888	Unicorn-19474.exe	39
PID 2888 wrote to memory of 2312	2888	Unicorn-19474.exe	39
PID 2888 wrote to memory of 2312	2888	Unicorn-19474.exe	39
PID 2888 wrote to memory of 2312	2888	Unicorn-19474.exe	39
PID 1668 wrote to memory of 1480	1668	Unicorn-40495.exe	40
PID 1668 wrote to memory of 1480	1668	Unicorn-40495.exe	40
PID 1668 wrote to memory of 1480	1668	Unicorn-40495.exe	40
PID 1668 wrote to memory of 1480	1668	Unicorn-40495.exe	40
PID 2812 wrote to memory of 2772	2812	Unicorn-46822.exe	41
PID 2812 wrote to memory of 2772	2812	Unicorn-46822.exe	41
PID 2812 wrote to memory of 2772	2812	Unicorn-46822.exe	41
PID 2812 wrote to memory of 2772	2812	Unicorn-46822.exe	41
PID 2216 wrote to memory of 2692	2216	Unicorn-50247.exe	42
PID 2216 wrote to memory of 2692	2216	Unicorn-50247.exe	42
PID 2216 wrote to memory of 2692	2216	Unicorn-50247.exe	42
PID 2216 wrote to memory of 2692	2216	Unicorn-50247.exe	42
PID 2716 wrote to memory of 2680	2716	Unicorn-7927.exe	43
PID 2716 wrote to memory of 2680	2716	Unicorn-7927.exe	43
PID 2716 wrote to memory of 2680	2716	Unicorn-7927.exe	43
PID 2716 wrote to memory of 2680	2716	Unicorn-7927.exe	43
PID 2668 wrote to memory of 2628	2668	Unicorn-64310.exe	44
PID 2668 wrote to memory of 2628	2668	Unicorn-64310.exe	44
PID 2668 wrote to memory of 2628	2668	Unicorn-64310.exe	44
PID 2668 wrote to memory of 2628	2668	Unicorn-64310.exe	44

C:\Users\Admin\AppData\Local\Temp\025c2c7b6152ac3d599c1d4d66a30f0452baf20ae9f035560357d0afeffe4664N.exe
"C:\Users\Admin\AppData\Local\Temp\025c2c7b6152ac3d599c1d4d66a30f0452baf20ae9f035560357d0afeffe4664N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1140
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19474.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19474.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50247.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50247.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7927.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7927.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1295.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15275.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58000.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16148.exe
        8⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41856.exe
        8⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21701.exe
        8⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40967.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8176.exe
        8⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23500.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13106.exe
        8⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15986.exe
        8⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37138.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14253.exe
        8⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33904.exe
        8⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6976.exe
        7⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35587.exe
        7⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51134.exe
        7⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52146.exe
        7⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44590.exe
        7⤵
        
        PID:4568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44165.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37793.exe
        7⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27133.exe
        7⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51397.exe
        7⤵
        
        PID:4780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6976.exe
        6⤵
        
        PID:2136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39479.exe
        6⤵
        
        PID:1772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65064.exe
        6⤵
        
        PID:3100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54590.exe
        6⤵
        
        PID:3284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34435.exe
        6⤵
        
        PID:4212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22929.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62167.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36480.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12717.exe
        7⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38373.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37723.exe
        7⤵
        
        PID:288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21844.exe
        7⤵
        
        PID:4312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42680.exe
        6⤵
        
        PID:2624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28014.exe
        6⤵
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44238.exe
        6⤵
        
        PID:3628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24973.exe
        6⤵
        
        PID:4048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49815.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62281.exe
        5⤵
        
        PID:2884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25214.exe
        5⤵
        
        PID:2416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49763.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29588.exe
        5⤵
        
        PID:3292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29883.exe
        5⤵
        
        PID:4364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10018.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10018.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40465.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22074.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16667.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3999.exe
        8⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53833.exe
        8⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3562.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33639.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52571.exe
        8⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42680.exe
        7⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28014.exe
        7⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30092.exe
        7⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43262.exe
        7⤵
        
        PID:4804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42301.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34918.exe
        7⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45586.exe
        7⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46184.exe
        7⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34952.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23347.exe
        7⤵
        
        PID:4464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56416.exe
        6⤵
        
        PID:2700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54300.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35572.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31572.exe
        6⤵
        
        PID:3956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53101.exe
        6⤵
        
        PID:4376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27444.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13106.exe
        6⤵
        
        PID:2220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15986.exe
        6⤵
        
        PID:3040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10797.exe
        6⤵
        
        PID:3440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4553.exe
        6⤵
        
        PID:3864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36035.exe
        6⤵
        
        PID:4320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6976.exe
        5⤵
        
        PID:2072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35587.exe
        5⤵
        
        PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51134.exe
        5⤵
        
        PID:3412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21611.exe
        5⤵
        
        PID:1460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44590.exe
        5⤵
        
        PID:4544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1470.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18805.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11340.exe
        6⤵
        
        PID:3920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50853.exe
        5⤵
        
        PID:1944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3812.exe
        5⤵
        
        PID:3336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61689.exe
        5⤵
        
        PID:3252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34435.exe
        5⤵
        
        PID:4228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49266.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10221.exe
        5⤵
        
        PID:960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17377.exe
        5⤵
        
        PID:3144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17757.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12935.exe
        6⤵
        
        PID:3324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36705.exe
        6⤵
        
        PID:3760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36946.exe
        5⤵
        
        PID:3260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-631.exe
        5⤵
        
        PID:3516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19974.exe
        5⤵
        
        PID:4904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53616.exe
      4⤵
      PID:1980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8679.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8679.exe
      4⤵
      PID:2192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36103.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8057.exe
      4⤵
      PID:3360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26235.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26235.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10620.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10620.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17632.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52717.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27658.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49863.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19878.exe
        7⤵
        
        PID:524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45608.exe
        7⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29249.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49055.exe
        7⤵
        
        PID:4512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7979.exe
        6⤵
        
        PID:316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24267.exe
        6⤵
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8192.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5588.exe
        6⤵
        
        PID:3316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43262.exe
        6⤵
        
        PID:4824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17906.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44928.exe
        6⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42266.exe
        7⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23402.exe
        7⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8388.exe
        7⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42570.exe
        7⤵
        
        PID:3132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31663.exe
        6⤵
        
        PID:2432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31662.exe
        6⤵
        
        PID:3684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49064.exe
        6⤵
        
        PID:3980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19974.exe
        6⤵
        
        PID:4896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53188.exe
        5⤵
        
        PID:2880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51264.exe
        5⤵
        
        PID:2712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28862.exe
        5⤵
        
        PID:3676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25617.exe
        5⤵
        
        PID:3376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34435.exe
        5⤵
        
        PID:4240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21175.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21175.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63127.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5836.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52738.exe
        6⤵
        
        PID:3656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44953.exe
        6⤵
        
        PID:3388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42570.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10972.exe
        5⤵
        
        PID:2000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65064.exe
        5⤵
        
        PID:3088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22296.exe
        5⤵
        
        PID:3756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29883.exe
        5⤵
        
        PID:4412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60012.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60012.exe
      4⤵
      PID:456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56718.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56718.exe
      4⤵
      PID:1280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21789.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21789.exe
      4⤵
      PID:3392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19037.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19037.exe
      4⤵
      PID:3596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29588.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29588.exe
      4⤵
      PID:3800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34059.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34059.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59925.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59925.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37269.exe
        5⤵
        
        PID:1308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14609.exe
        5⤵
        
        PID:4152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62281.exe
      4⤵
      PID:2696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13538.exe
      4⤵
      PID:1740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30623.exe
      4⤵
      PID:3124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13663.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13663.exe
      4⤵
      PID:4424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15010.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15010.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43693.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43693.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41026.exe
        5⤵
        
        PID:3276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24637.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31857.exe
        5⤵
        
        PID:3520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8719.exe
        5⤵
        
        PID:4596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42680.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42680.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7978.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7978.exe
      4⤵
      PID:2524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9427.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48108.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48108.exe
      4⤵
      PID:1868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56749.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56749.exe
      4⤵
      PID:4432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43315.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43315.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37080.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37080.exe
    3⤵
    PID:2344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54525.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54525.exe
    3⤵
    PID:2588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14572.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14572.exe
    3⤵
    PID:3456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2722.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2722.exe
    3⤵
    PID:1464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43455.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43455.exe
    3⤵
    PID:4520
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40495.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40495.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46822.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46822.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29884.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29884.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32873.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59946.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58778.exe
        6⤵
        
        PID:1764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29721.exe
        6⤵
        
        PID:2104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8192.exe
        6⤵
        
        PID:3208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5588.exe
        6⤵
        
        PID:3332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5231.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65094.exe
        6⤵
        
        PID:5116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39888.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35565.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60475.exe
        5⤵
        
        PID:888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51134.exe
        5⤵
        
        PID:3432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5083.exe
        5⤵
        
        PID:3868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29883.exe
        5⤵
        
        PID:4392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57932.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57932.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55561.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13106.exe
        6⤵
        
        PID:1160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15986.exe
        6⤵
        
        PID:2660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37138.exe
        6⤵
        
        PID:4084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14253.exe
        6⤵
        
        PID:3156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33904.exe
        6⤵
        
        PID:4164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29997.exe
        5⤵
        
        PID:1672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33613.exe
        5⤵
        
        PID:1416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8192.exe
        5⤵
        
        PID:3176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5231.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-584.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39125.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39125.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45772.exe
        5⤵
        
        PID:3952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49695.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62281.exe
      4⤵
      PID:2708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5178.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5178.exe
      4⤵
      PID:1704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30623.exe
      4⤵
      PID:3232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16396.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16396.exe
      4⤵
      PID:4832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10018.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10018.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12260.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12260.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60330.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11871.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56795.exe
        5⤵
        
        PID:1616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30092.exe
        5⤵
        
        PID:3152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17369.exe
        5⤵
        
        PID:1988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64476.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61264.exe
        5⤵
        
        PID:3024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1133.exe
        5⤵
        
        PID:2108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43003.exe
        5⤵
        
        PID:4076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5231.exe
        5⤵
        
        PID:3772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-584.exe
        5⤵
        
        PID:4680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57656.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57656.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49017.exe
      4⤵
      PID:2476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51421.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51421.exe
      4⤵
      PID:3836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56344.exe
      4⤵
      PID:3268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34435.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34435.exe
      4⤵
      PID:4204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20520.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20520.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59754.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59754.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56640.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36136.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36136.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43003.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43003.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5231.exe
      4⤵
      PID:3824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-584.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-584.exe
      4⤵
      PID:4696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27393.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27393.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18914.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18914.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35274.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35274.exe
    3⤵
    PID:2356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34868.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34868.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50124.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50124.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7569.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7569.exe
    3⤵
    PID:3500
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1797.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1797.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64310.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64310.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10916.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5545.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35333.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34046.exe
        7⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2845.exe
        8⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37117.exe
        7⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24589.exe
        7⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9427.exe
        7⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18417.exe
        7⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40413.exe
        7⤵
        
        PID:4456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8342.exe
        6⤵
        
        PID:2204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16837.exe
        6⤵
        
        PID:2180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63673.exe
        6⤵
        
        PID:3664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23479.exe
        6⤵
        
        PID:3728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21731.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19551.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55800.exe
        6⤵
        
        PID:3476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16469.exe
        6⤵
        
        PID:3816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27773.exe
        6⤵
        
        PID:4024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8719.exe
        6⤵
        
        PID:4588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56416.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17129.exe
        5⤵
        
        PID:3244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30623.exe
        5⤵
        
        PID:3200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12904.exe
        5⤵
        
        PID:4116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44995.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44995.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58358.exe
        5⤵
        
        PID:952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37117.exe
        5⤵
        
        PID:1652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28673.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30092.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43262.exe
        5⤵
        
        PID:4812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5549.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5549.exe
      4⤵
      PID:1492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8172.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8172.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57.exe
      4⤵
      PID:3028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50124.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50124.exe
      4⤵
      PID:4052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7569.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7569.exe
      4⤵
      PID:3948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44336.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44336.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13713.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13713.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63921.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34046.exe
        6⤵
        
        PID:3004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10972.exe
        6⤵
        
        PID:1216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6801.exe
        6⤵
        
        PID:3632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38068.exe
        6⤵
        
        PID:840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14798.exe
        6⤵
        
        PID:4540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10480.exe
        5⤵
        
        PID:1624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37611.exe
        5⤵
        
        PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17802.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6118.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10174.exe
        5⤵
        
        PID:4876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1653.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1653.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:2996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25689.exe
      4⤵
      PID:2540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34868.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34868.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50124.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50124.exe
      4⤵
      PID:1368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7569.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7569.exe
      4⤵
      PID:3860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34225.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34225.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49012.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49012.exe
      4⤵
      PID:2952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13106.exe
        5⤵
        
        PID:1560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15986.exe
        5⤵
        
        PID:2388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2327.exe
        5⤵
        
        PID:3116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14253.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33904.exe
        5⤵
        
        PID:4192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58778.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58778.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29721.exe
      4⤵
      PID:3048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8192.exe
      4⤵
      PID:3188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5231.exe
      4⤵
      PID:3780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-584.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-584.exe
      4⤵
      PID:4672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46609.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46609.exe
    3⤵
    PID:2656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21509.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21509.exe
      4⤵
      PID:2496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7289.exe
      4⤵
      PID:3880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59647.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59647.exe
      4⤵
      PID:4264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42599.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42599.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12327.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12327.exe
    3⤵
    PID:3696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32377.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32377.exe
    3⤵
    PID:3776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12904.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12904.exe
    3⤵
    PID:4108
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56261.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56261.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52717.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52717.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10361.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24316.exe
        5⤵
        
        PID:1304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51975.exe
        5⤵
        
        PID:1724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37138.exe
        5⤵
        
        PID:4060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14253.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33904.exe
        5⤵
        
        PID:4180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19224.exe
      4⤵
      PID:2916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29145.exe
      4⤵
      PID:2536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43003.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43003.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5588.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5588.exe
      4⤵
      PID:3320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43262.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43262.exe
      4⤵
      PID:4764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59925.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59925.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58358.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58358.exe
      4⤵
      PID:2176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10972.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10972.exe
      4⤵
      PID:848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34337.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34337.exe
      4⤵
      PID:2456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22296.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29883.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29883.exe
      4⤵
      PID:4356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5549.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5549.exe
    3⤵
    PID:2732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8172.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8172.exe
    3⤵
    PID:3032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47137.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47137.exe
    3⤵
    PID:3640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7872.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7872.exe
    3⤵
    PID:3496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12904.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12904.exe
    3⤵
    PID:4100
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23942.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23942.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45016.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45016.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59130.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59130.exe
    3⤵
    PID:1204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13843.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13843.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13557.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13557.exe
    3⤵
    PID:3112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34435.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34435.exe
    3⤵
    PID:4220
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30095.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30095.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43795.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43795.exe
    3⤵
    PID:4504
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54146.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54146.exe
  2⤵
  PID:3060
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24634.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24634.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1596
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9237.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9237.exe
  2⤵
  PID:3608
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2838.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2838.exe
  2⤵
  PID:3968
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15720.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15720.exe
  2⤵
  PID:4556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-39888.exe

Filesize
468KB

MD5
2a54c990b689c24239b6af76c28fdaa1

SHA1
3cfe974d3ca10ced9ea825b2102ebb811e669604

SHA256
870e9e3147469cfc87ce575b5abba7dfb86212a0fa93ab3aa7abd6b417bc7394

SHA512
0c5517b01d0b5af0f98560a9754389d732902c98a4406c09907b3b3e1ab06dc0478cc6bcffa844be08243ee0631bac3892e03d8d50be5f2c28de276592f31c40

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46822.exe

Filesize
468KB

MD5
ee97d751b5051963bc74604694794419

SHA1
1d4cd50e76c1018f3e4805b77e38b4ed0ee82a5b

SHA256
201467001b4a7c64f1dfbf6f8c598861364e1158bc2d44bb03ffa22bff09c3af

SHA512
e5d4005e3a56b7c796a67fee960ef3ebaa1fc77c70a0c62b8f9a9b9b647d333c4294d6e0a71431ac017506f4c0570942bd1bd44dc6c99d07305cd55f0c03375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5545.exe

Filesize
468KB

MD5
514317684ee4c44a7458a3b4f8851cda

SHA1
4471a1d46ce79a903bfd31b1789cb716aa309453

SHA256
62754c9d4a6b65ba66b4bec6ebdd67e2fa3d83f19f8a8aaf55f1da887b446fd8

SHA512
d570c2bb1d36409f3532a3788b629c3a1d839b90468a3d94fa5f7c002c89e5c306e80f259d3f934285b93a55dbdf7799234ee187c8f9443f7965de8bf5d5b582

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56640.exe

Filesize
468KB

MD5
b6c170cc7483049726e8292c128a2e86

SHA1
9ea97b9754a5de8197228dce25214b8f78430fb0

SHA256
e50dbb6271f762565aad4650c2072862714fa935d210f8984521c325ece4b1e7

SHA512
952933e965773929e9f0caee58dc7415b3f656f0b395abb4e105a98cd5421fb435e420f7372fc81f792afd5591128ca7124b524e4cd66a13364c4165d4702f20

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7927.exe

Filesize
468KB

MD5
ee2a524ad13ff3ca3c718890a1da13fc

SHA1
2a7110906f7cf39c04562e07ac1f508c5238334e

SHA256
f1269e54e54c7dfe427e6967f7eb16491a2a88f904f3ffdbe25b1b88014501e0

SHA512
add1cfe1daa5d8489408b4c4677b6e550613d2190520645ff131316f66428dbade90899212cb9b7835d13089e550ada5ff98780dc7db1c0e60b0ec654b8a4e3a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10018.exe

Filesize
468KB

MD5
b85a008e6e1a7c6fe8a847f91ca0c3f8

SHA1
2604f8e0debb2f04667d99e504589ed6d04224bc

SHA256
229897c459858f8b9d235cc345289745c4a9b8f0548e60bfdc55f6b7934ffccc

SHA512
11ae79cfecac244be6a9fb7c1b656a66b66407fc7cec99acf27dbe9d7f105a198adcc7786053b0657a2b70ea8be8db5f4cc567fd7420f822d9dfebdb2f3c004f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10620.exe

Filesize
468KB

MD5
521e619ee036c659d20547242de7c044

SHA1
31ebd9633b2faed2adbcb90f07c5a35f44eceb97

SHA256
001c7366fc0a713fbb06ab0336dfa7e5788578f34c10e036a822da0aa00a2548

SHA512
4a7124293467e1601180fb0026e7c69f7c520492eff7fb0f18867674238a0d2d091bb3c21d096824dd9d356fe2523b82bb511614eafba7dd1cd7cc1f7445dbed

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10916.exe

Filesize
468KB

MD5
840375a13a9eea53f9f3026fb17df23f

SHA1
69446442d4ea3d8167b56e690fd274d46ebdb44a

SHA256
514f793d4ac746a8457ecb2c8a44f99fcc2c212e59c09a535b908a00eb95be7c

SHA512
9ed3df7d85c4f857be6989c1e0e4f0f05a50e07a5f404dbe3ae02ec8cfc2f2429c09935477715fdfc81de9d58251bd576ff941a73679e647c9959eb9200c9fe3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1295.exe

Filesize
468KB

MD5
4fc8edd4bb7f84a8d2960d2cae78ade8

SHA1
70058e7c2b8affea256137e3dda8fec49b7deb75

SHA256
a73d4cbde8f0df8c56b1e7fb2e6ccdb3898e3f6c2f01f76d17998a47a61e3dbb

SHA512
b84293c15f14c112b3e1e67b631155dd14b2f15ac477651326242b9574d2f016559ad59c12423155944d5f6ade5a85591d36ca2915a3ea454cfe46e720331eb3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1470.exe

Filesize
468KB

MD5
9f19319ee2f5416e1cf5386f5c34e09a

SHA1
447ffb87ce03c40c36fd1681bc9e3d64b1e91767

SHA256
c9b5c7d606948bedc4019bcccd322dc6ffc952c344940d526ab65b4b70f0d79d

SHA512
30ea163ec770e41b81d1bfe5e3973afc8a2c0602bd33c148cde1a0cb48b2851ae7b746124835c00226f05cb843c3834518ebf43cca61e28f54a1a4f4185cd9f7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17632.exe

Filesize
468KB

MD5
b5353227b723596420d9ce530fe41fd1

SHA1
f9a617313f080de615ba05fe063d72c1dd51a306

SHA256
5d38f57a7212a9e713ebd33822caeee09cf466b62ec82c3fc4bda050d129fb2e

SHA512
de1937a31717696b1dde43fdcb48730d907d25e4e669e7dfa68dc09f4599638ddbd787b64360defcc7eaac17e4d71a86efbc041f5722aaf552e63aa004e44205

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1797.exe

Filesize
468KB

MD5
27070be253e3704720505145f30f3c13

SHA1
de16f0698d1787f24285e326b5dc4fa94cb23f9a

SHA256
3559279244c98b1a96de7f66fa454c19141aa08a613c3198fd7e671440ba94fa

SHA512
7ea4b30a97615d4854c6912dc69d6a516405f7a6af103c19fff00bb1e1836c822723ac1fe1d9f5daef236b4ec4168c707e3d794e711a0f0d6514468d11207b11

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19474.exe

Filesize
468KB

MD5
276b6b130331bc7a159f4da3b71de605

SHA1
d5b95cd9257313a1fc0dd86d0400e08595466f8a

SHA256
22a11dbbc29426621eda84058cdb6f7e65693d050eb2d2bb8144044215ff3ef4

SHA512
14f076eea345b71c383682336218b734d3c5b40d0cf05f1c0ec56c8d5889e407c246cf80953bdcad80ec838bb65202ec75db3bc8ee6b248b9bb887bbdccd6ca4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29884.exe

Filesize
468KB

MD5
b3748e12132f973badf7263c1b732862

SHA1
3e79eaebec225e75df4ef42137b1ce7f6c94de09

SHA256
223564d1b2117b14afc55c70dd423b6e54bf363a7022dc3126ac510a465b2cfa

SHA512
1d679da30f6c5dea1b8ce55771baafed8bd64e00de44f3bb40b05ebcb7bf3fdbf0ded647e650cb2528994ad0248b3c0de6c4c8ed6ea4729d291a0b1fe1f19dfc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34059.exe

Filesize
468KB

MD5
8e972faaa2ea6a4fff3b8a0aff5a680a

SHA1
c818ea12224ee63c0b25b30868b455b57c172f47

SHA256
cc89bbe89078bd2d4b927f09d9c6856bea93dd1dbd89ba5bd1330fd3df2ad98b

SHA512
2f2154ae343aca2fa8b9f0fcb653887f1a069fba8329039f1ce0786e77e4723c6ca5edd72deb29b0d7a0ac30cbafc1bb525bcee2bb2fd8d32466c0153bc83eea

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40465.exe

Filesize
468KB

MD5
2f40038ca9f76d16225e0f3bd2763793

SHA1
ef07b1d82f3ee395f10c38367bd0c07894335547

SHA256
37e36bf679ae2419cac0b1c2940986168cdefdfbb56356ff2dffcf4d022dcb18

SHA512
c9db35f9e99bd7af567961f87d6d8d4fbec26f0c5d50dd06a702dd84adfa6fb91bb612a4478858c0df50f5eafbd900963917b8d225fb69a2d8c58f56286abadb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40495.exe

Filesize
468KB

MD5
93dd8f4df2b1e9b922498f54be67db1c

SHA1
f249ba5bfb520011503ffc5c65c46e8cbc30566f

SHA256
bc665de792420f372dc56d1787ca74546939f2788698c0b9360bd3620ab709c9

SHA512
89aa573ba9c0ad119093e5624b5cb6bd3ac3e3556fc549310f14d87e203d66da0b18ab1abeff2ca492b2141d602f37e9385eb349eb2571261aff2a77e3aa0802

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44336.exe

Filesize
468KB

MD5
c69daa21193660c0682bdc4a2373f085

SHA1
1c0443ce9367c90e1b4416e9597185014f6be707

SHA256
fc389fb98530786c60e6ab4306a967351bd7263285d11aad528bc7ed352e4d15

SHA512
912483ca52c816ffa483baec5c1df88852307d1969c0c68b6f348777182d77e02a4e7904d89f42b9f93afd41eb8efb2e721e58bea05a2f75e7921f81ef3fc28c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50247.exe

Filesize
468KB

MD5
e602d6e50db410f4c6b97b8f057543b2

SHA1
048d925d7ea00d5e2b895e1c9128411905fb2875

SHA256
526e8d6e37170f191d5fc9da1c7099bf4c6b738167eec67be60c9959a7f3a1d1

SHA512
b9c69fcd86f6f8bf5e9d625be438c79c499805eebcf104c6ec66375e79e2f924d73f67ccc7f7f5aed24bd79bf7ea3378a458acedb94e7e9cdc2e6622cc7ac7a0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56261.exe

Filesize
468KB

MD5
2ec5fe66160776e043091a9d206e35e1

SHA1
f3b6a545f023cdd92cf7e881bc78aad56c99a8e3

SHA256
1e7fbaf408670107b69fdfb09b914a11c72898f1f20520cf795b5ae2340feab6

SHA512
36f30d94029e30e846d4655efa5971a485d59e08f4688ac1d749a554b926da37f44778564dc900b8531e1ddea1179d13bfdef2b94c4babcf0a6370629685a607

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64310.exe

Filesize
468KB

MD5
4ec2bd07a2dc8f51acaa81700bed6277

SHA1
5361a6f4bc0428af32a0af20e5e6e2251b15a1a9

SHA256
6430751dacf8779b860c578c3732094c73e8cb150af38808c2d5c2e643dd1b91

SHA512
6193da752af9f46dbe10853dc05b38b05e7a62904d75a368a26ffca0d646818fbf32f89120245c0ed6b2bee448d52b94473a1e8b5c71be36ac6a3cadb1a43f05

Download Submit