1205d4771bf05d9d27057cf651026cfe50138e0ee928800a29a0700e968fd646

Analysis

max time kernel
120s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28/09/2024, 14:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1205d4771bf05d9d27057cf651026cfe50138e0ee928800a29a0700e968fd646N.exe
Size

468KB
MD5

6230e0e108ed00028093aeb92bb09360
SHA1

e6e9d368c2a1516bb0c0d4382938aa7c5b8b9464
SHA256

1205d4771bf05d9d27057cf651026cfe50138e0ee928800a29a0700e968fd646
SHA512

67e3615afa0e292ab9706e0465125c3b5e9f6d9a01fa1a65516ceec67c72445d6c468fbf99dc0e79cd71903988a1a3341744eaeeb33e6b21e9f8853a3ec553d8
SSDEEP

3072:sbuuorldIE3YtbY2PzcIffT/ECXZ4umWnsHCOVhD/ayaPSE7tQlv:sb3oQeYtBP4IffohOk/aR6E7t

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2168	Unicorn-56702.exe
2916	Unicorn-23620.exe
2932	Unicorn-24174.exe
2712	Unicorn-49359.exe
2352	Unicorn-2580.exe
2692	Unicorn-29131.exe
2468	Unicorn-41937.exe
2008	Unicorn-30330.exe
1112	Unicorn-27952.exe
964	Unicorn-60817.exe
2344	Unicorn-14076.exe
968	Unicorn-5067.exe
2588	Unicorn-64739.exe
1908	Unicorn-19588.exe
1812	Unicorn-60428.exe
1744	Unicorn-40562.exe
2272	Unicorn-44071.exe
2544	Unicorn-38538.exe
1964	Unicorn-44860.exe
1456	Unicorn-53583.exe
2196	Unicorn-3827.exe
1784	Unicorn-42430.exe
816	Unicorn-44476.exe
2500	Unicorn-3490.exe
1808	Unicorn-3225.exe
1060	Unicorn-28301.exe
1616	Unicorn-28571.exe
2056	Unicorn-48097.exe
1200	Unicorn-62395.exe
2124	Unicorn-26001.exe
1196	Unicorn-45867.exe
2628	Unicorn-27676.exe
1592	Unicorn-53843.exe
2804	Unicorn-24932.exe
2832	Unicorn-11933.exe
2188	Unicorn-13448.exe
2892	Unicorn-58202.exe
2688	Unicorn-4341.exe
2748	Unicorn-55772.exe
1624	Unicorn-62457.exe
2732	Unicorn-29038.exe
1980	Unicorn-62597.exe
1960	Unicorn-9577.exe
2140	Unicorn-54886.exe
1676	Unicorn-45956.exe
2744	Unicorn-18108.exe
2976	Unicorn-46142.exe
2664	Unicorn-9748.exe
1488	Unicorn-46069.exe
2992	Unicorn-46334.exe
2556	Unicorn-46225.exe
1416	Unicorn-20759.exe
2092	Unicorn-38803.exe
2104	Unicorn-17061.exe
2088	Unicorn-42503.exe
972	Unicorn-62369.exe
1944	Unicorn-5000.exe
1716	Unicorn-34911.exe
1496	Unicorn-54512.exe
1536	Unicorn-50885.exe
2244	Unicorn-19727.exe
956	Unicorn-19173.exe
532	Unicorn-5467.exe
708	Unicorn-26442.exe

Loads dropped DLL 64 IoCs

pid	Process
1120	1205d4771bf05d9d27057cf651026cfe50138e0ee928800a29a0700e968fd646N.exe
1120	1205d4771bf05d9d27057cf651026cfe50138e0ee928800a29a0700e968fd646N.exe
2168	Unicorn-56702.exe
1120	1205d4771bf05d9d27057cf651026cfe50138e0ee928800a29a0700e968fd646N.exe
2168	Unicorn-56702.exe
1120	1205d4771bf05d9d27057cf651026cfe50138e0ee928800a29a0700e968fd646N.exe
2932	Unicorn-24174.exe
2932	Unicorn-24174.exe
1120	1205d4771bf05d9d27057cf651026cfe50138e0ee928800a29a0700e968fd646N.exe
1120	1205d4771bf05d9d27057cf651026cfe50138e0ee928800a29a0700e968fd646N.exe
2916	Unicorn-23620.exe
2916	Unicorn-23620.exe
2168	Unicorn-56702.exe
2168	Unicorn-56702.exe
2712	Unicorn-49359.exe
2932	Unicorn-24174.exe
2712	Unicorn-49359.exe
2932	Unicorn-24174.exe
2916	Unicorn-23620.exe
2916	Unicorn-23620.exe
2468	Unicorn-41937.exe
2468	Unicorn-41937.exe
2608	WerFault.exe
2608	WerFault.exe
2608	WerFault.exe
2608	WerFault.exe
1120	1205d4771bf05d9d27057cf651026cfe50138e0ee928800a29a0700e968fd646N.exe
2168	Unicorn-56702.exe
1120	1205d4771bf05d9d27057cf651026cfe50138e0ee928800a29a0700e968fd646N.exe
2168	Unicorn-56702.exe
2608	WerFault.exe
2008	Unicorn-30330.exe
2008	Unicorn-30330.exe
2352	Unicorn-2580.exe
1112	Unicorn-27952.exe
1112	Unicorn-27952.exe
2352	Unicorn-2580.exe
2712	Unicorn-49359.exe
2712	Unicorn-49359.exe
2932	Unicorn-24174.exe
2932	Unicorn-24174.exe
2344	Unicorn-14076.exe
2344	Unicorn-14076.exe
2468	Unicorn-41937.exe
2468	Unicorn-41937.exe
964	Unicorn-60817.exe
964	Unicorn-60817.exe
2916	Unicorn-23620.exe
2916	Unicorn-23620.exe
2588	Unicorn-64739.exe
2588	Unicorn-64739.exe
968	Unicorn-5067.exe
968	Unicorn-5067.exe
2168	Unicorn-56702.exe
2168	Unicorn-56702.exe
1120	1205d4771bf05d9d27057cf651026cfe50138e0ee928800a29a0700e968fd646N.exe
1120	1205d4771bf05d9d27057cf651026cfe50138e0ee928800a29a0700e968fd646N.exe
1744	Unicorn-40562.exe
1744	Unicorn-40562.exe
2352	Unicorn-2580.exe
2352	Unicorn-2580.exe
1812	Unicorn-60428.exe
1812	Unicorn-60428.exe
1112	Unicorn-27952.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2608	2692	WerFault.exe	34

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4341.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49681.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16622.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64176.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3827.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13665.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28455.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19789.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24174.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3490.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11465.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56665.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11370.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52627.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31575.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60494.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17787.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17596.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20531.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9870.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28455.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10794.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36534.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54512.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33919.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35696.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22589.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25942.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13505.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52041.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18108.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34748.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20184.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8665.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63267.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1196.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28645.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3254.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22589.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42399.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42430.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52468.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34304.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3776.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64739.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14780.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61794.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36571.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12538.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19639.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53843.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63303.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31119.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11465.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33733.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53583.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62395.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57622.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17596.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18261.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36571.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28455.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42224.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26840.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1120	1205d4771bf05d9d27057cf651026cfe50138e0ee928800a29a0700e968fd646N.exe
2168	Unicorn-56702.exe
2932	Unicorn-24174.exe
2916	Unicorn-23620.exe
2712	Unicorn-49359.exe
2352	Unicorn-2580.exe
2692	Unicorn-29131.exe
2468	Unicorn-41937.exe
1112	Unicorn-27952.exe
2008	Unicorn-30330.exe
968	Unicorn-5067.exe
964	Unicorn-60817.exe
2588	Unicorn-64739.exe
2344	Unicorn-14076.exe
1908	Unicorn-19588.exe
1744	Unicorn-40562.exe
1812	Unicorn-60428.exe
2272	Unicorn-44071.exe
1964	Unicorn-44860.exe
2544	Unicorn-38538.exe
2196	Unicorn-3827.exe
1456	Unicorn-53583.exe
1784	Unicorn-42430.exe
816	Unicorn-44476.exe
2500	Unicorn-3490.exe
1808	Unicorn-3225.exe
1060	Unicorn-28301.exe
1616	Unicorn-28571.exe
2056	Unicorn-48097.exe
2124	Unicorn-26001.exe
1200	Unicorn-62395.exe
1196	Unicorn-45867.exe
2628	Unicorn-27676.exe
1592	Unicorn-53843.exe
2804	Unicorn-24932.exe
2892	Unicorn-58202.exe
2832	Unicorn-11933.exe
2188	Unicorn-13448.exe
2688	Unicorn-4341.exe
2748	Unicorn-55772.exe
1624	Unicorn-62457.exe
2732	Unicorn-29038.exe
1960	Unicorn-9577.exe
1980	Unicorn-62597.exe
1676	Unicorn-45956.exe
2140	Unicorn-54886.exe
2744	Unicorn-18108.exe
1488	Unicorn-46069.exe
2992	Unicorn-46334.exe
2664	Unicorn-9748.exe
2976	Unicorn-46142.exe
1416	Unicorn-20759.exe
2556	Unicorn-46225.exe
2092	Unicorn-38803.exe
2104	Unicorn-17061.exe
2088	Unicorn-42503.exe
972	Unicorn-62369.exe
1944	Unicorn-5000.exe
1716	Unicorn-34911.exe
1496	Unicorn-54512.exe
2244	Unicorn-19727.exe
1536	Unicorn-50885.exe
956	Unicorn-19173.exe
532	Unicorn-5467.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1120 wrote to memory of 2168	1120	1205d4771bf05d9d27057cf651026cfe50138e0ee928800a29a0700e968fd646N.exe	29
PID 1120 wrote to memory of 2168	1120	1205d4771bf05d9d27057cf651026cfe50138e0ee928800a29a0700e968fd646N.exe	29
PID 1120 wrote to memory of 2168	1120	1205d4771bf05d9d27057cf651026cfe50138e0ee928800a29a0700e968fd646N.exe	29
PID 1120 wrote to memory of 2168	1120	1205d4771bf05d9d27057cf651026cfe50138e0ee928800a29a0700e968fd646N.exe	29
PID 2168 wrote to memory of 2916	2168	Unicorn-56702.exe	30
PID 2168 wrote to memory of 2916	2168	Unicorn-56702.exe	30
PID 2168 wrote to memory of 2916	2168	Unicorn-56702.exe	30
PID 2168 wrote to memory of 2916	2168	Unicorn-56702.exe	30
PID 1120 wrote to memory of 2932	1120	1205d4771bf05d9d27057cf651026cfe50138e0ee928800a29a0700e968fd646N.exe	31
PID 1120 wrote to memory of 2932	1120	1205d4771bf05d9d27057cf651026cfe50138e0ee928800a29a0700e968fd646N.exe	31
PID 1120 wrote to memory of 2932	1120	1205d4771bf05d9d27057cf651026cfe50138e0ee928800a29a0700e968fd646N.exe	31
PID 1120 wrote to memory of 2932	1120	1205d4771bf05d9d27057cf651026cfe50138e0ee928800a29a0700e968fd646N.exe	31
PID 2932 wrote to memory of 2712	2932	Unicorn-24174.exe	32
PID 2932 wrote to memory of 2712	2932	Unicorn-24174.exe	32
PID 2932 wrote to memory of 2712	2932	Unicorn-24174.exe	32
PID 2932 wrote to memory of 2712	2932	Unicorn-24174.exe	32
PID 1120 wrote to memory of 2352	1120	1205d4771bf05d9d27057cf651026cfe50138e0ee928800a29a0700e968fd646N.exe	33
PID 1120 wrote to memory of 2352	1120	1205d4771bf05d9d27057cf651026cfe50138e0ee928800a29a0700e968fd646N.exe	33
PID 1120 wrote to memory of 2352	1120	1205d4771bf05d9d27057cf651026cfe50138e0ee928800a29a0700e968fd646N.exe	33
PID 1120 wrote to memory of 2352	1120	1205d4771bf05d9d27057cf651026cfe50138e0ee928800a29a0700e968fd646N.exe	33
PID 2916 wrote to memory of 2692	2916	Unicorn-23620.exe	34
PID 2916 wrote to memory of 2692	2916	Unicorn-23620.exe	34
PID 2916 wrote to memory of 2692	2916	Unicorn-23620.exe	34
PID 2916 wrote to memory of 2692	2916	Unicorn-23620.exe	34
PID 2168 wrote to memory of 2468	2168	Unicorn-56702.exe	35
PID 2168 wrote to memory of 2468	2168	Unicorn-56702.exe	35
PID 2168 wrote to memory of 2468	2168	Unicorn-56702.exe	35
PID 2168 wrote to memory of 2468	2168	Unicorn-56702.exe	35
PID 2712 wrote to memory of 2008	2712	Unicorn-49359.exe	36
PID 2712 wrote to memory of 2008	2712	Unicorn-49359.exe	36
PID 2712 wrote to memory of 2008	2712	Unicorn-49359.exe	36
PID 2712 wrote to memory of 2008	2712	Unicorn-49359.exe	36
PID 2932 wrote to memory of 1112	2932	Unicorn-24174.exe	37
PID 2932 wrote to memory of 1112	2932	Unicorn-24174.exe	37
PID 2932 wrote to memory of 1112	2932	Unicorn-24174.exe	37
PID 2932 wrote to memory of 1112	2932	Unicorn-24174.exe	37
PID 2692 wrote to memory of 2608	2692	Unicorn-29131.exe	38
PID 2692 wrote to memory of 2608	2692	Unicorn-29131.exe	38
PID 2692 wrote to memory of 2608	2692	Unicorn-29131.exe	38
PID 2692 wrote to memory of 2608	2692	Unicorn-29131.exe	38
PID 2916 wrote to memory of 964	2916	Unicorn-23620.exe	39
PID 2916 wrote to memory of 964	2916	Unicorn-23620.exe	39
PID 2916 wrote to memory of 964	2916	Unicorn-23620.exe	39
PID 2916 wrote to memory of 964	2916	Unicorn-23620.exe	39
PID 2468 wrote to memory of 2344	2468	Unicorn-41937.exe	40
PID 2468 wrote to memory of 2344	2468	Unicorn-41937.exe	40
PID 2468 wrote to memory of 2344	2468	Unicorn-41937.exe	40
PID 2468 wrote to memory of 2344	2468	Unicorn-41937.exe	40
PID 1120 wrote to memory of 968	1120	1205d4771bf05d9d27057cf651026cfe50138e0ee928800a29a0700e968fd646N.exe	41
PID 1120 wrote to memory of 968	1120	1205d4771bf05d9d27057cf651026cfe50138e0ee928800a29a0700e968fd646N.exe	41
PID 1120 wrote to memory of 968	1120	1205d4771bf05d9d27057cf651026cfe50138e0ee928800a29a0700e968fd646N.exe	41
PID 1120 wrote to memory of 968	1120	1205d4771bf05d9d27057cf651026cfe50138e0ee928800a29a0700e968fd646N.exe	41
PID 2168 wrote to memory of 2588	2168	Unicorn-56702.exe	42
PID 2168 wrote to memory of 2588	2168	Unicorn-56702.exe	42
PID 2168 wrote to memory of 2588	2168	Unicorn-56702.exe	42
PID 2168 wrote to memory of 2588	2168	Unicorn-56702.exe	42
PID 2008 wrote to memory of 1908	2008	Unicorn-30330.exe	43
PID 2008 wrote to memory of 1908	2008	Unicorn-30330.exe	43
PID 2008 wrote to memory of 1908	2008	Unicorn-30330.exe	43
PID 2008 wrote to memory of 1908	2008	Unicorn-30330.exe	43
PID 1112 wrote to memory of 1812	1112	Unicorn-27952.exe	45
PID 1112 wrote to memory of 1812	1112	Unicorn-27952.exe	45
PID 1112 wrote to memory of 1812	1112	Unicorn-27952.exe	45
PID 1112 wrote to memory of 1812	1112	Unicorn-27952.exe	45

C:\Users\Admin\AppData\Local\Temp\1205d4771bf05d9d27057cf651026cfe50138e0ee928800a29a0700e968fd646N.exe
"C:\Users\Admin\AppData\Local\Temp\1205d4771bf05d9d27057cf651026cfe50138e0ee928800a29a0700e968fd646N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1120
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56702.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56702.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23620.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23620.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29131.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29131.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2692
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60817.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60817.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3827.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4341.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41150.exe
        7⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63267.exe
        7⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20477.exe
        7⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1750.exe
        7⤵
        
        PID:4212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57657.exe
        6⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20184.exe
        7⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19000.exe
        7⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28455.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58622.exe
        7⤵
        
        PID:4160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8289.exe
        6⤵
        
        PID:2032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26397.exe
        6⤵
        
        PID:3364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58441.exe
        6⤵
        
        PID:1736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5079.exe
        6⤵
        
        PID:4964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62457.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16048.exe
        6⤵
        
        PID:2328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55369.exe
        6⤵
        
        PID:3172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21761.exe
        6⤵
        
        PID:3388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42086.exe
        6⤵
        
        PID:4928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3552.exe
        5⤵
        
        PID:996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17596.exe
        6⤵
        
        PID:588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31583.exe
        6⤵
        
        PID:3488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52041.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8665.exe
        5⤵
        
        PID:2640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31612.exe
        5⤵
        
        PID:3752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37621.exe
        5⤵
        
        PID:4900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42430.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29038.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8477.exe
        6⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52302.exe
        7⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5265.exe
        7⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22589.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51143.exe
        7⤵
        
        PID:4484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23884.exe
        6⤵
        
        PID:1988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36571.exe
        6⤵
        
        PID:3216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25942.exe
        6⤵
        
        PID:4540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34304.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55369.exe
        5⤵
        
        PID:3164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3529.exe
        5⤵
        
        PID:2308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23163.exe
        5⤵
        
        PID:4284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62597.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62597.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51420.exe
        5⤵
        
        PID:2316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52627.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36534.exe
        5⤵
        
        PID:4908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57622.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57622.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1196.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1196.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40288.exe
      4⤵
      PID:3508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36261.exe
      4⤵
      PID:1164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41937.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41937.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14076.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14076.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44860.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11933.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3542.exe
        7⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63267.exe
        7⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49834.exe
        7⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42224.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62618.exe
        6⤵
        
        PID:2108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11465.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36571.exe
        6⤵
        
        PID:3160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25942.exe
        6⤵
        
        PID:4532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13448.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52468.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1304.exe
        7⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19036.exe
        7⤵
        
        PID:4328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15955.exe
        6⤵
        
        PID:3888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31081.exe
        6⤵
        
        PID:3476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42086.exe
        6⤵
        
        PID:4916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49737.exe
        5⤵
        
        PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17330.exe
        5⤵
        
        PID:2560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27905.exe
        5⤵
        
        PID:3412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33688.exe
        5⤵
        
        PID:4392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53583.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53583.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58202.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50885.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17596.exe
        7⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52004.exe
        7⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44043.exe
        7⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17360.exe
        7⤵
        
        PID:4788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20184.exe
        6⤵
        
        PID:1068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19000.exe
        6⤵
        
        PID:4044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28455.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33733.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19727.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20184.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19000.exe
        6⤵
        
        PID:4052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28455.exe
        6⤵
        
        PID:3472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26840.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44086.exe
        5⤵
        
        PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26397.exe
        5⤵
        
        PID:3304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        5⤵
        
        PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55922.exe
        5⤵
        
        PID:4588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55772.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55772.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19173.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40050.exe
        6⤵
        
        PID:1708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30705.exe
        6⤵
        
        PID:3264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60494.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17257.exe
        6⤵
        
        PID:4260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20184.exe
        5⤵
        
        PID:2228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36571.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30502.exe
        5⤵
        
        PID:4792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63303.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63303.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2804.exe
        5⤵
        
        PID:4580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31119.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31119.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65202.exe
      4⤵
      PID:3988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20319.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20319.exe
      4⤵
      PID:3852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17040.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17040.exe
      4⤵
      PID:4136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64739.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64739.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44476.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26442.exe
        5⤵
        Executes dropped EXE
        
        PID:708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17596.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61672.exe
        6⤵
        
        PID:3792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61422.exe
        6⤵
        
        PID:4936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33919.exe
        5⤵
        
        PID:1428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27905.exe
        5⤵
        
        PID:3420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43008.exe
        5⤵
        
        PID:4604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9748.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9748.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43558.exe
        5⤵
        
        PID:1076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5265.exe
        5⤵
        
        PID:4004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22589.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22363.exe
        5⤵
        
        PID:4652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4205.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4205.exe
      4⤵
      PID:1160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26397.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26397.exe
      4⤵
      PID:3380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44753.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44753.exe
      4⤵
      PID:3504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63127.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63127.exe
      4⤵
      PID:3960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3225.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3225.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9577.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29666.exe
        5⤵
        
        PID:2880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49504.exe
        5⤵
        
        PID:3192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34511.exe
        5⤵
        
        PID:1244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58622.exe
        5⤵
        
        PID:3896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50449.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50449.exe
      4⤵
      PID:2404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33167.exe
      4⤵
      PID:3128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34511.exe
      4⤵
      PID:2716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33733.exe
      4⤵
      PID:4948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45956.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45956.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63236.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63236.exe
      4⤵
      PID:2936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61233.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61233.exe
      4⤵
      PID:3492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28645.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28645.exe
      4⤵
      PID:3112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43376.exe
      4⤵
      PID:5088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24558.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24558.exe
    3⤵
    PID:1360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18261.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18261.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17673.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17673.exe
    3⤵
    PID:3872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16142.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16142.exe
    3⤵
    PID:4460
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24174.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24174.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49359.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49359.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30330.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30330.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19588.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53843.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27746.exe
        7⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63267.exe
        7⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28645.exe
        7⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9225.exe
        7⤵
        
        PID:4772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49489.exe
        6⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21436.exe
        7⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6796.exe
        7⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24561.exe
        7⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1750.exe
        7⤵
        
        PID:4220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40770.exe
        6⤵
        
        PID:2380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16200.exe
        6⤵
        
        PID:4028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3254.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59152.exe
        6⤵
        
        PID:4884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24932.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61954.exe
        6⤵
        
        PID:2848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64886.exe
        6⤵
        
        PID:828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28645.exe
        6⤵
        
        PID:1528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1750.exe
        6⤵
        
        PID:4188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19639.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47931.exe
        5⤵
        
        PID:2960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26397.exe
        5⤵
        
        PID:3372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44753.exe
        5⤵
        
        PID:3468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64176.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44071.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45867.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5000.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7434.exe
        7⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63267.exe
        7⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28645.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42399.exe
        7⤵
        
        PID:4844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62618.exe
        6⤵
        
        PID:3016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11465.exe
        6⤵
        
        PID:3068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36571.exe
        6⤵
        
        PID:3248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25942.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34911.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17596.exe
        6⤵
        
        PID:2392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15870.exe
        6⤵
        
        PID:2360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65314.exe
        6⤵
        
        PID:4732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33919.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24866.exe
        5⤵
        
        PID:3980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19789.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17198.exe
        5⤵
        
        PID:4828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27676.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27676.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48384.exe
        5⤵
        
        PID:2728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63267.exe
        5⤵
        
        PID:2084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9870.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1750.exe
        5⤵
        
        PID:4200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43926.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43926.exe
      4⤵
      PID:664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8665.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8665.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35696.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35696.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21477.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21477.exe
      4⤵
      PID:4452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27952.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27952.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60428.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60428.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62395.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17061.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41150.exe
        7⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13255.exe
        8⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19036.exe
        8⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63267.exe
        7⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28645.exe
        7⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1750.exe
        7⤵
        
        PID:3924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49681.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10792.exe
        7⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14910.exe
        7⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36534.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11465.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36571.exe
        6⤵
        
        PID:3232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62699.exe
        6⤵
        
        PID:4636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42503.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23688.exe
        6⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-885.exe
        7⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63267.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37390.exe
        7⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37739.exe
        7⤵
        
        PID:4404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59001.exe
        6⤵
        
        PID:2800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11465.exe
        6⤵
        
        PID:728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36571.exe
        6⤵
        
        PID:3236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12538.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13665.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11932.exe
        6⤵
        
        PID:4660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17330.exe
        5⤵
        
        PID:1440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27905.exe
        5⤵
        
        PID:3224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33688.exe
        5⤵
        
        PID:4368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26001.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26001.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5467.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17596.exe
        6⤵
        
        PID:2116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64495.exe
        6⤵
        
        PID:3712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23513.exe
        6⤵
        
        PID:4336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17360.exe
        6⤵
        
        PID:5048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11465.exe
        5⤵
        
        PID:1472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60858.exe
        6⤵
        
        PID:4564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22913.exe
        5⤵
        
        PID:3704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43906.exe
        5⤵
        
        PID:5108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29233.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29233.exe
      4⤵
      PID:872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15540.exe
        5⤵
        
        PID:3204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16393.exe
        5⤵
        
        PID:3944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26447.exe
        5⤵
        
        PID:4628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39785.exe
      4⤵
      PID:2528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16200.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16200.exe
      4⤵
      PID:4020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36630.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36630.exe
      4⤵
      PID:2720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1633.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1633.exe
      4⤵
      PID:4296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38538.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38538.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46142.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46142.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17596.exe
        5⤵
        
        PID:2600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56088.exe
        5⤵
        
        PID:3564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44174.exe
        5⤵
        
        PID:4428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27034.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27034.exe
      4⤵
      PID:2592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20531.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20531.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34511.exe
      4⤵
      PID:4076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13505.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46069.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46069.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50216.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50216.exe
      4⤵
      PID:1104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6796.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6796.exe
      4⤵
      PID:3328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28645.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28645.exe
      4⤵
      PID:3916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42399.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42399.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41286.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41286.exe
    3⤵
    PID:2836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1196.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1196.exe
    3⤵
    PID:3296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31575.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31575.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3944.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3944.exe
    3⤵
    PID:4968
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2580.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2580.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40562.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40562.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28571.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28571.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46225.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45426.exe
        6⤵
        
        PID:560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63267.exe
        6⤵
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20477.exe
        6⤵
        
        PID:3912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-722.exe
        6⤵
        
        PID:4360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30220.exe
        5⤵
        
        PID:1760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11465.exe
        5⤵
        
        PID:336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36571.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16622.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13693.exe
        5⤵
        
        PID:4492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38803.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38803.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20599.exe
        5⤵
        
        PID:288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56665.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34511.exe
        5⤵
        
        PID:3076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33733.exe
        5⤵
        
        PID:4956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55933.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55933.exe
      4⤵
      PID:2200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17330.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17330.exe
      4⤵
      PID:2492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27905.exe
      4⤵
      PID:3428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35293.exe
      4⤵
      PID:4120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17787.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17787.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48097.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48097.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62369.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62369.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63267.exe
        5⤵
        
        PID:1588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28645.exe
        5⤵
        
        PID:4060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1750.exe
        5⤵
        
        PID:4232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11465.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11465.exe
      4⤵
      PID:1000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36571.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36571.exe
      4⤵
      PID:3336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51829.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51829.exe
      4⤵
      PID:4144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21285.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21285.exe
      4⤵
      PID:4820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54512.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54512.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28405.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28405.exe
      4⤵
      PID:340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47097.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47097.exe
      4⤵
      PID:3100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16393.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16393.exe
      4⤵
      PID:3948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1750.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1750.exe
      4⤵
      PID:2488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36962.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36962.exe
    3⤵
    PID:1100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1196.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1196.exe
    3⤵
    PID:3280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26376.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26376.exe
    3⤵
    PID:3140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8732.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8732.exe
    3⤵
    PID:4344
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5067.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5067.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3490.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3490.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54886.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20184.exe
        5⤵
        
        PID:3008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19000.exe
        5⤵
        
        PID:4084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28455.exe
        5⤵
        
        PID:3784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14780.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30350.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30350.exe
      4⤵
      PID:1184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20531.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20531.exe
      4⤵
      PID:3340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34511.exe
      4⤵
      PID:4012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42286.exe
      4⤵
      PID:4892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18108.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18108.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3776.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24230.exe
      4⤵
      PID:3528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25433.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25433.exe
      4⤵
      PID:4108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39785.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39785.exe
    3⤵
    PID:836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11558.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11558.exe
      4⤵
      PID:4172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6322.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6322.exe
      4⤵
      PID:4352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11370.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11370.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52359.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52359.exe
    3⤵
    PID:4152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61794.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61794.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4300
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28301.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28301.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46334.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46334.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2219.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2219.exe
      4⤵
      PID:3004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44651.exe
      4⤵
      PID:2284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61230.exe
      4⤵
      PID:4596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6230.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6230.exe
    3⤵
    PID:1996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20531.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20531.exe
    3⤵
    PID:3348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34511.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34511.exe
    3⤵
    PID:3084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58622.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58622.exe
    3⤵
    PID:2968
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20759.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20759.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2115.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2115.exe
    3⤵
    PID:1584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17596.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17596.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47920.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47920.exe
      4⤵
      PID:3536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10794.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17360.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17360.exe
      4⤵
      PID:4996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44689.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44689.exe
    3⤵
    PID:668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19000.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19000.exe
    3⤵
    PID:4092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28455.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28455.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58622.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58622.exe
    3⤵
    PID:3932
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34748.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34748.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48166.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48166.exe
    3⤵
    PID:1820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49504.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49504.exe
    3⤵
    PID:3184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34511.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34511.exe
    3⤵
    PID:3972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3104.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3104.exe
    3⤵
    PID:3464
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22511.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22511.exe
  2⤵
  PID:2476
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47866.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47866.exe
  2⤵
  PID:796
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5770.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5770.exe
  2⤵
  PID:3404
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1957.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1957.exe
  2⤵
  PID:1656
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14722.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14722.exe
  2⤵
  PID:4292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14076.exe

Filesize
468KB

MD5
b147a4c8b269b2ed80a75ee151a37924

SHA1
f1eb9f264ba8924fd3a7ce35bbbe75addade25fc

SHA256
9d8152a39f8cc9ca6f82c3a9c0f204c3dce5a740f59caa3c34c865600985cb65

SHA512
7135b78ffe7d7962b638762a99c699fc159636a34b3e384785892f4b1238186fc131cf1b88e3d6a276f69dba15674ae72790acfa7bed8ae54021bdf83a0cbecf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2580.exe

Filesize
468KB

MD5
a66e92156eda5287aa0315cf21852918

SHA1
6df228dcbac1f0a8ac47dc48bb786b6d375ba9e6

SHA256
b7ab7d00de636b86992db485d467d38e632c831c0c60ab9c9132f5190c41eaee

SHA512
4448c2e516e6a98621e3c599653f937e2bc4369424d2ebfcb4964c41e7b62884ca3414a9b371307af15d9f672588e363657772df993d82259f004cdb51ef0f92

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27034.exe

Filesize
468KB

MD5
b24ee6bf668972eccd6261ed9bae8095

SHA1
24d7fcffd8537802a63041233bed935ed76f5ce4

SHA256
72d7a405a57965fb35eb58171c5a1e0acd51a8a3aaddc845c21872813dde0736

SHA512
84d2411a688e19a137f9b82df5a4474a751415250aea51011c610e333e2e1c65fed0794953f9da5943428c67d23bf93ef5ce55c84c6c3e17e10856a10b0c5527

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29131.exe

Filesize
468KB

MD5
947495cfc3aea4c05db69acb4b4b4387

SHA1
349aa74895140d1ac74f3cdcd907f964dcee57c6

SHA256
50540a351fa4d94379a2522e21b8512994d57565ac0b95df3395be414bc9a5c4

SHA512
ef79b15512841b0c367084a724c6f17600092a03346796636cc3d592d441de779ea4aeb508e1de106754aae32518ed01cb18ff99ec9d4ad4318bed43d31fc03f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31575.exe

Filesize
468KB

MD5
627770005ea3562e424d5c867f724c7a

SHA1
9c835419821db9f7e82aaa8b10536ee368aa5ee6

SHA256
86241d023d1dcc835dc3a6c484688c1a28166d2200ba3970ebaa7e5dcf429332

SHA512
7b300b500ad030e66b6e6e8d8e023b9eced5bc3bf7c725c9d2d2c7e6ecde3292dab6abb96d3d104bfc71afcc4caa7da6a0d8869cdc6cfeba1e11d446b246e96a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40562.exe

Filesize
468KB

MD5
88b8e8bd607dc95667b9f97f1fa02cc0

SHA1
16b1c3e75429561d5ae7ca4ccd0966b484301c80

SHA256
06de23bc01d67d9e1f7cbf71059b83a63341886a705c15537889d2cfb26843f3

SHA512
81bd9a78fd719dbb4134d92fd60fe3eab5d028209ffa077394dd678dce2b74df3cdc0aaf7dba562ed305c8d5cbdb54756ae711544fdfc53ec29808489fc136dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5067.exe

Filesize
468KB

MD5
65ef09cc9f62fddefad0af8bc2cef8df

SHA1
506886e47e04bcf021e4aae119fb207f9055fd9e

SHA256
a99494c68ece3547b2ff575cdd3d40a2ce9bb80b110b339fa3b80b6c03506c5a

SHA512
b44f548b1a3e86e00f2749e80cc1931e2e371c2b27588cc206b4a754e0fa5f7ed927ac844c9801f7edd1a29e3c3461c7ea6b35266d17894ea5a3aa13695a0838

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5467.exe

Filesize
468KB

MD5
84cd333649c31d5ab35ef405d3846e03

SHA1
3ec2b0c2b148577f5dc689548c191165e966f97c

SHA256
4b4774176b6ec2a85dba77a4e043f07be5921a495537bb8c641c15d17cb41172

SHA512
754c1443f6b64ade8172b97d1b41e1adab04731ddf36d362b0dfc2378005f29d41deff5b824e767e8ad18889f0dc273be207049783f2d0422e47518e32da7698

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60817.exe

Filesize
468KB

MD5
12db702959b2b8eea0a8da6f986dbd5e

SHA1
412268e2853deb5a32a0a3afd68e2ebd048d01b0

SHA256
4bc898c72ed4585bfd8f25055f9900aad375781db10c313717792230fe653573

SHA512
7b1d624c3f800e2cc0aab1ecbb7b8adad167c7830f2bba42818a2134d48d35fb0c28112eef77260681eba6a9706a556a79799fc1baf08c50f7c41f51edc47b82

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19588.exe

Filesize
468KB

MD5
1f97b505bd38fbaece2cb77b80b0a21c

SHA1
71abc0f10e7950c1fda87c05628e7ced79b30f2f

SHA256
63e15364b56216ea7f6cc3c4852895f2c68e9aa749c57a4ddb571cab2d6178f8

SHA512
ef2ecae863c5ef474e17223befa1949d077752262a6e43f98243694d34dcab7aab7f308ef9d1d877c3108e12e0a34f813c957e54861ff0fbb2890bc73039fc55

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23620.exe

Filesize
468KB

MD5
8234ada27c9e9de9b5bfd63da4be1ef7

SHA1
f288af9ac8f6f2953f1e33d4453bdd3c51c122ad

SHA256
ccbece68403d68a22f503b634c0ad4af304277927c380c57f0ce6908c5b568b1

SHA512
2a0444319cd20fc59fd7a3f0738492b8c62ec3f822ada15a76975f16b30363f9db0ade8be26b402970a5fd4c1e5b695d6705c98c83cd5c54a367fc77c92d5014

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24174.exe

Filesize
468KB

MD5
16bf31c14cbf465bcd72fe224dc73e34

SHA1
79fcc8aef14a88f5101ffbd1d269b3879b188ce3

SHA256
e7c2b1f09364e019c0f2921e8c0236e22c489effdc657f796ca8cc3e92dd3a48

SHA512
2b0cab1e541dd5778383ec4a4396ab8c102dea6cb6fb96856255b4fac997a8dad31e903985dce175c9d7fe0425f67027aa5586c9ad07a8a014400f1f7d3313e6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27952.exe

Filesize
468KB

MD5
64016332a2b426130749291fe84e72c5

SHA1
f1d2f8a9b144754e977ad5bc077d8ec7b51cf1fd

SHA256
162c697de6a72192223b5f3ad780d89cd4b5abbd76b9bce2bc580beba04c5906

SHA512
9872d5f26ea47d79576c13e7d72b70edc2975899839ebbd643390b5ac4a03e38598c6aba3eef46e71e21b2ac2b6dafc1a0daa36648d1f2913e39783b4962ef22

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30330.exe

Filesize
468KB

MD5
0db7eb797ac7ac95196455c0fea1f58e

SHA1
af9898a82fcb8f652deb34c330bc2bf31414ccb5

SHA256
823e24cc343b59ca82ad838106fab62018bb541f4484659b8c9531456f4e2b7e

SHA512
405c86d2441531487a67f0b778e4e60940662b6f744b15fa5b3c709f8a171ea9c40d0d895aa5816d0b9ae9eb0200cd3bf17c6a5284a5014f35c4e7eccacbd6cd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41937.exe

Filesize
468KB

MD5
1f7647ba765a08f353be07aa8d650991

SHA1
e1b5628a710552f29f7c60bbb3539d456dad4717

SHA256
f755bd7a66d41ddc3dff2977b0105a8fbcfcb05b8e50c477c9091f5c585bb83f

SHA512
1d72538d1b5555bcca2327d0f03c80938f4441e01810609a2e7d7240ae85f5238788093d6962846f115c222ad1d8ff2332354e0f3fe24b068ddf704bd112a740

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44071.exe

Filesize
468KB

MD5
da5b1d682fa8e7ac8b501a2d5c367bb2

SHA1
62e1d054470b418d7acf2f53e4ce2bbbfe4328c6

SHA256
2e6a9f61baeed7db6222c57180b9b67e849b32b90862a33fb6159c33c1fbc3e1

SHA512
29089c1a4f554f25b8c62e9ebbf8020dfe741ed031f5c328e80447c35964f26e18b7b5386cf6ed4890c485723bc10e77f52eadd09bf64b9cb45707d062e051da

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49359.exe

Filesize
468KB

MD5
46dc53995a37029ba50fec2633ca78c3

SHA1
19a790879129710c3dfe2ceca7c25aea32bf502c

SHA256
09a9ac0fbc3b1e7c2119a5c8b4ce74227bf832796dd725fde56fd81b1314e5e3

SHA512
09845d170748842c7ba08d951b8381093c404e432c2a3ddd690762455d23290951a60175d1067eca6ba2d4fffa876db3d279d987aaa750583b5cf9bfb79d6701

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56702.exe

Filesize
468KB

MD5
9f852b40ffc810e9b774b2ab569ebafe

SHA1
81708c5e550121717219af35d252e26f58d63f5b

SHA256
c725b7777af73a080618458e063d176ebf6d8212970825a187e10aa5d06745b4

SHA512
f6cbebd95f91d338ffcc3bd2b8dc18db76f1e44496fc15c59e5dbdc821199e12b79583695b0013f461dcba4f2aaaae0fd5cb08693fbcb22784b60b159ecd6f82

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60428.exe

Filesize
468KB

MD5
8042ffde2ca48efef8ffeddb4f7ab679

SHA1
be7cf9c27421738000d1404d2a17e64335c2c976

SHA256
eb164984cf50afe45e40fd47385e9b0a7a268a7a890f123ef7b3224c1d08dd52

SHA512
d240d9ff29243b7eee2c16bb4cf4a014fe82a5e68d0f427da0345a1da665947bfcb4593ce55a3f897b52b9e8b3d3346827a16f6c59a0d60f5c77ea11632144dd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64739.exe

Filesize
468KB

MD5
1432db3e1560227dd30d4d6418868885

SHA1
7bcde7377d39281fc3a2d41a1a484548c9ae3baf

SHA256
27dfb827d3d1d4d8f912c51ac81f601dd6f2a19025f3e927665399f02774372c

SHA512
a43e3debf19e8305ba0a46cec4a0cc35d62103d5f3da71ce406b3300f50733d0f133d3f9b3f8b26214447cebdf70844fa08c4d68962e7c58c70af041691208ac

Download Submit