1c9be8bb8b7cfa7e0ca328b467e1dcea4e0951187a29501e11c224d6e41d6cf6

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
28/09/2024, 19:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1c9be8bb8b7cfa7e0ca328b467e1dcea4e0951187a29501e11c224d6e41d6cf6N.exe
Size

468KB
MD5

53aebe4302a2f4eb128da5835992d860
SHA1

318d0292f77f0720900310bae62aaa97bf9cc53c
SHA256

1c9be8bb8b7cfa7e0ca328b467e1dcea4e0951187a29501e11c224d6e41d6cf6
SHA512

7a88f61d06e00b6bc93cc2adf5eef39f8e0f9bb6bf0bdacf2b7d15b78badbcfd54f76a0e003a9188318816de894f2878342821b51e812c5c42a2ad6d68494c3d
SSDEEP

3072:1huUo4IuIw5UrbYXHzcjrf8/EoOC3lpl6FH0pVPszapkiC7zdsel:1hJofgUr4H4jrfkjF4zaeJ7zd

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2116	Unicorn-44020.exe
2488	Unicorn-5172.exe
1504	Unicorn-38591.exe
2828	Unicorn-18577.exe
3052	Unicorn-59509.exe
2744	Unicorn-102.exe
2428	Unicorn-59095.exe
2676	Unicorn-53470.exe
1156	Unicorn-37688.exe
3028	Unicorn-41794.exe
3016	Unicorn-41529.exe
2700	Unicorn-48016.exe
1712	Unicorn-60268.exe
3008	Unicorn-13760.exe
1540	Unicorn-56084.exe
2076	Unicorn-49469.exe
2056	Unicorn-9204.exe
2408	Unicorn-54876.exe
952	Unicorn-35747.exe
1064	Unicorn-15234.exe
1392	Unicorn-13651.exe
1596	Unicorn-58021.exe
2064	Unicorn-49853.exe
1240	Unicorn-43723.exe
1552	Unicorn-40315.exe
1560	Unicorn-40050.exe
1780	Unicorn-12281.exe
1796	Unicorn-56651.exe
2396	Unicorn-56651.exe
1948	Unicorn-28617.exe
1828	Unicorn-33330.exe
1068	Unicorn-29708.exe
2148	Unicorn-63449.exe
1748	Unicorn-43583.exe
2320	Unicorn-37776.exe
1268	Unicorn-43906.exe
2284	Unicorn-38753.exe
2716	Unicorn-18887.exe
2756	Unicorn-47990.exe
2812	Unicorn-41503.exe
2728	Unicorn-4196.exe
2640	Unicorn-46620.exe
2668	Unicorn-50604.exe
2124	Unicorn-17840.exe
2628	Unicorn-14310.exe
1604	Unicorn-34176.exe
2940	Unicorn-8088.exe
2856	Unicorn-12172.exe
2928	Unicorn-32038.exe
1568	Unicorn-48374.exe
2364	Unicorn-48109.exe
2344	Unicorn-5295.exe
1656	Unicorn-42152.exe
2696	Unicorn-47004.exe
888	Unicorn-27138.exe
1808	Unicorn-7148.exe
1328	Unicorn-57118.exe
1984	Unicorn-37252.exe
1696	Unicorn-9293.exe
1876	Unicorn-18224.exe
2040	Unicorn-48850.exe
1396	Unicorn-4181.exe
1360	Unicorn-12904.exe
3032	Unicorn-2043.exe

Loads dropped DLL 64 IoCs

pid	Process
2272	1c9be8bb8b7cfa7e0ca328b467e1dcea4e0951187a29501e11c224d6e41d6cf6N.exe
2272	1c9be8bb8b7cfa7e0ca328b467e1dcea4e0951187a29501e11c224d6e41d6cf6N.exe
2116	Unicorn-44020.exe
2116	Unicorn-44020.exe
2272	1c9be8bb8b7cfa7e0ca328b467e1dcea4e0951187a29501e11c224d6e41d6cf6N.exe
2272	1c9be8bb8b7cfa7e0ca328b467e1dcea4e0951187a29501e11c224d6e41d6cf6N.exe
1504	Unicorn-38591.exe
1504	Unicorn-38591.exe
2488	Unicorn-5172.exe
2272	1c9be8bb8b7cfa7e0ca328b467e1dcea4e0951187a29501e11c224d6e41d6cf6N.exe
2488	Unicorn-5172.exe
2272	1c9be8bb8b7cfa7e0ca328b467e1dcea4e0951187a29501e11c224d6e41d6cf6N.exe
2116	Unicorn-44020.exe
2116	Unicorn-44020.exe
2828	Unicorn-18577.exe
2828	Unicorn-18577.exe
1504	Unicorn-38591.exe
1504	Unicorn-38591.exe
3052	Unicorn-59509.exe
2272	1c9be8bb8b7cfa7e0ca328b467e1dcea4e0951187a29501e11c224d6e41d6cf6N.exe
2744	Unicorn-102.exe
2272	1c9be8bb8b7cfa7e0ca328b467e1dcea4e0951187a29501e11c224d6e41d6cf6N.exe
2744	Unicorn-102.exe
3052	Unicorn-59509.exe
2428	Unicorn-59095.exe
2428	Unicorn-59095.exe
2488	Unicorn-5172.exe
2116	Unicorn-44020.exe
2488	Unicorn-5172.exe
2116	Unicorn-44020.exe
2676	Unicorn-53470.exe
2676	Unicorn-53470.exe
2828	Unicorn-18577.exe
2828	Unicorn-18577.exe
1156	Unicorn-37688.exe
1156	Unicorn-37688.exe
1504	Unicorn-38591.exe
1504	Unicorn-38591.exe
3028	Unicorn-41794.exe
3028	Unicorn-41794.exe
2744	Unicorn-102.exe
2744	Unicorn-102.exe
3008	Unicorn-13760.exe
3008	Unicorn-13760.exe
2488	Unicorn-5172.exe
2488	Unicorn-5172.exe
1540	Unicorn-56084.exe
1540	Unicorn-56084.exe
2116	Unicorn-44020.exe
2700	Unicorn-48016.exe
2700	Unicorn-48016.exe
2116	Unicorn-44020.exe
3052	Unicorn-59509.exe
3052	Unicorn-59509.exe
1712	Unicorn-60268.exe
3016	Unicorn-41529.exe
1712	Unicorn-60268.exe
3016	Unicorn-41529.exe
2428	Unicorn-59095.exe
2428	Unicorn-59095.exe
2272	1c9be8bb8b7cfa7e0ca328b467e1dcea4e0951187a29501e11c224d6e41d6cf6N.exe
2272	1c9be8bb8b7cfa7e0ca328b467e1dcea4e0951187a29501e11c224d6e41d6cf6N.exe
2056	Unicorn-9204.exe
2056	Unicorn-9204.exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41503.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64430.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21788.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22024.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17712.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4422.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42326.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26809.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48631.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37776.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58719.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40808.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37688.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17651.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42913.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42307.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5172.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13651.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37744.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44020.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50699.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41360.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1267.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61294.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64094.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23783.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42326.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37048.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62930.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46300.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14963.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47627.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28751.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2043.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57254.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61095.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38643.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43906.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4181.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26110.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64246.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4422.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21578.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29773.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21107.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41360.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11730.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38831.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45961.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46300.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46620.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58116.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5964.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56874.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49469.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10221.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-512.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39398.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8308.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60308.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42913.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42837.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54876.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2272	1c9be8bb8b7cfa7e0ca328b467e1dcea4e0951187a29501e11c224d6e41d6cf6N.exe
2116	Unicorn-44020.exe
1504	Unicorn-38591.exe
2488	Unicorn-5172.exe
2828	Unicorn-18577.exe
3052	Unicorn-59509.exe
2744	Unicorn-102.exe
2428	Unicorn-59095.exe
2676	Unicorn-53470.exe
1156	Unicorn-37688.exe
3028	Unicorn-41794.exe
2700	Unicorn-48016.exe
3016	Unicorn-41529.exe
1712	Unicorn-60268.exe
3008	Unicorn-13760.exe
1540	Unicorn-56084.exe
2056	Unicorn-9204.exe
2076	Unicorn-49469.exe
2408	Unicorn-54876.exe
952	Unicorn-35747.exe
1064	Unicorn-15234.exe
1392	Unicorn-13651.exe
1596	Unicorn-58021.exe
1240	Unicorn-43723.exe
2064	Unicorn-49853.exe
1552	Unicorn-40315.exe
1560	Unicorn-40050.exe
1780	Unicorn-12281.exe
1796	Unicorn-56651.exe
2396	Unicorn-56651.exe
1948	Unicorn-28617.exe
1828	Unicorn-33330.exe
1068	Unicorn-29708.exe
2148	Unicorn-63449.exe
2320	Unicorn-37776.exe
1268	Unicorn-43906.exe
2716	Unicorn-18887.exe
2284	Unicorn-38753.exe
2756	Unicorn-47990.exe
2812	Unicorn-41503.exe
2640	Unicorn-46620.exe
2728	Unicorn-4196.exe
2668	Unicorn-50604.exe
2124	Unicorn-17840.exe
2628	Unicorn-14310.exe
1604	Unicorn-34176.exe
2940	Unicorn-8088.exe
2856	Unicorn-12172.exe
1568	Unicorn-48374.exe
2928	Unicorn-32038.exe
2364	Unicorn-48109.exe
2344	Unicorn-5295.exe
1656	Unicorn-42152.exe
2696	Unicorn-47004.exe
888	Unicorn-27138.exe
1808	Unicorn-7148.exe
1328	Unicorn-57118.exe
1984	Unicorn-37252.exe
1876	Unicorn-18224.exe
1696	Unicorn-9293.exe
2040	Unicorn-48850.exe
1396	Unicorn-4181.exe
1360	Unicorn-12904.exe
3032	Unicorn-2043.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2272 wrote to memory of 2116	2272	1c9be8bb8b7cfa7e0ca328b467e1dcea4e0951187a29501e11c224d6e41d6cf6N.exe	31
PID 2272 wrote to memory of 2116	2272	1c9be8bb8b7cfa7e0ca328b467e1dcea4e0951187a29501e11c224d6e41d6cf6N.exe	31
PID 2272 wrote to memory of 2116	2272	1c9be8bb8b7cfa7e0ca328b467e1dcea4e0951187a29501e11c224d6e41d6cf6N.exe	31
PID 2272 wrote to memory of 2116	2272	1c9be8bb8b7cfa7e0ca328b467e1dcea4e0951187a29501e11c224d6e41d6cf6N.exe	31
PID 2116 wrote to memory of 2488	2116	Unicorn-44020.exe	32
PID 2116 wrote to memory of 2488	2116	Unicorn-44020.exe	32
PID 2116 wrote to memory of 2488	2116	Unicorn-44020.exe	32
PID 2116 wrote to memory of 2488	2116	Unicorn-44020.exe	32
PID 2272 wrote to memory of 1504	2272	1c9be8bb8b7cfa7e0ca328b467e1dcea4e0951187a29501e11c224d6e41d6cf6N.exe	33
PID 2272 wrote to memory of 1504	2272	1c9be8bb8b7cfa7e0ca328b467e1dcea4e0951187a29501e11c224d6e41d6cf6N.exe	33
PID 2272 wrote to memory of 1504	2272	1c9be8bb8b7cfa7e0ca328b467e1dcea4e0951187a29501e11c224d6e41d6cf6N.exe	33
PID 2272 wrote to memory of 1504	2272	1c9be8bb8b7cfa7e0ca328b467e1dcea4e0951187a29501e11c224d6e41d6cf6N.exe	33
PID 1504 wrote to memory of 2828	1504	Unicorn-38591.exe	34
PID 1504 wrote to memory of 2828	1504	Unicorn-38591.exe	34
PID 1504 wrote to memory of 2828	1504	Unicorn-38591.exe	34
PID 1504 wrote to memory of 2828	1504	Unicorn-38591.exe	34
PID 2488 wrote to memory of 2744	2488	Unicorn-5172.exe	35
PID 2488 wrote to memory of 2744	2488	Unicorn-5172.exe	35
PID 2488 wrote to memory of 2744	2488	Unicorn-5172.exe	35
PID 2488 wrote to memory of 2744	2488	Unicorn-5172.exe	35
PID 2272 wrote to memory of 3052	2272	1c9be8bb8b7cfa7e0ca328b467e1dcea4e0951187a29501e11c224d6e41d6cf6N.exe	36
PID 2272 wrote to memory of 3052	2272	1c9be8bb8b7cfa7e0ca328b467e1dcea4e0951187a29501e11c224d6e41d6cf6N.exe	36
PID 2272 wrote to memory of 3052	2272	1c9be8bb8b7cfa7e0ca328b467e1dcea4e0951187a29501e11c224d6e41d6cf6N.exe	36
PID 2272 wrote to memory of 3052	2272	1c9be8bb8b7cfa7e0ca328b467e1dcea4e0951187a29501e11c224d6e41d6cf6N.exe	36
PID 2116 wrote to memory of 2428	2116	Unicorn-44020.exe	37
PID 2116 wrote to memory of 2428	2116	Unicorn-44020.exe	37
PID 2116 wrote to memory of 2428	2116	Unicorn-44020.exe	37
PID 2116 wrote to memory of 2428	2116	Unicorn-44020.exe	37
PID 2828 wrote to memory of 2676	2828	Unicorn-18577.exe	38
PID 2828 wrote to memory of 2676	2828	Unicorn-18577.exe	38
PID 2828 wrote to memory of 2676	2828	Unicorn-18577.exe	38
PID 2828 wrote to memory of 2676	2828	Unicorn-18577.exe	38
PID 1504 wrote to memory of 1156	1504	Unicorn-38591.exe	39
PID 1504 wrote to memory of 1156	1504	Unicorn-38591.exe	39
PID 1504 wrote to memory of 1156	1504	Unicorn-38591.exe	39
PID 1504 wrote to memory of 1156	1504	Unicorn-38591.exe	39
PID 2272 wrote to memory of 3016	2272	1c9be8bb8b7cfa7e0ca328b467e1dcea4e0951187a29501e11c224d6e41d6cf6N.exe	41
PID 2272 wrote to memory of 3016	2272	1c9be8bb8b7cfa7e0ca328b467e1dcea4e0951187a29501e11c224d6e41d6cf6N.exe	41
PID 2272 wrote to memory of 3016	2272	1c9be8bb8b7cfa7e0ca328b467e1dcea4e0951187a29501e11c224d6e41d6cf6N.exe	41
PID 2272 wrote to memory of 3016	2272	1c9be8bb8b7cfa7e0ca328b467e1dcea4e0951187a29501e11c224d6e41d6cf6N.exe	41
PID 2744 wrote to memory of 3028	2744	Unicorn-102.exe	42
PID 2744 wrote to memory of 3028	2744	Unicorn-102.exe	42
PID 2744 wrote to memory of 3028	2744	Unicorn-102.exe	42
PID 2744 wrote to memory of 3028	2744	Unicorn-102.exe	42
PID 3052 wrote to memory of 2700	3052	Unicorn-59509.exe	40
PID 3052 wrote to memory of 2700	3052	Unicorn-59509.exe	40
PID 3052 wrote to memory of 2700	3052	Unicorn-59509.exe	40
PID 3052 wrote to memory of 2700	3052	Unicorn-59509.exe	40
PID 2428 wrote to memory of 1712	2428	Unicorn-59095.exe	43
PID 2428 wrote to memory of 1712	2428	Unicorn-59095.exe	43
PID 2428 wrote to memory of 1712	2428	Unicorn-59095.exe	43
PID 2428 wrote to memory of 1712	2428	Unicorn-59095.exe	43
PID 2488 wrote to memory of 3008	2488	Unicorn-5172.exe	44
PID 2488 wrote to memory of 3008	2488	Unicorn-5172.exe	44
PID 2488 wrote to memory of 3008	2488	Unicorn-5172.exe	44
PID 2488 wrote to memory of 3008	2488	Unicorn-5172.exe	44
PID 2116 wrote to memory of 1540	2116	Unicorn-44020.exe	45
PID 2116 wrote to memory of 1540	2116	Unicorn-44020.exe	45
PID 2116 wrote to memory of 1540	2116	Unicorn-44020.exe	45
PID 2116 wrote to memory of 1540	2116	Unicorn-44020.exe	45
PID 2676 wrote to memory of 2076	2676	Unicorn-53470.exe	46
PID 2676 wrote to memory of 2076	2676	Unicorn-53470.exe	46
PID 2676 wrote to memory of 2076	2676	Unicorn-53470.exe	46
PID 2676 wrote to memory of 2076	2676	Unicorn-53470.exe	46

C:\Users\Admin\AppData\Local\Temp\1c9be8bb8b7cfa7e0ca328b467e1dcea4e0951187a29501e11c224d6e41d6cf6N.exe
"C:\Users\Admin\AppData\Local\Temp\1c9be8bb8b7cfa7e0ca328b467e1dcea4e0951187a29501e11c224d6e41d6cf6N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2272
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44020.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44020.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5172.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5172.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-102.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-102.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41794.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15234.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43906.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58234.exe
        8⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45162.exe
        9⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60110.exe
        9⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41360.exe
        9⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5964.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21788.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43119.exe
        8⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38643.exe
        8⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46300.exe
        8⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8519.exe
        7⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56389.exe
        8⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23907.exe
        8⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21231.exe
        8⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4422.exe
        7⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22024.exe
        7⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45961.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18887.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55411.exe
        7⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15648.exe
        8⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59768.exe
        8⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58911.exe
        7⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23907.exe
        7⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5964.exe
        7⤵
        
        PID:4936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47719.exe
        6⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64246.exe
        7⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22725.exe
        7⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37048.exe
        7⤵
        
        PID:4664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63981.exe
        6⤵
        
        PID:3124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33660.exe
        6⤵
        
        PID:3564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17712.exe
        6⤵
        
        PID:4476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13651.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46620.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37430.exe
        7⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44381.exe
        8⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36461.exe
        8⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42913.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8851.exe
        7⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23468.exe
        7⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34247.exe
        7⤵
        
        PID:4464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23594.exe
        6⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64246.exe
        7⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26809.exe
        7⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63690.exe
        7⤵
        
        PID:5112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58116.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46410.exe
        6⤵
        
        PID:3948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34247.exe
        6⤵
        
        PID:4148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50604.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28058.exe
        6⤵
        
        PID:1844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60110.exe
        6⤵
        
        PID:3608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41360.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21231.exe
        6⤵
        
        PID:5500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30315.exe
        5⤵
        
        PID:2492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5508.exe
        5⤵
        
        PID:3708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22024.exe
        5⤵
        
        PID:4308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63366.exe
        5⤵
        
        PID:4756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13760.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13760.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:3008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58021.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17840.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15338.exe
        7⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64246.exe
        8⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57920.exe
        8⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37048.exe
        8⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64094.exe
        7⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38560.exe
        7⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23742.exe
        7⤵
        
        PID:4900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65094.exe
        6⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64246.exe
        7⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22725.exe
        7⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37048.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58116.exe
        6⤵
        
        PID:3300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42326.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64974.exe
        6⤵
        
        PID:4780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8088.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-289.exe
        6⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64246.exe
        7⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26809.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37048.exe
        7⤵
        
        PID:4396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44381.exe
        6⤵
        
        PID:3200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40545.exe
        6⤵
        
        PID:3392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42913.exe
        6⤵
        
        PID:4128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5041.exe
        5⤵
        
        PID:2804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38831.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33467.exe
        6⤵
        
        PID:4048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14717.exe
        6⤵
        
        PID:924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21231.exe
        6⤵
        
        PID:5472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-247.exe
        5⤵
        
        PID:2876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44403.exe
        5⤵
        
        PID:3972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60919.exe
        5⤵
        
        PID:4680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53002.exe
        5⤵
        
        PID:6116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43723.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43723.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32038.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55276.exe
        6⤵
        
        PID:2100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60110.exe
        6⤵
        
        PID:3828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41360.exe
        6⤵
        
        PID:4324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21231.exe
        6⤵
        
        PID:5460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31134.exe
        5⤵
        
        PID:2768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8308.exe
        5⤵
        
        PID:3632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47225.exe
        5⤵
        
        PID:4220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62836.exe
        5⤵
        
        PID:4612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48109.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48109.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30388.exe
        5⤵
        
        PID:1628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60110.exe
        5⤵
        
        PID:3568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41360.exe
        5⤵
        
        PID:4356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5964.exe
        5⤵
        
        PID:4984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54898.exe
      4⤵
      PID:2236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23783.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23783.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39090.exe
      4⤵
      PID:1960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41835.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41835.exe
      4⤵
      PID:4488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59095.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59095.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60268.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60268.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56651.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34176.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22307.exe
        7⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7301.exe
        7⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38560.exe
        7⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28895.exe
        7⤵
        
        PID:5204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50512.exe
        6⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56400.exe
        7⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39155.exe
        7⤵
        
        PID:5580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20539.exe
        6⤵
        
        PID:3396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29773.exe
        6⤵
        
        PID:4500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12172.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55411.exe
        6⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17651.exe
        7⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22725.exe
        7⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61251.exe
        7⤵
        
        PID:5608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58719.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23907.exe
        6⤵
        
        PID:4568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21231.exe
        6⤵
        
        PID:5428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47911.exe
        5⤵
        
        PID:1944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1641.exe
        6⤵
        
        PID:4820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28273.exe
        6⤵
        
        PID:5300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43509.exe
        5⤵
        
        PID:3428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21107.exe
        5⤵
        
        PID:4560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46300.exe
        5⤵
        
        PID:3952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28617.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28617.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48374.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52754.exe
        6⤵
        
        PID:1832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29383.exe
        6⤵
        
        PID:3732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14797.exe
        6⤵
        
        PID:4932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46300.exe
        6⤵
        
        PID:1364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49225.exe
        5⤵
        
        PID:684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43119.exe
        5⤵
        
        PID:3780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47225.exe
        5⤵
        
        PID:3040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14331.exe
        5⤵
        
        PID:6092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5295.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5295.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43927.exe
        5⤵
        
        PID:2740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39132.exe
        6⤵
        
        PID:948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60110.exe
        6⤵
        
        PID:3808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12497.exe
        6⤵
        
        PID:4400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12566.exe
        6⤵
        
        PID:5532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32094.exe
        5⤵
        
        PID:2496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43119.exe
        5⤵
        
        PID:3692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47225.exe
        5⤵
        
        PID:648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40278.exe
        5⤵
        
        PID:4976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62712.exe
      4⤵
      PID:1644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61294.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4572.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4572.exe
      4⤵
      PID:4524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62339.exe
      4⤵
      PID:5236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56084.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56084.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49853.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49853.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42068.exe
        5⤵
        
        PID:2264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47627.exe
        6⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-512.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33467.exe
        7⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14081.exe
        7⤵
        
        PID:5060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9235.exe
        6⤵
        
        PID:988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47203.exe
        6⤵
        
        PID:4024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28751.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1267.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9208.exe
        5⤵
        
        PID:1720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2375.exe
        6⤵
        
        PID:2084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29383.exe
        6⤵
        
        PID:3680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41360.exe
        6⤵
        
        PID:4364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48943.exe
        6⤵
        
        PID:5052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38867.exe
        5⤵
        
        PID:1376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40319.exe
        5⤵
        
        PID:3516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22024.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63366.exe
        5⤵
        
        PID:4912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14310.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40886.exe
        5⤵
        
        PID:2216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60110.exe
        5⤵
        
        PID:3696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41360.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42307.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26395.exe
      4⤵
      PID:2888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64246.exe
        5⤵
        
        PID:3308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22725.exe
        5⤵
        
        PID:3436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37048.exe
        5⤵
        
        PID:4632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63981.exe
      4⤵
      PID:3152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37744.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37744.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44354.exe
      4⤵
      PID:3920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40050.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40050.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57118.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47627.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26925.exe
        6⤵
        
        PID:5816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50359.exe
        5⤵
        
        PID:3508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38643.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46300.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61010.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61010.exe
      4⤵
      PID:2000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47879.exe
        5⤵
        
        PID:3100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34230.exe
        5⤵
        
        PID:4788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-99.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-99.exe
        5⤵
        
        PID:5100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39398.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39398.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29773.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29773.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12566.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12566.exe
      4⤵
      PID:5540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9293.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9293.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32526.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32526.exe
      4⤵
      PID:2688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48329.exe
      4⤵
      PID:3868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4018.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4018.exe
      4⤵
      PID:3900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26110.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26110.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40849.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40849.exe
    3⤵
    PID:3540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17559.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17559.exe
    3⤵
    PID:2136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36500.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36500.exe
    3⤵
    PID:4132
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38591.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38591.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18577.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18577.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53470.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49469.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47990.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63963.exe
        7⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43598.exe
        8⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30987.exe
        8⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50359.exe
        7⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23907.exe
        7⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53265.exe
        7⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61010.exe
        6⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47910.exe
        7⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-135.exe
        7⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21231.exe
        7⤵
        
        PID:5444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47593.exe
        6⤵
        
        PID:3456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22024.exe
        6⤵
        
        PID:4248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63366.exe
        6⤵
        
        PID:4944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4196.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41213.exe
        6⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18601.exe
        7⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50832.exe
        7⤵
        
        PID:5340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44381.exe
        6⤵
        
        PID:3184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40545.exe
        6⤵
        
        PID:3704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42913.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49281.exe
        5⤵
        
        PID:2412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29016.exe
        6⤵
        
        PID:4548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9799.exe
        6⤵
        
        PID:5332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49731.exe
        5⤵
        
        PID:4004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21107.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61568.exe
        5⤵
        
        PID:5516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54876.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54876.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63449.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2043.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44381.exe
        7⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36461.exe
        7⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42913.exe
        7⤵
        
        PID:4616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25296.exe
        6⤵
        
        PID:332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8308.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47225.exe
        6⤵
        
        PID:3944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45431.exe
        6⤵
        
        PID:5196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44207.exe
        5⤵
        
        PID:2032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24633.exe
        6⤵
        
        PID:2228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65093.exe
        6⤵
        
        PID:4828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46300.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22394.exe
        5⤵
        
        PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53068.exe
        5⤵
        
        PID:4080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11917.exe
        5⤵
        
        PID:932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61568.exe
        5⤵
        
        PID:5524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37776.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58234.exe
        5⤵
        
        PID:2608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50699.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33467.exe
        6⤵
        
        PID:4068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23463.exe
        6⤵
        
        PID:4956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12566.exe
        6⤵
        
        PID:5508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55914.exe
        5⤵
        
        PID:2260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47203.exe
        5⤵
        
        PID:3988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27189.exe
        5⤵
        
        PID:4736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12566.exe
        5⤵
        
        PID:5548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62930.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62930.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47910.exe
        5⤵
        
        PID:624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22725.exe
        5⤵
        
        PID:3820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2237.exe
        5⤵
        
        PID:4748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55316.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55316.exe
      4⤵
      PID:3108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17125.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17125.exe
      4⤵
      PID:3424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34778.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34778.exe
      4⤵
      PID:4580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37688.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37688.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9204.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29708.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4181.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19973.exe
        7⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17602.exe
        7⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42913.exe
        7⤵
        
        PID:4728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4767.exe
        6⤵
        
        PID:2340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47203.exe
        6⤵
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51309.exe
        6⤵
        
        PID:4480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56874.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12904.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48011.exe
        6⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21578.exe
        7⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38643.exe
        7⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42837.exe
        7⤵
        
        PID:5292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44381.exe
        6⤵
        
        PID:3208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6000.exe
        6⤵
        
        PID:4916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62836.exe
        6⤵
        
        PID:4576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11730.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32410.exe
        6⤵
        
        PID:5372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4422.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22024.exe
        5⤵
        
        PID:4200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40808.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43583.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43583.exe
      4⤵
      Executes dropped EXE
      PID:1748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57274.exe
        5⤵
        
        PID:2404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1882.exe
        6⤵
        
        PID:3044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33467.exe
        6⤵
        
        PID:4056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23463.exe
        6⤵
        
        PID:4972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62836.exe
        6⤵
        
        PID:5108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3205.exe
        5⤵
        
        PID:768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39966.exe
        5⤵
        
        PID:4688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46300.exe
        5⤵
        
        PID:5036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14963.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14963.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50699.exe
        5⤵
        
        PID:3012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33467.exe
        5⤵
        
        PID:4040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14081.exe
        5⤵
        
        PID:5076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20091.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20091.exe
      4⤵
      PID:560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44403.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44403.exe
      4⤵
      PID:3980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60919.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60919.exe
      4⤵
      PID:4696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53002.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53002.exe
      4⤵
      PID:6104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35747.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35747.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38753.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38753.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43460.exe
        5⤵
        
        PID:2568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50699.exe
        6⤵
        
        PID:3020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33467.exe
        6⤵
        
        PID:4016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45444.exe
        6⤵
        
        PID:4440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21231.exe
        6⤵
        
        PID:5452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58116.exe
        5⤵
        
        PID:3140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42326.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30047.exe
        5⤵
        
        PID:6128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7066.exe
      4⤵
      PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24441.exe
        5⤵
        
        PID:2072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48631.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46959.exe
        5⤵
        
        PID:5388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2550.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2550.exe
      4⤵
      PID:1356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33276.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33276.exe
      4⤵
      PID:3932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17712.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41503.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41503.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42173.exe
      4⤵
      PID:1336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20592.exe
      4⤵
      PID:4060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38643.exe
      4⤵
      PID:4180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46300.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46300.exe
      4⤵
      PID:5104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57254.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57254.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61095.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61095.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21637.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21637.exe
    3⤵
    PID:4516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57003.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57003.exe
    3⤵
    PID:5248
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59509.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59509.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48016.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48016.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40315.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40315.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47004.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63195.exe
        6⤵
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64246.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26809.exe
        7⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37048.exe
        7⤵
        
        PID:4964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64094.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38560.exe
        6⤵
        
        PID:2400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46300.exe
        6⤵
        
        PID:4704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41959.exe
        5⤵
        
        PID:3004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17651.exe
        6⤵
        
        PID:3380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26809.exe
        6⤵
        
        PID:4084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37048.exe
        6⤵
        
        PID:4156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4422.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22024.exe
        5⤵
        
        PID:4232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63366.exe
        5⤵
        
        PID:4700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37252.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37252.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4767.exe
        5⤵
        
        PID:1000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47203.exe
        5⤵
        
        PID:3996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28751.exe
        5⤵
        
        PID:4408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62836.exe
        5⤵
        
        PID:5128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20365.exe
      4⤵
      PID:2288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48984.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48984.exe
      4⤵
      PID:3524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38560.exe
      4⤵
      PID:4280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23742.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23742.exe
      4⤵
      PID:5024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12281.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12281.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18224.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64430.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20016.exe
        5⤵
        
        PID:3852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38643.exe
        5⤵
        
        PID:4380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42837.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16552.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16552.exe
      4⤵
      PID:2572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43119.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43119.exe
      4⤵
      PID:3792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47225.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47225.exe
      4⤵
      PID:4212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45431.exe
      4⤵
      PID:5212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48850.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48850.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22931.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22931.exe
      4⤵
      PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17651.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57230.exe
        5⤵
        
        PID:4876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62836.exe
        5⤵
        
        PID:1880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44381.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44381.exe
      4⤵
      PID:3192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48565.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48565.exe
      4⤵
      PID:4880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46300.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46300.exe
      4⤵
      PID:4708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10221.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10221.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19286.exe
      4⤵
      PID:4760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53546.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53546.exe
      4⤵
      PID:5696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55316.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55316.exe
    3⤵
    PID:3116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17125.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17125.exe
    3⤵
    PID:3416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34778.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34778.exe
    3⤵
    PID:4456
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41529.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41529.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:3016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56651.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56651.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20086.exe
      4⤵
      PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36994.exe
        5⤵
        
        PID:908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29383.exe
        5⤵
        
        PID:3740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41360.exe
        5⤵
        
        PID:4332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5964.exe
        5⤵
        
        PID:4948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19187.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19187.exe
      4⤵
      PID:2764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14173.exe
      4⤵
      PID:3756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38560.exe
      4⤵
      PID:4300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28895.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28895.exe
      4⤵
      PID:5228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27138.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27138.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9199.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9199.exe
      4⤵
      PID:2180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24100.exe
      4⤵
      PID:3796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23907.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23907.exe
      4⤵
      PID:4584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54096.exe
      4⤵
      PID:5220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13951.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13951.exe
    3⤵
    PID:1056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33395.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33395.exe
    3⤵
    PID:3888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21107.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21107.exe
    3⤵
    PID:4552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46300.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46300.exe
    3⤵
    PID:5072
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33330.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33330.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42152.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42152.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10486.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10486.exe
      4⤵
      PID:2864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23468.exe
        5⤵
        
        PID:3876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34247.exe
        5⤵
        
        PID:3840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44381.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44381.exe
      4⤵
      PID:3176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40545.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40545.exe
      4⤵
      PID:3080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42913.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42913.exe
      4⤵
      PID:4720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21347.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21347.exe
    3⤵
    PID:1652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21578.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21578.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38643.exe
      4⤵
      PID:4144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23742.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23742.exe
      4⤵
      PID:4996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58116.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58116.exe
    3⤵
    PID:3220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36104.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36104.exe
    3⤵
    PID:4112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64974.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64974.exe
    3⤵
    PID:4808
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7148.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7148.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53849.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53849.exe
    3⤵
    PID:2140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51849.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51849.exe
      4⤵
      PID:4136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32357.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32357.exe
      4⤵
      PID:5412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50359.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50359.exe
    3⤵
    PID:3572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47225.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47225.exe
    3⤵
    PID:4204
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8500.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8500.exe
  2⤵
  PID:780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37329.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37329.exe
    3⤵
    PID:4384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13006.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13006.exe
    3⤵
    PID:4800
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56629.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56629.exe
  2⤵
  PID:3612
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60308.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60308.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4492
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40700.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40700.exe
  2⤵
  PID:4772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11730.exe

Filesize
468KB

MD5
f2b078d4e62a61760882d2f033a4ceb7

SHA1
8576a4c618a4999b3895db8641957cc918773ac6

SHA256
db5739d633f0ede9667d7d1f7b25616361a47cbf3a4d2eb18c2a5ec866e5b256

SHA512
bddf31a5b6eb218827f3690f4cff190d5860bfd64da227818fa099e5c98ce28400145f29f5742ebe4e70a64ca33ffc4490112027bcd7c5dba815feb742328665

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54876.exe

Filesize
468KB

MD5
8aadf3e6a8496153a4a5697ac31dff7e

SHA1
887d751f7c3819613163791a26fa156f23714374

SHA256
ffe042068daa4d0c03616bb48f27c2ae6626f48e115b35ddc50ee216900fecd1

SHA512
793c76144811db2968a227f37b2974640e76843e80182746bc45cb22e0807a8bcb339bbbfebab5dc000a742b2a71eea044f98f4a8ff323f4f407b3eeb9d5832a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56084.exe

Filesize
468KB

MD5
7d5ac1ffa8140217bde1aec74b92f068

SHA1
9c90b6cf969991558f0ed6d6bfaf2958c24c5ae6

SHA256
e3bef187134c959b10ee55c42a3bf5ba2da5158363e0a5ff26235c67d412231d

SHA512
c4a2d2dc0e77d619d019df406c5bfc332b5acd75a22bbe35733c114db76b4b9996794945c1f40bc1fd17c9249ef1e56424e35cb506b8e9362fd041043b568423

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59095.exe

Filesize
468KB

MD5
d57ec97e8a3d82fc675e65b2ed6fca5a

SHA1
c5e7ff696cd3128e8af620545483dd09ac645672

SHA256
ecf5d227aeb60700f540a52b29549232f704ebe484bed91684bd5ad3b3ebc421

SHA512
eaf31ce02e450d674eafa4bb3d61c51ba5088c76160157da99fc11e01570eea45a7e7da45c064a933e9c05feefb48b189e3ca014de977e9b7edad285a7b081e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9204.exe

Filesize
468KB

MD5
07548253b518f5f0d0d0a174155cf1c2

SHA1
e5d08bf606d189fa88bd6a23294c36d095f98966

SHA256
9c427ea210f4934773f7d65cbcd4596c39d4645c3c13240f054a92ef8bbf0a61

SHA512
08fabaea34d72804bffcb3f287bb24e2f7859c751d77bc14b4e29d6aa2a4d77f4c178706a54e20430901764426c27416b21d1838c2f9917e9af45bc737e85ef4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-102.exe

Filesize
468KB

MD5
ea05e29633739b2b9dc702f51ef1309a

SHA1
d935c8f820121d652424a77350057c75a1a05f96

SHA256
efb4168dd03ffbb64a21388edc86ec9f268066f723829fc620471f19f8b29f45

SHA512
3fb75d266a7b4b300816631e4bd2dcde86e7bb38ecab381bd75308419aef0a1665ca96059e73252aeb984136474a9fc7e94bc8c5b50e967ab637c2ecf01819a3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13760.exe

Filesize
468KB

MD5
1ad7f9e55f4e4cefc5fd12b13764d42d

SHA1
33b2b24c47f4352f389d1473c4af23f965483a6e

SHA256
19df4f5d0c8dcba66eeddc0b5531fa483f8677eb8f0f19c6d7b7f21fd5966bc9

SHA512
dd06cba650321a9fed8c1f13ce8aca19ecb065866ea3788fa2871534a02ee50f9221dffe4d9adff81d6c38bc7173a912eecac389976ac1ad1e2723a211e0df56

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18577.exe

Filesize
468KB

MD5
6f34d3cbdf8200ae2826a9f269c339eb

SHA1
ce7065be6b199b424cf9faf493653d442a5d746d

SHA256
71f97805387f1dccb4e7c33f1a99a039b08c90aa35ddab4d09075a356a705bbf

SHA512
83fe5653af961f5eabc6b964b6326feb22cc65fc8d854d78e69b05f5f47c32a3eaed42567d419907db57e9f10a11240d1fa5302093bf1a6c2376bf50f81345c4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35747.exe

Filesize
468KB

MD5
7409efa9025de55b9747335f717e0585

SHA1
0f43c5da07e2972c4c314106335309c743277f3e

SHA256
3e2b011eea57e13fe656f856007b86d306375864e14b99647f86cdf678a53c45

SHA512
61c5caac5eed2b5687cddba1c74591368b6b000efc4be6a4850ba8af73c10d2667dbbaa27366b60957c2bfacea23f3fda24a41b0fff535fa8a20927dc1750866

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37688.exe

Filesize
468KB

MD5
447bfb6bfce58c4f6481d17b6bcdfc21

SHA1
f5bb316eb931744351fbaf73a06611dd1aa3337a

SHA256
1af42a6750784808c142b74e12917340f47943d584be48996f2b9d41ddc2fb24

SHA512
ef53f306d54e2453ce195a345d684554ecdada81f1c5c1fe2d0a5b1ac803aceb4eb3fa79503fbc3e202b202ffdf0a249a064ce7d43df7194e1a2b9b7f48cdbc2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38591.exe

Filesize
468KB

MD5
018694364e417fbed074848340eb94b4

SHA1
781223f61d3612222882c786553c876c064fc1f8

SHA256
68ffbd37a7a85459c5114f60ad9660ceb4d33e3646dd67555fae1bebb62d1230

SHA512
9eafffa36dcc20a82708d037b29eb9881134184a0652918cf7d122df0abcce7a6069da00f946ae649023b9996e26a37d0f6e94208c731df2913e204f5a93e7bf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41529.exe

Filesize
468KB

MD5
a08ed74a93ee8459af74fbc698de8956

SHA1
083c6c2719e0027372d03ab3e0a2b72ed1bdb6f8

SHA256
053bc48eed994ff6dd222e58c31776da5e551fb3f18da07604a6a18e6b54319d

SHA512
12363e626d769f3c464be3282818ea497765c93f6bf7865fff8c477f84208adc3fff31503b4374e5a44514016f589113ffd76e5307cb46a77587efad778669e4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41794.exe

Filesize
468KB

MD5
f9fcefa4217276f803c28b0ac5456156

SHA1
809c7a8a8f3eedf290b0c700d14f2fa8dc71be03

SHA256
cf4cd29887fe3cb40be6fe9b1d873ff78c276c71e11e22615af0ebf1c10976e9

SHA512
99df693d42fe283692530f81684fdd6e2bbb27c90063cb14a4c3ec7cfe1f404e57c03a61ddca9a45736f7ecc418c642c25f73f770ad937dd3e44aba8a64ad376

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44020.exe

Filesize
468KB

MD5
a0f664a7ff7126aa4415e817be285a5f

SHA1
7869211944aafa05a470341a67eb708fb9fbb233

SHA256
5cb9c166706700cc83afd48110cf9f80ccc7b80164dbdeaefe8ef3caedd5c243

SHA512
ee2e2dacd9449ae81d96d5c26b9770c428690e73a06298439773e4ee3dff0fa74624d316076da4c425743c44ca699341a6590fc1ae8908fd6dd7e8badabe9701

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48016.exe

Filesize
468KB

MD5
728d08fffe72324d920e433a594cf799

SHA1
02ecc5c4be5ec8b42d5cc24b37e6951110aeacce

SHA256
947f73b1f881b731467664ead9e83f146df8d7b716ef4c14d3c7bad7bc0e82cc

SHA512
2d537d7bcdbc40303f28b8d2ddfd57cdefa65d626d10b1e9c6ba87f4bc041b24e876a94d98c5ba91b8d6a4811a93e39f4d286dce2981db141f7b4640bedbd164

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49469.exe

Filesize
468KB

MD5
c383f875c77c878c71ebd66420f37f0a

SHA1
5ab4b6de8c6de1a9ffddfd384ef0da16ff4e2c37

SHA256
3e90791e8fae8c631092e4030980d724f49f95a750c4282b5634945b5bd9d2ab

SHA512
2a7385d43369e78006ecfe61bac114d57a913c633b484e797495ecfb9e74bb612bb5a62a1692501d672d93a2731bd601306036aa9a9c4efb02b9065a05663aa7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5172.exe

Filesize
468KB

MD5
596ed30e3f356ee2d6d65afd8961c780

SHA1
21e8b7e914c4f7af9cbd9ee21686e231a72efb7c

SHA256
09b1e248bb631e50931ccd9d3944209c1ee352fca63ab895e237caa0073f48a6

SHA512
4169980c3b48dc6ab0dbe6e858db9133376979f25dd898edc948d6c96012d0bc7378c76eddfa7bc80e6e1ec55fbec627f1e2f87845608235162bd5313c9dad19

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53470.exe

Filesize
468KB

MD5
87bdd20844d875f6449ee503d74c7594

SHA1
6890d9e73b1d68c9c204f243af75fc421b9d3445

SHA256
c402d98daea9924de9101dc1f5db2af8a35889fcb5eebc0b97a7abb276bdf19f

SHA512
6c636388187a512a0ddf9bea29db122458eda5ef9cdc223aa765eb5096f10f21df518590a4c99a7f2395ccc215dd0055d4676f7b7330853d13a249e0732aa207

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59509.exe

Filesize
468KB

MD5
0e528a476f2142f0edbcde0f7fd0301b

SHA1
b35b100cc6edd42af5d352c24be7208f8f7f0ca7

SHA256
d203c6d5f4b62d924b8c2c9a3e62c7b571391b55c3b00d685ecb5e2c0a30b6f7

SHA512
7dea388be6a38bc2947fec0762fc3fb541d0247af53476ee61990c7a8bd723fe2d326b63aaa356c9fb4943e66d63ad3e6722e2264cc0b034ec5713c7ef295e25

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60268.exe

Filesize
468KB

MD5
fca8ae60a481a72855069105a053ac93

SHA1
d4ffec2bae79eacd11dd0490adbc8e76c543e66d

SHA256
715df057eb3b40efed3b2574ed47d621cb6933786dbf11332370d3458b438014

SHA512
fa673b02b6694abd543b912f7cce3b072d1127d35858ca3d83436fb8ad5a9c9d496a5fd1a47d2f019e3339c92e9e1f5244983820e7120cb2abd195106fa238ab

Download Submit