e8819352702fa72bdcd940a3d6b08f7dbbc648854d1ac86fb4511a80ce6e791e

Analysis

max time kernel
120s
max time network
20s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25/09/2024, 21:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e8819352702fa72bdcd940a3d6b08f7dbbc648854d1ac86fb4511a80ce6e791eN.exe
Size

468KB
MD5

9c13276901f9edca826647fb735b27f0
SHA1

a4af3d2cc2d7734768f27f510568a5c1fa43dda4
SHA256

e8819352702fa72bdcd940a3d6b08f7dbbc648854d1ac86fb4511a80ce6e791e
SHA512

b02baafb8647a4dc8697d6eb8e4f466c0fa022fcc28ab5ff5c5b0a33fc5648ab63393e236f26c5be2ad7a6c06259345dcdf08576f45ac38578fcef9e00a9600d
SSDEEP

3072:WldSogdEIc5A8bYGofjcff8wAaJBHpnLJEHCgdSD1ZwIhDGDCAfB:WlUoE0A85orcffnBx31Z51GDC

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1160	Unicorn-63897.exe
2080	Unicorn-61842.exe
2200	Unicorn-3082.exe
2264	Unicorn-23908.exe
2812	Unicorn-50550.exe
2940	Unicorn-38852.exe
2576	Unicorn-36828.exe
952	Unicorn-6284.exe
1640	Unicorn-37373.exe
2104	Unicorn-16207.exe
1700	Unicorn-61899.exe
1272	Unicorn-55769.exe
2896	Unicorn-61634.exe
1864	Unicorn-42033.exe
2928	Unicorn-61899.exe
908	Unicorn-6331.exe
1556	Unicorn-4748.exe
2392	Unicorn-57286.exe
1316	Unicorn-16729.exe
1828	Unicorn-23436.exe
1612	Unicorn-5516.exe
844	Unicorn-25382.exe
1852	Unicorn-39507.exe
1052	Unicorn-28074.exe
1268	Unicorn-62138.exe
1292	Unicorn-4861.exe
2860	Unicorn-44432.exe
1568	Unicorn-44432.exe
1784	Unicorn-24566.exe
1684	Unicorn-39586.exe
1104	Unicorn-40732.exe
2088	Unicorn-5821.exe
628	Unicorn-11951.exe
888	Unicorn-64167.exe
2216	Unicorn-41094.exe
1600	Unicorn-52278.exe
2372	Unicorn-2522.exe
2772	Unicorn-23446.exe
2380	Unicorn-56383.exe
2740	Unicorn-1515.exe
1844	Unicorn-38463.exe
2692	Unicorn-37717.exe
2620	Unicorn-47208.exe
2700	Unicorn-5428.exe
3068	Unicorn-36709.exe
2556	Unicorn-8042.exe
3060	Unicorn-32647.exe
2944	Unicorn-32647.exe
3056	Unicorn-39853.exe
980	Unicorn-10451.exe
2284	Unicorn-45283.exe
2872	Unicorn-13602.exe
2436	Unicorn-22267.exe
1780	Unicorn-24671.exe
1516	Unicorn-44276.exe
1912	Unicorn-54904.exe
2184	Unicorn-36792.exe
2352	Unicorn-50528.exe
2120	Unicorn-56658.exe
2176	Unicorn-56658.exe
3012	Unicorn-56658.exe
1456	Unicorn-43590.exe
3016	Unicorn-55188.exe
2192	Unicorn-41452.exe

Loads dropped DLL 64 IoCs

pid	Process
904	e8819352702fa72bdcd940a3d6b08f7dbbc648854d1ac86fb4511a80ce6e791eN.exe
904	e8819352702fa72bdcd940a3d6b08f7dbbc648854d1ac86fb4511a80ce6e791eN.exe
904	e8819352702fa72bdcd940a3d6b08f7dbbc648854d1ac86fb4511a80ce6e791eN.exe
1160	Unicorn-63897.exe
1160	Unicorn-63897.exe
904	e8819352702fa72bdcd940a3d6b08f7dbbc648854d1ac86fb4511a80ce6e791eN.exe
2080	Unicorn-61842.exe
2200	Unicorn-3082.exe
2080	Unicorn-61842.exe
2200	Unicorn-3082.exe
1160	Unicorn-63897.exe
1160	Unicorn-63897.exe
904	e8819352702fa72bdcd940a3d6b08f7dbbc648854d1ac86fb4511a80ce6e791eN.exe
904	e8819352702fa72bdcd940a3d6b08f7dbbc648854d1ac86fb4511a80ce6e791eN.exe
2264	Unicorn-23908.exe
2264	Unicorn-23908.exe
2200	Unicorn-3082.exe
2200	Unicorn-3082.exe
2576	Unicorn-36828.exe
2576	Unicorn-36828.exe
2940	Unicorn-38852.exe
904	e8819352702fa72bdcd940a3d6b08f7dbbc648854d1ac86fb4511a80ce6e791eN.exe
2940	Unicorn-38852.exe
1160	Unicorn-63897.exe
904	e8819352702fa72bdcd940a3d6b08f7dbbc648854d1ac86fb4511a80ce6e791eN.exe
1160	Unicorn-63897.exe
2812	Unicorn-50550.exe
2080	Unicorn-61842.exe
2080	Unicorn-61842.exe
2812	Unicorn-50550.exe
952	Unicorn-6284.exe
952	Unicorn-6284.exe
2264	Unicorn-23908.exe
2264	Unicorn-23908.exe
1640	Unicorn-37373.exe
1640	Unicorn-37373.exe
2200	Unicorn-3082.exe
2200	Unicorn-3082.exe
2104	Unicorn-16207.exe
2104	Unicorn-16207.exe
2576	Unicorn-36828.exe
2928	Unicorn-61899.exe
2576	Unicorn-36828.exe
2928	Unicorn-61899.exe
1160	Unicorn-63897.exe
1160	Unicorn-63897.exe
2812	Unicorn-50550.exe
2812	Unicorn-50550.exe
1864	Unicorn-42033.exe
1864	Unicorn-42033.exe
2080	Unicorn-61842.exe
2080	Unicorn-61842.exe
2896	Unicorn-61634.exe
1700	Unicorn-61899.exe
2940	Unicorn-38852.exe
1700	Unicorn-61899.exe
2940	Unicorn-38852.exe
2896	Unicorn-61634.exe
904	e8819352702fa72bdcd940a3d6b08f7dbbc648854d1ac86fb4511a80ce6e791eN.exe
904	e8819352702fa72bdcd940a3d6b08f7dbbc648854d1ac86fb4511a80ce6e791eN.exe
1556	Unicorn-4748.exe
1556	Unicorn-4748.exe
2264	Unicorn-23908.exe
908	Unicorn-6331.exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7690.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4748.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29985.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43883.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8660.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54862.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17594.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45192.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26622.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62475.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58496.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20341.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34754.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43100.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1515.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8516.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46020.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63128.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56248.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23141.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39507.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45837.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63427.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4455.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12029.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40597.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5860.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57583.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32891.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8164.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31983.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57286.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39586.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6284.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36238.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22755.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45928.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23661.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22099.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28074.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32647.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18208.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63897.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4861.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1837.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5860.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23317.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11598.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3082.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2522.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47295.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33005.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44519.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47395.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37508.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23661.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61899.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47208.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55769.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46020.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25697.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50280.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58471.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45192.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
904	e8819352702fa72bdcd940a3d6b08f7dbbc648854d1ac86fb4511a80ce6e791eN.exe
1160	Unicorn-63897.exe
2080	Unicorn-61842.exe
2200	Unicorn-3082.exe
2264	Unicorn-23908.exe
2812	Unicorn-50550.exe
2940	Unicorn-38852.exe
2576	Unicorn-36828.exe
952	Unicorn-6284.exe
1640	Unicorn-37373.exe
2104	Unicorn-16207.exe
1272	Unicorn-55769.exe
1864	Unicorn-42033.exe
2896	Unicorn-61634.exe
2928	Unicorn-61899.exe
1700	Unicorn-61899.exe
1556	Unicorn-4748.exe
908	Unicorn-6331.exe
2392	Unicorn-57286.exe
1316	Unicorn-16729.exe
1828	Unicorn-23436.exe
1612	Unicorn-5516.exe
844	Unicorn-25382.exe
1852	Unicorn-39507.exe
1268	Unicorn-62138.exe
1784	Unicorn-24566.exe
1568	Unicorn-44432.exe
2860	Unicorn-44432.exe
1052	Unicorn-28074.exe
1292	Unicorn-4861.exe
1684	Unicorn-39586.exe
1104	Unicorn-40732.exe
628	Unicorn-11951.exe
2216	Unicorn-41094.exe
2088	Unicorn-5821.exe
888	Unicorn-64167.exe
1600	Unicorn-52278.exe
2372	Unicorn-2522.exe
2772	Unicorn-23446.exe
2380	Unicorn-56383.exe
2740	Unicorn-1515.exe
1844	Unicorn-38463.exe
2692	Unicorn-37717.exe
2620	Unicorn-47208.exe
2700	Unicorn-5428.exe
3068	Unicorn-36709.exe
2556	Unicorn-8042.exe
3056	Unicorn-39853.exe
3060	Unicorn-32647.exe
2944	Unicorn-32647.exe
980	Unicorn-10451.exe
2284	Unicorn-45283.exe
2872	Unicorn-13602.exe
1780	Unicorn-24671.exe
2436	Unicorn-22267.exe
1516	Unicorn-44276.exe
1912	Unicorn-54904.exe
2184	Unicorn-36792.exe
2352	Unicorn-50528.exe
2176	Unicorn-56658.exe
2120	Unicorn-56658.exe
3012	Unicorn-56658.exe
1456	Unicorn-43590.exe
3016	Unicorn-55188.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 904 wrote to memory of 1160	904	e8819352702fa72bdcd940a3d6b08f7dbbc648854d1ac86fb4511a80ce6e791eN.exe	29
PID 904 wrote to memory of 1160	904	e8819352702fa72bdcd940a3d6b08f7dbbc648854d1ac86fb4511a80ce6e791eN.exe	29
PID 904 wrote to memory of 1160	904	e8819352702fa72bdcd940a3d6b08f7dbbc648854d1ac86fb4511a80ce6e791eN.exe	29
PID 904 wrote to memory of 1160	904	e8819352702fa72bdcd940a3d6b08f7dbbc648854d1ac86fb4511a80ce6e791eN.exe	29
PID 1160 wrote to memory of 2080	1160	Unicorn-63897.exe	30
PID 1160 wrote to memory of 2080	1160	Unicorn-63897.exe	30
PID 1160 wrote to memory of 2080	1160	Unicorn-63897.exe	30
PID 1160 wrote to memory of 2080	1160	Unicorn-63897.exe	30
PID 904 wrote to memory of 2200	904	e8819352702fa72bdcd940a3d6b08f7dbbc648854d1ac86fb4511a80ce6e791eN.exe	31
PID 904 wrote to memory of 2200	904	e8819352702fa72bdcd940a3d6b08f7dbbc648854d1ac86fb4511a80ce6e791eN.exe	31
PID 904 wrote to memory of 2200	904	e8819352702fa72bdcd940a3d6b08f7dbbc648854d1ac86fb4511a80ce6e791eN.exe	31
PID 904 wrote to memory of 2200	904	e8819352702fa72bdcd940a3d6b08f7dbbc648854d1ac86fb4511a80ce6e791eN.exe	31
PID 2080 wrote to memory of 2812	2080	Unicorn-61842.exe	32
PID 2080 wrote to memory of 2812	2080	Unicorn-61842.exe	32
PID 2080 wrote to memory of 2812	2080	Unicorn-61842.exe	32
PID 2080 wrote to memory of 2812	2080	Unicorn-61842.exe	32
PID 2200 wrote to memory of 2264	2200	Unicorn-3082.exe	33
PID 2200 wrote to memory of 2264	2200	Unicorn-3082.exe	33
PID 2200 wrote to memory of 2264	2200	Unicorn-3082.exe	33
PID 2200 wrote to memory of 2264	2200	Unicorn-3082.exe	33
PID 1160 wrote to memory of 2940	1160	Unicorn-63897.exe	34
PID 1160 wrote to memory of 2940	1160	Unicorn-63897.exe	34
PID 1160 wrote to memory of 2940	1160	Unicorn-63897.exe	34
PID 1160 wrote to memory of 2940	1160	Unicorn-63897.exe	34
PID 904 wrote to memory of 2576	904	e8819352702fa72bdcd940a3d6b08f7dbbc648854d1ac86fb4511a80ce6e791eN.exe	35
PID 904 wrote to memory of 2576	904	e8819352702fa72bdcd940a3d6b08f7dbbc648854d1ac86fb4511a80ce6e791eN.exe	35
PID 904 wrote to memory of 2576	904	e8819352702fa72bdcd940a3d6b08f7dbbc648854d1ac86fb4511a80ce6e791eN.exe	35
PID 904 wrote to memory of 2576	904	e8819352702fa72bdcd940a3d6b08f7dbbc648854d1ac86fb4511a80ce6e791eN.exe	35
PID 2264 wrote to memory of 952	2264	Unicorn-23908.exe	36
PID 2264 wrote to memory of 952	2264	Unicorn-23908.exe	36
PID 2264 wrote to memory of 952	2264	Unicorn-23908.exe	36
PID 2264 wrote to memory of 952	2264	Unicorn-23908.exe	36
PID 2200 wrote to memory of 1640	2200	Unicorn-3082.exe	37
PID 2200 wrote to memory of 1640	2200	Unicorn-3082.exe	37
PID 2200 wrote to memory of 1640	2200	Unicorn-3082.exe	37
PID 2200 wrote to memory of 1640	2200	Unicorn-3082.exe	37
PID 2576 wrote to memory of 2104	2576	Unicorn-36828.exe	38
PID 2576 wrote to memory of 2104	2576	Unicorn-36828.exe	38
PID 2576 wrote to memory of 2104	2576	Unicorn-36828.exe	38
PID 2576 wrote to memory of 2104	2576	Unicorn-36828.exe	38
PID 2940 wrote to memory of 1700	2940	Unicorn-38852.exe	39
PID 2940 wrote to memory of 1700	2940	Unicorn-38852.exe	39
PID 2940 wrote to memory of 1700	2940	Unicorn-38852.exe	39
PID 2940 wrote to memory of 1700	2940	Unicorn-38852.exe	39
PID 904 wrote to memory of 2896	904	e8819352702fa72bdcd940a3d6b08f7dbbc648854d1ac86fb4511a80ce6e791eN.exe	40
PID 904 wrote to memory of 2896	904	e8819352702fa72bdcd940a3d6b08f7dbbc648854d1ac86fb4511a80ce6e791eN.exe	40
PID 904 wrote to memory of 2896	904	e8819352702fa72bdcd940a3d6b08f7dbbc648854d1ac86fb4511a80ce6e791eN.exe	40
PID 904 wrote to memory of 2896	904	e8819352702fa72bdcd940a3d6b08f7dbbc648854d1ac86fb4511a80ce6e791eN.exe	40
PID 1160 wrote to memory of 1272	1160	Unicorn-63897.exe	41
PID 1160 wrote to memory of 1272	1160	Unicorn-63897.exe	41
PID 1160 wrote to memory of 1272	1160	Unicorn-63897.exe	41
PID 1160 wrote to memory of 1272	1160	Unicorn-63897.exe	41
PID 2080 wrote to memory of 1864	2080	Unicorn-61842.exe	43
PID 2080 wrote to memory of 1864	2080	Unicorn-61842.exe	43
PID 2080 wrote to memory of 1864	2080	Unicorn-61842.exe	43
PID 2080 wrote to memory of 1864	2080	Unicorn-61842.exe	43
PID 2812 wrote to memory of 2928	2812	Unicorn-50550.exe	42
PID 2812 wrote to memory of 2928	2812	Unicorn-50550.exe	42
PID 2812 wrote to memory of 2928	2812	Unicorn-50550.exe	42
PID 2812 wrote to memory of 2928	2812	Unicorn-50550.exe	42
PID 952 wrote to memory of 908	952	Unicorn-6284.exe	44
PID 952 wrote to memory of 908	952	Unicorn-6284.exe	44
PID 952 wrote to memory of 908	952	Unicorn-6284.exe	44
PID 952 wrote to memory of 908	952	Unicorn-6284.exe	44

C:\Users\Admin\AppData\Local\Temp\e8819352702fa72bdcd940a3d6b08f7dbbc648854d1ac86fb4511a80ce6e791eN.exe
"C:\Users\Admin\AppData\Local\Temp\e8819352702fa72bdcd940a3d6b08f7dbbc648854d1ac86fb4511a80ce6e791eN.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:904
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63897.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63897.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61842.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61842.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50550.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50550.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61899.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25382.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37717.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3539.exe
        8⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60602.exe
        9⤵
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30809.exe
        9⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27025.exe
        9⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52595.exe
        9⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55620.exe
        8⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43249.exe
        8⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45928.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9159.exe
        8⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61463.exe
        7⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18208.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34583.exe
        7⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29392.exe
        7⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43630.exe
        7⤵
        
        PID:4420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47208.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12029.exe
        7⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46020.exe
        7⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39579.exe
        7⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3010.exe
        7⤵
        
        PID:4404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5899.exe
        6⤵
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-83.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-83.exe
        6⤵
        
        PID:1080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56815.exe
        6⤵
        
        PID:4056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40570.exe
        6⤵
        
        PID:4968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28074.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33005.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5894.exe
        6⤵
        
        PID:1688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4027.exe
        6⤵
        
        PID:3848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23317.exe
        6⤵
        
        PID:3412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11764.exe
        5⤵
        
        PID:2988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56955.exe
        5⤵
        
        PID:3080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44363.exe
        5⤵
        
        PID:3884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23261.exe
        5⤵
        
        PID:5004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42033.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62138.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56658.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12029.exe
        7⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46020.exe
        7⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63699.exe
        7⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31983.exe
        7⤵
        
        PID:3400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62282.exe
        6⤵
        
        PID:2164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40597.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5860.exe
        6⤵
        
        PID:1380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45192.exe
        6⤵
        
        PID:4112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43590.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27318.exe
        6⤵
        
        PID:3224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14520.exe
        6⤵
        
        PID:4776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55868.exe
        5⤵
        
        PID:2092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43883.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7690.exe
        5⤵
        
        PID:3528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48056.exe
        5⤵
        
        PID:4748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4861.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32647.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39528.exe
        6⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55522.exe
        7⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54915.exe
        7⤵
        
        PID:4124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60502.exe
        6⤵
        
        PID:932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48255.exe
        6⤵
        
        PID:3252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23661.exe
        6⤵
        
        PID:5108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19854.exe
        5⤵
        
        PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23854.exe
        5⤵
        
        PID:2204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48255.exe
        5⤵
        
        PID:3256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23847.exe
        5⤵
        
        PID:4104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22267.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22267.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63374.exe
      4⤵
      PID:1712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2760.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2760.exe
      4⤵
      PID:3388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6390.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6390.exe
      4⤵
      PID:3668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2317.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2317.exe
      4⤵
      PID:2336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38852.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38852.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61899.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61899.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44432.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5428.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34490.exe
        7⤵
        
        PID:4280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47395.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23109.exe
        6⤵
        
        PID:3208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5860.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45192.exe
        6⤵
        
        PID:5116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36709.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5894.exe
        6⤵
        
        PID:2292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34754.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54044.exe
        6⤵
        
        PID:4180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28265.exe
        5⤵
        
        PID:1920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-83.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-83.exe
        5⤵
        
        PID:3096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26088.exe
        5⤵
        
        PID:3980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45192.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24566.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24566.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36792.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24199.exe
        6⤵
        
        PID:2476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53757.exe
        6⤵
        
        PID:2496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8364.exe
        6⤵
        
        PID:3488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32891.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43930.exe
        6⤵
        
        PID:4548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44519.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-83.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-83.exe
        5⤵
        
        PID:1064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26088.exe
        5⤵
        
        PID:3896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37508.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8042.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8042.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57701.exe
        5⤵
        
        PID:2732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59755.exe
        5⤵
        
        PID:3160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65480.exe
        5⤵
        
        PID:4076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23317.exe
        5⤵
        
        PID:3428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52138.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52138.exe
      4⤵
      PID:1664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54002.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54002.exe
      4⤵
      PID:2208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29485.exe
      4⤵
      PID:3180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24755.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24755.exe
      4⤵
      PID:3508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4455.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55769.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55769.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1515.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1515.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39528.exe
        5⤵
        
        PID:2424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16151.exe
        6⤵
        
        PID:4324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43970.exe
        5⤵
        
        PID:1744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43249.exe
        5⤵
        
        PID:3792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45928.exe
        5⤵
        
        PID:3272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26564.exe
        5⤵
        
        PID:4380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62946.exe
      4⤵
      PID:1464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9683.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9683.exe
      4⤵
      PID:2752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39908.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39908.exe
      4⤵
      PID:3796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54862.exe
      4⤵
      PID:3684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23661.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39507.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39507.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45283.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12029.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46020.exe
        5⤵
        
        PID:2008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24804.exe
        5⤵
        
        PID:4040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6264.exe
        5⤵
        
        PID:4996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62282.exe
      4⤵
      PID:2532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3456.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3456.exe
      4⤵
      PID:3452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4374.exe
      4⤵
      PID:3916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44460.exe
      4⤵
      PID:4564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13602.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13602.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44235.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44235.exe
      4⤵
      PID:1632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43066.exe
      4⤵
      PID:2824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48821.exe
      4⤵
      PID:3184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32891.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32891.exe
      4⤵
      PID:3540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25455.exe
      4⤵
      PID:4800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26937.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26937.exe
    3⤵
    PID:3036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54532.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54532.exe
    3⤵
    PID:2012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25020.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25020.exe
    3⤵
    PID:3148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63427.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63427.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21794.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21794.exe
    3⤵
    PID:4556
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3082.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3082.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23908.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23908.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6284.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6284.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6331.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11951.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33581.exe
        7⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46767.exe
        7⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50383.exe
        7⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63696.exe
        7⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27394.exe
        7⤵
        
        PID:4620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33943.exe
        6⤵
        
        PID:2488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60310.exe
        6⤵
        
        PID:1816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56248.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14604.exe
        6⤵
        
        PID:4052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2506.exe
        6⤵
        
        PID:4364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41094.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51479.exe
        6⤵
        
        PID:2580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22755.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42708.exe
        6⤵
        
        PID:3804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14525.exe
        6⤵
        
        PID:3676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23317.exe
        6⤵
        
        PID:3312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47295.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19797.exe
        5⤵
        
        PID:1984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18048.exe
        5⤵
        
        PID:3660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45814.exe
        5⤵
        
        PID:3900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3303.exe
        5⤵
        
        PID:4668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4748.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4748.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40732.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37665.exe
        6⤵
        
        PID:2756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52989.exe
        6⤵
        
        PID:1968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50383.exe
        6⤵
        
        PID:4012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-711.exe
        6⤵
        
        PID:3156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23125.exe
        6⤵
        
        PID:4308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29859.exe
        5⤵
        
        PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46112.exe
        5⤵
        
        PID:2420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56248.exe
        5⤵
        
        PID:3972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57583.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14758.exe
        5⤵
        
        PID:4268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5821.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56658.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23058.exe
        6⤵
        
        PID:5012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42132.exe
        5⤵
        
        PID:776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20341.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20909.exe
        5⤵
        
        PID:1440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8920.exe
        5⤵
        
        PID:4632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40441.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40441.exe
      4⤵
      PID:1544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42045.exe
        5⤵
        
        PID:1108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37384.exe
        5⤵
        
        PID:3636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1278.exe
        5⤵
        
        PID:3960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36238.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36238.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43792.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43792.exe
      4⤵
      PID:3404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65446.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65446.exe
      4⤵
      PID:3624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21678.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21678.exe
      4⤵
      PID:4540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37373.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37373.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57286.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64167.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12029.exe
        6⤵
        
        PID:2696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46020.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59615.exe
        6⤵
        
        PID:4068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31983.exe
        6⤵
        
        PID:3544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62282.exe
        5⤵
        
        PID:2340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27961.exe
        5⤵
        
        PID:3340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5860.exe
        5⤵
        
        PID:2992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6782.exe
        5⤵
        
        PID:3940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52278.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52278.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64608.exe
        5⤵
        
        PID:2500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32101.exe
        5⤵
        
        PID:2148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43249.exe
        5⤵
        
        PID:3784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50280.exe
        5⤵
        
        PID:3496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30169.exe
        5⤵
        
        PID:4660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2562.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2562.exe
      4⤵
      PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59860.exe
        5⤵
        
        PID:2680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61889.exe
        6⤵
        
        PID:1324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28972.exe
        6⤵
        
        PID:3812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8660.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31983.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46492.exe
        5⤵
        
        PID:1532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43249.exe
        5⤵
        
        PID:3764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45928.exe
        5⤵
        
        PID:3268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1585.exe
        5⤵
        
        PID:4172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57732.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57732.exe
      4⤵
      PID:2956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5289.exe
      4⤵
      PID:3572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24460.exe
      4⤵
      PID:3176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13858.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13858.exe
      4⤵
      PID:4928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16729.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16729.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2522.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2522.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12693.exe
        5⤵
        
        PID:2472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29985.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50898.exe
        6⤵
        
        PID:3284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23317.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19657.exe
        5⤵
        
        PID:2788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8089.exe
        5⤵
        
        PID:3564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28925.exe
        5⤵
        
        PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40724.exe
        5⤵
        
        PID:4916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65163.exe
      4⤵
      PID:1580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23854.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23854.exe
      4⤵
      PID:872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48573.exe
      4⤵
      PID:3820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5860.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5860.exe
      4⤵
      PID:3552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45192.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23446.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23446.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4800.exe
      4⤵
      PID:2916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32376.exe
      4⤵
      PID:2228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50383.exe
      4⤵
      PID:3948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23270.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23270.exe
      4⤵
      PID:4064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23125.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23125.exe
      4⤵
      PID:4348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35304.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35304.exe
    3⤵
    PID:2864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37466.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37466.exe
    3⤵
    PID:2332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46551.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46551.exe
    3⤵
    PID:3216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3225.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3225.exe
    3⤵
    PID:3500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17594.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17594.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4516
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36828.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36828.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16207.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16207.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23436.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23436.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56383.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24671.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23141.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45837.exe
        6⤵
        
        PID:2468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25697.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54574.exe
        6⤵
        
        PID:4164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44276.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15454.exe
        6⤵
        
        PID:1728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42874.exe
        6⤵
        
        PID:940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11872.exe
        6⤵
        
        PID:3288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8164.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11598.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27606.exe
        5⤵
        
        PID:1328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8516.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50732.exe
        6⤵
        
        PID:3844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21841.exe
        6⤵
        
        PID:4388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62475.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9072.exe
        5⤵
        
        PID:3308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7690.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25986.exe
        5⤵
        
        PID:4784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38463.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38463.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54904.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45837.exe
        5⤵
        
        PID:2452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64034.exe
        5⤵
        
        PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22929.exe
        5⤵
        
        PID:4508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50528.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61733.exe
      4⤵
      PID:1856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19295.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19295.exe
      4⤵
      PID:3368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54862.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58471.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58471.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5516.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5516.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56658.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56658.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25600.exe
        5⤵
        
        PID:2816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1837.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60383.exe
        5⤵
        
        PID:4036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1064.exe
        5⤵
        
        PID:4288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45837.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45837.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60508.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60508.exe
      4⤵
      PID:3204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23661.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55188.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55188.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26622.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26622.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60328.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60328.exe
    3⤵
    PID:3440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21439.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21439.exe
    3⤵
    PID:3724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47433.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47433.exe
    3⤵
    PID:4532
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61634.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61634.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44432.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44432.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41452.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41452.exe
      4⤵
      Executes dropped EXE
      PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17245.exe
        5⤵
        
        PID:2584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62527.exe
        5⤵
        
        PID:1540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43249.exe
        5⤵
        
        PID:3728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50280.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30169.exe
        5⤵
        
        PID:4600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43787.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43787.exe
      4⤵
      PID:2888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16590.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16590.exe
      4⤵
      PID:2144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18048.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18048.exe
      4⤵
      PID:3732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46458.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46458.exe
      4⤵
      PID:3232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22099.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10451.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10451.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13825.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13825.exe
      4⤵
      PID:3376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32164.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32164.exe
      4⤵
      PID:4400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21057.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21057.exe
    3⤵
    PID:1008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27961.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27961.exe
    3⤵
    PID:3352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5860.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5860.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6782.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6782.exe
    3⤵
    PID:3556
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39586.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39586.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32647.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32647.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1723.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1723.exe
      4⤵
      PID:1624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46020.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46020.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63699.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63699.exe
      4⤵
      PID:3872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31983.exe
      4⤵
      PID:3476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39994.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39994.exe
    3⤵
    PID:944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17967.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17967.exe
      4⤵
      PID:3276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58468.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58468.exe
    3⤵
    PID:3300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20909.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20909.exe
    3⤵
    PID:3768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8920.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8920.exe
    3⤵
    PID:4604
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39853.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39853.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65210.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65210.exe
    3⤵
    PID:2964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6098.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6098.exe
      4⤵
      PID:3536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13051.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13051.exe
    3⤵
    PID:2784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63128.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63128.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20909.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20909.exe
    3⤵
    PID:3836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4050.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4050.exe
    3⤵
    PID:4760
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63608.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63608.exe
  2⤵
  PID:2100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7810.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7810.exe
    3⤵
    PID:616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37384.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37384.exe
    3⤵
    PID:3640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54593.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54593.exe
    3⤵
    PID:3692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43100.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43100.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4436
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23406.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23406.exe
  2⤵
  PID:2632
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58496.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58496.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3360
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49261.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49261.exe
  2⤵
  PID:3608
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38983.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38983.exe
  2⤵
  PID:3140

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11872.exe

Filesize
468KB

MD5
0575bb90e5c67ecfb61ca297492f67f5

SHA1
bfc146fa0df080c337ce6dc8c9b87f0ac4d8f3d6

SHA256
68f1d75a0ada854e9bbc594f9a56ffc9f7fda6ee45e528f256fce1738c19c71b

SHA512
9a0684bd4d8b86121602905f3519235b02ec9db4e80974384b740f213a6a06d6e58570093c4845a070dad49ff84c43f878d3bc0cccd2c3a4c121d1cb83f8ff7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23908.exe

Filesize
468KB

MD5
2f27985914c9acd09b3b87cad83aab07

SHA1
9e71e5e6c6418fea1cdac9ab383cc5eac3af81f2

SHA256
643140a04e923c6526ceeb88ceea4f97acb06887728cd7b27a79d0947981e4df

SHA512
2b603a5c5b8955d2eb3e5750c7b2887b0db23b614199564445c6f2a13399b06f21e63931f04b611aac150f95dd7cbc191e89b8edb49dcbe64ad09847808bf84b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28265.exe

Filesize
468KB

MD5
67f3ddcf84fe26c2dcf0dca45fd315ff

SHA1
0636883206409e028b655ee85fcd6541582de6b2

SHA256
7c3408e26513ed244a6916541204d9449508850c6ecc33f9c7454e6ad3eb4323

SHA512
79e1f207c08d29c34f2d2265be6e2d2a1ff3c7592d3cf2e7c6418d42f2bc61ef76a2cdc85b5621f45678d4947053a7abc319a1f672ffe7939189e6500ed1c059

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6284.exe

Filesize
468KB

MD5
809d33cb09eec377275e319b573ef464

SHA1
a85d4ed5e5d10663e6e656b73728656cb45721e4

SHA256
f5922cfb8f24a8f39535ab8e1819d1ed6b1dc5242c2609ba1b381cd96bdf951d

SHA512
7111bfb95a07b354e9e19b8b93a75dd8328c8ab27aaf324c328882d4cd44f7010a7875fef7f50ee9a1597f375be5e394d64caf626d1eded2671cf12033a6b417

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16207.exe

Filesize
468KB

MD5
add60977738f009e2fde9b39582fa3ef

SHA1
4845c26236db1ff768fb9e125a2598e4b61a9e11

SHA256
fc53a4471826278af67e2b1572867993075e773aca206aa183a7cc49450915bd

SHA512
9a3c46239eb298c973e5b16af43fafc8e80d84d371efa7d41d04cb0ab610b947f7395abd68a88d31e63e8ddd27182abeacfe4ff9c97573a793636657c7c30d2b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3082.exe

Filesize
468KB

MD5
cedb4028423d8d8a384befcfb11b06e6

SHA1
db5b74993d65e3bb66018b4d263f7bdc1cbcabfa

SHA256
1d276dab48f7616d8e4b8841571e7f0d2ec09d967cff4990cbd426b8abba9164

SHA512
051c4056116f29da589be215114386a6eb6b09bb6cada5f794900c2841702a98e57c220a63bcea800e42cad941cc77de77cff6522f4716be47c228116acaae50

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36828.exe

Filesize
468KB

MD5
c001161fee2f0f3b53b464d472de3dc2

SHA1
be6d6b0421733753714983c513a71e10b817f2e2

SHA256
27c96cb9683f774c4f0331f9c3af1a94c187addf65cfb6f910112facf232fa34

SHA512
5600d79469d333c0b2b0fda1ee2bb6fb0ccc9fcf05ba1a47a01c40ba55f1761ad2c1f79f67bc8f852820538ca23aded0e024e9cd086735e960a3ebec4a3f57e0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37373.exe

Filesize
468KB

MD5
6a07e460254774e286295dce0a1e2bde

SHA1
b1f95d155dbd48b2ba54374811fc87112ebac83b

SHA256
d2afef6217644de4f52d88ad1bb2a50a7dba7322d222eb94b4d2345e8eea787b

SHA512
9496b64039c3cf4bf50e20650e485a53c0b95bba976ef2be4192653d7f61f6caa58ce0084700b107a0f9b0a969ccb5ca6abd7517b0c7d7e82bbed7337010947e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38852.exe

Filesize
468KB

MD5
ed13a50eec23c5222d1f03936139fc72

SHA1
4271519c0ac10239ff5a05472dc76f2087b047fb

SHA256
648469079030ac1109648d338d3e7570f2a65d98c1d0c0337657af6c17598b6f

SHA512
d6b0c7b8bed58ae2008da45dbad88407c832b399784f0e459d689efc2abe9015a29022125040eced468939aa272f069d98e328fee269ca74ce618f8e8d263652

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42033.exe

Filesize
468KB

MD5
3bd68422c5546d4a550c432eccc1b98b

SHA1
e76c4f5c0f281e14f4b7a365d6ace9f63c769404

SHA256
a813687116360d734d707f9a08f019ee15dc43eb634ab0539ab5cb0b4c77e0dc

SHA512
7dd566b52f42f3f1f42d8118b62147ad1a06ed7f8725cdd9a9507355d4801f1b30b26012aae4a57015d0b469691906a21293afe175f02a9811f54c4acd74851b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4748.exe

Filesize
468KB

MD5
7684b8d61d9545aa58e6e4b88f0e7500

SHA1
d9cbf5d5e323675bf27c069d43bc1d20ad156db7

SHA256
25df2b9e8e3021c9ac14263eb0d70827a9ee636810d07510cf87a203a6cb46a0

SHA512
9459dd9707246383a67836330a4e39e6d32c34af16bcd5e2279772aa693d3424a0c3955b306587ab2ff1c911abbe70e4fcde92301beff64e3f6f96673627d6e9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50550.exe

Filesize
468KB

MD5
32e3a4e466ed48658f4cada7d4999a0f

SHA1
1b84cde27533194470b482e35c5c74829627fe24

SHA256
9f605198bd1ecc17f1652842753210c18992a6ce8b848377947487f3679828c6

SHA512
2cc45af1c900204ee6791bb9c2ef0bc15ce8f10161acdedb87d50f1555b8edb9e5b3bb54296133b7e582b5b3d7b51b5340d90dab88395c2a9eaa6745405b129a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55769.exe

Filesize
468KB

MD5
207d0b6cdb79d071bd100f3e11b7582a

SHA1
9245da853a503f2f1c2aa616e9acceab8ae142ba

SHA256
5949296e2d620262d47cf9b1acb832d2ab3e840c6be0ebd9ec9c02b20fe98346

SHA512
a00754ca81f805c642339cacdceb861f833df65b176794294979ac1cd8e90f5a93ff5c38c938398c1c90658e35e83837e3e7393833c61052b33c9461aa5d64a0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57286.exe

Filesize
468KB

MD5
fb2fc8765dd38966582a0dfa4a48d0ed

SHA1
2da35662f90291d39e8c0a07376349c6f8e7ff77

SHA256
3de35654662ad3ee40f710dfe94e9d8c362cb6574ae8aa0cfcd255f0e14fced5

SHA512
8e8e86842d477611d647c5512d42a65dfb8a61a9f9a3102383c605f108374a047dfb0636874a534df38cdb828f53827a0f5c2b86d45bf03525bd4c53d1ebb5bd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61634.exe

Filesize
468KB

MD5
07c825646edf1fcc6c05402beca901e7

SHA1
56e2b8efd471077641bb210008c2c730c913bff8

SHA256
468e0e094b8ef28576d14a63cc5246080b3f019e1f0f72838512520cc6df22b0

SHA512
e6d1db069b5d6743abd3d54706307951760377524fb11bd82188b6f1c2bd7203f33f234d51de8f939f88cd2be60c4a9bb0f0d6deea50b0bfde85ef7c4a53f3cf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61842.exe

Filesize
468KB

MD5
325b6ba5ea16ca2f337ba641837044f1

SHA1
3551e767f27fda91f77a6faff42092e6867cf693

SHA256
87638ba91e9e6b32c4ce84a1124cb7ab26fa43104cee3fa86c2f100ef3126875

SHA512
c5c93741d3448ac4ad4a756f56ad48fd4fd487bacdba35a88a052e384c3f93b95673fdb8232eba32ca8a32753aa5773cc45dd3b65b9aa76683a619480af72ad5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61899.exe

Filesize
468KB

MD5
f8a2e60d779202164d9c377b1c6faaf3

SHA1
cd2eed0431afa2393120bc23d75efc25a1024cce

SHA256
d4dea83e3838074715002bdc3d9ec56f2cb9fdc385d8857a57f2fea77928dcb6

SHA512
7b4f877867786ac9bf373e1f2535449b67e20d0a673bf37a9e2f6670e799f83efcb81280f889a5afedcf744d6f33de0f149665f58421100bae7f36bc74522171

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6331.exe

Filesize
468KB

MD5
ce179ee0d7a01ea99c768d1683636f08

SHA1
6a092ca5434e1524a5cfb4defc491182b15a5221

SHA256
51f7ff6fdcfc0781828e00fca1425191a37e2b503ff8b6aaa24b527b82a224d2

SHA512
c4652e4ab8404c60677cff6471f2b572fcac0dd433b8c62decf6aaa62e7bb0ee6c65a3827211c73afac22327d9cc57fcd7878610bbd93796b16e6a6e076ddd6d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63897.exe

Filesize
468KB

MD5
a2b4d834119e14b3dcb33443cb3e03d6

SHA1
878693c8615e84f65839bc73f61168dc830cd92b

SHA256
b16dd206a96dd1c2b35778d21c44dd2ca2ad72cf1ed9b94bd30772a36981cfaf

SHA512
50c4061d71e5739c0ebe94149509cd996ec64e67ea69ad16a4d3bca5067b70c91b7151635c10279f301699fe51eccb1802bc473f380c861d82cece17ab11838b

Download Submit