a6a1e1e2f604e0f45dd4c8a0fe47e4eaf6d5ad3d3fef72025b55d2c3624ab9f8

Analysis

max time kernel
120s
max time network
18s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02/10/2024, 22:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a6a1e1e2f604e0f45dd4c8a0fe47e4eaf6d5ad3d3fef72025b55d2c3624ab9f8N.exe
Size

468KB
MD5

2fa7ed2ec52c3a4d746a2d9852ee43d0
SHA1

2ed0c58281e5c27c7a5481d13f548ed38ada8370
SHA256

a6a1e1e2f604e0f45dd4c8a0fe47e4eaf6d5ad3d3fef72025b55d2c3624ab9f8
SHA512

c8d83c606d533985338939d8aec01b248442c106e59a3dd2532f4e50dcba50594674e86bae3ee8135d79e14a11f8de26e1fe8283df274ef0cf91ccd6aa042880
SSDEEP

3072:3GoWoEXvt05RDbYcH5uwvf8/uCyrP0pknLHewVZmCPheRP6j3mlU:3GZoQ8RDPHQwvf1YlzCP4d6j3

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2824	Unicorn-39403.exe
2768	Unicorn-47654.exe
2860	Unicorn-50347.exe
1160	Unicorn-58583.exe
2868	Unicorn-58583.exe
2132	Unicorn-22381.exe
2956	Unicorn-40201.exe
824	Unicorn-36.exe
2820	Unicorn-56014.exe
2364	Unicorn-49237.exe
1652	Unicorn-44338.exe
3040	Unicorn-51951.exe
3008	Unicorn-21225.exe
2904	Unicorn-4623.exe
2172	Unicorn-64295.exe
1320	Unicorn-59626.exe
584	Unicorn-38390.exe
2508	Unicorn-5355.exe
2500	Unicorn-17608.exe
1612	Unicorn-19554.exe
1920	Unicorn-48889.exe
948	Unicorn-19288.exe
2496	Unicorn-10623.exe
2128	Unicorn-21692.exe
1992	Unicorn-24192.exe
2952	Unicorn-35890.exe
1524	Unicorn-27621.exe
2268	Unicorn-60394.exe
1080	Unicorn-48718.exe
524	Unicorn-14462.exe
2532	Unicorn-28197.exe
1640	Unicorn-2916.exe
1620	Unicorn-3471.exe
2572	Unicorn-41811.exe
2964	Unicorn-10984.exe
2332	Unicorn-23721.exe
2780	Unicorn-53056.exe
2852	Unicorn-40633.exe
2948	Unicorn-30881.exe
1608	Unicorn-56777.exe
2680	Unicorn-43709.exe
2648	Unicorn-63575.exe
2704	Unicorn-19205.exe
1452	Unicorn-4068.exe
2616	Unicorn-34795.exe
2620	Unicorn-47602.exe
2356	Unicorn-31394.exe
3052	Unicorn-56860.exe
2392	Unicorn-56860.exe
2992	Unicorn-34201.exe
3064	Unicorn-34009.exe
2224	Unicorn-40140.exe
2708	Unicorn-40140.exe
2988	Unicorn-56482.exe
1028	Unicorn-32639.exe
320	Unicorn-22242.exe
2512	Unicorn-43408.exe
2428	Unicorn-3767.exe
960	Unicorn-38578.exe
2228	Unicorn-50132.exe
2188	Unicorn-50952.exe
2540	Unicorn-5280.exe
1020	Unicorn-4657.exe
540	Unicorn-63417.exe

Loads dropped DLL 64 IoCs

pid	Process
1656	a6a1e1e2f604e0f45dd4c8a0fe47e4eaf6d5ad3d3fef72025b55d2c3624ab9f8N.exe
1656	a6a1e1e2f604e0f45dd4c8a0fe47e4eaf6d5ad3d3fef72025b55d2c3624ab9f8N.exe
2824	Unicorn-39403.exe
1656	a6a1e1e2f604e0f45dd4c8a0fe47e4eaf6d5ad3d3fef72025b55d2c3624ab9f8N.exe
2824	Unicorn-39403.exe
1656	a6a1e1e2f604e0f45dd4c8a0fe47e4eaf6d5ad3d3fef72025b55d2c3624ab9f8N.exe
2860	Unicorn-50347.exe
2768	Unicorn-47654.exe
2824	Unicorn-39403.exe
2860	Unicorn-50347.exe
2768	Unicorn-47654.exe
2824	Unicorn-39403.exe
1656	a6a1e1e2f604e0f45dd4c8a0fe47e4eaf6d5ad3d3fef72025b55d2c3624ab9f8N.exe
1656	a6a1e1e2f604e0f45dd4c8a0fe47e4eaf6d5ad3d3fef72025b55d2c3624ab9f8N.exe
1160	Unicorn-58583.exe
1160	Unicorn-58583.exe
2860	Unicorn-50347.exe
2860	Unicorn-50347.exe
2868	Unicorn-58583.exe
2868	Unicorn-58583.exe
2768	Unicorn-47654.exe
2132	Unicorn-22381.exe
2768	Unicorn-47654.exe
2956	Unicorn-40201.exe
2956	Unicorn-40201.exe
1656	a6a1e1e2f604e0f45dd4c8a0fe47e4eaf6d5ad3d3fef72025b55d2c3624ab9f8N.exe
2824	Unicorn-39403.exe
2132	Unicorn-22381.exe
1656	a6a1e1e2f604e0f45dd4c8a0fe47e4eaf6d5ad3d3fef72025b55d2c3624ab9f8N.exe
2824	Unicorn-39403.exe
824	Unicorn-36.exe
824	Unicorn-36.exe
1160	Unicorn-58583.exe
1160	Unicorn-58583.exe
2904	Unicorn-4623.exe
2172	Unicorn-64295.exe
2904	Unicorn-4623.exe
2172	Unicorn-64295.exe
2364	Unicorn-49237.exe
2364	Unicorn-49237.exe
2824	Unicorn-39403.exe
2824	Unicorn-39403.exe
2868	Unicorn-58583.exe
2868	Unicorn-58583.exe
1656	a6a1e1e2f604e0f45dd4c8a0fe47e4eaf6d5ad3d3fef72025b55d2c3624ab9f8N.exe
3008	Unicorn-21225.exe
1656	a6a1e1e2f604e0f45dd4c8a0fe47e4eaf6d5ad3d3fef72025b55d2c3624ab9f8N.exe
3008	Unicorn-21225.exe
2132	Unicorn-22381.exe
2132	Unicorn-22381.exe
2820	Unicorn-56014.exe
2820	Unicorn-56014.exe
2860	Unicorn-50347.exe
2860	Unicorn-50347.exe
1652	Unicorn-44338.exe
1652	Unicorn-44338.exe
3040	Unicorn-51951.exe
3040	Unicorn-51951.exe
2956	Unicorn-40201.exe
2768	Unicorn-47654.exe
2956	Unicorn-40201.exe
2768	Unicorn-47654.exe
1320	Unicorn-59626.exe
1320	Unicorn-59626.exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56777.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31932.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52430.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49231.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39532.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19093.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19200.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21692.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40140.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36531.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33899.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14034.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44029.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15192.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27344.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58740.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16665.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57384.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48340.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61673.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61466.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-324.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56854.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20228.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57662.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43454.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33599.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4657.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19345.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41229.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34336.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18670.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24693.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47654.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30881.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36266.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39109.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52430.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34961.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4623.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19288.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1890.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15435.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48313.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2916.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10984.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5280.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28378.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31987.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41518.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49773.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49542.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5127.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9592.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19250.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34839.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55751.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20811.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3553.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33094.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56289.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-373.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4599.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61974.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1656	a6a1e1e2f604e0f45dd4c8a0fe47e4eaf6d5ad3d3fef72025b55d2c3624ab9f8N.exe
2824	Unicorn-39403.exe
2768	Unicorn-47654.exe
2860	Unicorn-50347.exe
2868	Unicorn-58583.exe
1160	Unicorn-58583.exe
2132	Unicorn-22381.exe
2956	Unicorn-40201.exe
824	Unicorn-36.exe
2364	Unicorn-49237.exe
1652	Unicorn-44338.exe
2820	Unicorn-56014.exe
2172	Unicorn-64295.exe
3008	Unicorn-21225.exe
2904	Unicorn-4623.exe
3040	Unicorn-51951.exe
1320	Unicorn-59626.exe
584	Unicorn-38390.exe
2508	Unicorn-5355.exe
2496	Unicorn-10623.exe
1612	Unicorn-19554.exe
2500	Unicorn-17608.exe
948	Unicorn-19288.exe
1920	Unicorn-48889.exe
2128	Unicorn-21692.exe
1992	Unicorn-24192.exe
2952	Unicorn-35890.exe
1524	Unicorn-27621.exe
2268	Unicorn-60394.exe
1080	Unicorn-48718.exe
2532	Unicorn-28197.exe
524	Unicorn-14462.exe
1640	Unicorn-2916.exe
2572	Unicorn-41811.exe
1620	Unicorn-3471.exe
2964	Unicorn-10984.exe
2332	Unicorn-23721.exe
2780	Unicorn-53056.exe
2852	Unicorn-40633.exe
2948	Unicorn-30881.exe
1608	Unicorn-56777.exe
2680	Unicorn-43709.exe
2648	Unicorn-63575.exe
2704	Unicorn-19205.exe
1452	Unicorn-4068.exe
2620	Unicorn-47602.exe
2616	Unicorn-34795.exe
2356	Unicorn-31394.exe
2392	Unicorn-56860.exe
3052	Unicorn-56860.exe
2992	Unicorn-34201.exe
2224	Unicorn-40140.exe
3064	Unicorn-34009.exe
2708	Unicorn-40140.exe
1028	Unicorn-32639.exe
320	Unicorn-22242.exe
2988	Unicorn-56482.exe
2512	Unicorn-43408.exe
2428	Unicorn-3767.exe
960	Unicorn-38578.exe
2228	Unicorn-50132.exe
2188	Unicorn-50952.exe
2540	Unicorn-5280.exe
1020	Unicorn-4657.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1656 wrote to memory of 2824	1656	a6a1e1e2f604e0f45dd4c8a0fe47e4eaf6d5ad3d3fef72025b55d2c3624ab9f8N.exe	29
PID 1656 wrote to memory of 2824	1656	a6a1e1e2f604e0f45dd4c8a0fe47e4eaf6d5ad3d3fef72025b55d2c3624ab9f8N.exe	29
PID 1656 wrote to memory of 2824	1656	a6a1e1e2f604e0f45dd4c8a0fe47e4eaf6d5ad3d3fef72025b55d2c3624ab9f8N.exe	29
PID 1656 wrote to memory of 2824	1656	a6a1e1e2f604e0f45dd4c8a0fe47e4eaf6d5ad3d3fef72025b55d2c3624ab9f8N.exe	29
PID 2824 wrote to memory of 2768	2824	Unicorn-39403.exe	30
PID 2824 wrote to memory of 2768	2824	Unicorn-39403.exe	30
PID 2824 wrote to memory of 2768	2824	Unicorn-39403.exe	30
PID 2824 wrote to memory of 2768	2824	Unicorn-39403.exe	30
PID 1656 wrote to memory of 2860	1656	a6a1e1e2f604e0f45dd4c8a0fe47e4eaf6d5ad3d3fef72025b55d2c3624ab9f8N.exe	31
PID 1656 wrote to memory of 2860	1656	a6a1e1e2f604e0f45dd4c8a0fe47e4eaf6d5ad3d3fef72025b55d2c3624ab9f8N.exe	31
PID 1656 wrote to memory of 2860	1656	a6a1e1e2f604e0f45dd4c8a0fe47e4eaf6d5ad3d3fef72025b55d2c3624ab9f8N.exe	31
PID 1656 wrote to memory of 2860	1656	a6a1e1e2f604e0f45dd4c8a0fe47e4eaf6d5ad3d3fef72025b55d2c3624ab9f8N.exe	31
PID 2860 wrote to memory of 1160	2860	Unicorn-50347.exe	32
PID 2860 wrote to memory of 1160	2860	Unicorn-50347.exe	32
PID 2860 wrote to memory of 1160	2860	Unicorn-50347.exe	32
PID 2860 wrote to memory of 1160	2860	Unicorn-50347.exe	32
PID 2768 wrote to memory of 2868	2768	Unicorn-47654.exe	33
PID 2768 wrote to memory of 2868	2768	Unicorn-47654.exe	33
PID 2768 wrote to memory of 2868	2768	Unicorn-47654.exe	33
PID 2768 wrote to memory of 2868	2768	Unicorn-47654.exe	33
PID 2824 wrote to memory of 2132	2824	Unicorn-39403.exe	34
PID 2824 wrote to memory of 2132	2824	Unicorn-39403.exe	34
PID 2824 wrote to memory of 2132	2824	Unicorn-39403.exe	34
PID 2824 wrote to memory of 2132	2824	Unicorn-39403.exe	34
PID 1656 wrote to memory of 2956	1656	a6a1e1e2f604e0f45dd4c8a0fe47e4eaf6d5ad3d3fef72025b55d2c3624ab9f8N.exe	35
PID 1656 wrote to memory of 2956	1656	a6a1e1e2f604e0f45dd4c8a0fe47e4eaf6d5ad3d3fef72025b55d2c3624ab9f8N.exe	35
PID 1656 wrote to memory of 2956	1656	a6a1e1e2f604e0f45dd4c8a0fe47e4eaf6d5ad3d3fef72025b55d2c3624ab9f8N.exe	35
PID 1656 wrote to memory of 2956	1656	a6a1e1e2f604e0f45dd4c8a0fe47e4eaf6d5ad3d3fef72025b55d2c3624ab9f8N.exe	35
PID 1160 wrote to memory of 824	1160	Unicorn-58583.exe	36
PID 1160 wrote to memory of 824	1160	Unicorn-58583.exe	36
PID 1160 wrote to memory of 824	1160	Unicorn-58583.exe	36
PID 1160 wrote to memory of 824	1160	Unicorn-58583.exe	36
PID 2860 wrote to memory of 2820	2860	Unicorn-50347.exe	37
PID 2860 wrote to memory of 2820	2860	Unicorn-50347.exe	37
PID 2860 wrote to memory of 2820	2860	Unicorn-50347.exe	37
PID 2860 wrote to memory of 2820	2860	Unicorn-50347.exe	37
PID 2868 wrote to memory of 2364	2868	Unicorn-58583.exe	38
PID 2868 wrote to memory of 2364	2868	Unicorn-58583.exe	38
PID 2868 wrote to memory of 2364	2868	Unicorn-58583.exe	38
PID 2868 wrote to memory of 2364	2868	Unicorn-58583.exe	38
PID 2768 wrote to memory of 1652	2768	Unicorn-47654.exe	39
PID 2768 wrote to memory of 1652	2768	Unicorn-47654.exe	39
PID 2768 wrote to memory of 1652	2768	Unicorn-47654.exe	39
PID 2768 wrote to memory of 1652	2768	Unicorn-47654.exe	39
PID 2956 wrote to memory of 3040	2956	Unicorn-40201.exe	41
PID 2956 wrote to memory of 3040	2956	Unicorn-40201.exe	41
PID 2956 wrote to memory of 3040	2956	Unicorn-40201.exe	41
PID 2956 wrote to memory of 3040	2956	Unicorn-40201.exe	41
PID 2132 wrote to memory of 3008	2132	Unicorn-22381.exe	40
PID 2132 wrote to memory of 3008	2132	Unicorn-22381.exe	40
PID 2132 wrote to memory of 3008	2132	Unicorn-22381.exe	40
PID 2132 wrote to memory of 3008	2132	Unicorn-22381.exe	40
PID 1656 wrote to memory of 2904	1656	a6a1e1e2f604e0f45dd4c8a0fe47e4eaf6d5ad3d3fef72025b55d2c3624ab9f8N.exe	42
PID 1656 wrote to memory of 2904	1656	a6a1e1e2f604e0f45dd4c8a0fe47e4eaf6d5ad3d3fef72025b55d2c3624ab9f8N.exe	42
PID 1656 wrote to memory of 2904	1656	a6a1e1e2f604e0f45dd4c8a0fe47e4eaf6d5ad3d3fef72025b55d2c3624ab9f8N.exe	42
PID 1656 wrote to memory of 2904	1656	a6a1e1e2f604e0f45dd4c8a0fe47e4eaf6d5ad3d3fef72025b55d2c3624ab9f8N.exe	42
PID 2824 wrote to memory of 2172	2824	Unicorn-39403.exe	43
PID 2824 wrote to memory of 2172	2824	Unicorn-39403.exe	43
PID 2824 wrote to memory of 2172	2824	Unicorn-39403.exe	43
PID 2824 wrote to memory of 2172	2824	Unicorn-39403.exe	43
PID 824 wrote to memory of 1320	824	Unicorn-36.exe	44
PID 824 wrote to memory of 1320	824	Unicorn-36.exe	44
PID 824 wrote to memory of 1320	824	Unicorn-36.exe	44
PID 824 wrote to memory of 1320	824	Unicorn-36.exe	44

C:\Users\Admin\AppData\Local\Temp\a6a1e1e2f604e0f45dd4c8a0fe47e4eaf6d5ad3d3fef72025b55d2c3624ab9f8N.exe
"C:\Users\Admin\AppData\Local\Temp\a6a1e1e2f604e0f45dd4c8a0fe47e4eaf6d5ad3d3fef72025b55d2c3624ab9f8N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1656
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39403.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39403.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47654.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47654.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58583.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58583.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49237.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19554.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40633.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3767.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33708.exe
        9⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40147.exe
        9⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31970.exe
        9⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5225.exe
        9⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31987.exe
        9⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61673.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1890.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31970.exe
        8⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31247.exe
        8⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41759.exe
        8⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50952.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41518.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-324.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48154.exe
        8⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8888.exe
        8⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44537.exe
        8⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41117.exe
        7⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49281.exe
        7⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24933.exe
        7⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40318.exe
        7⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30965.exe
        7⤵
        
        PID:4196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30881.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51378.exe
        7⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15192.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33857.exe
        7⤵
        
        PID:4476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30400.exe
        6⤵
        
        PID:1596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2536.exe
        6⤵
        
        PID:1152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33094.exe
        6⤵
        
        PID:3464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49231.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26652.exe
        6⤵
        
        PID:4904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48889.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56860.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31932.exe
        6⤵
        
        PID:2800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52845.exe
        6⤵
        
        PID:2760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58295.exe
        6⤵
        
        PID:3348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53697.exe
        6⤵
        
        PID:4796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53518.exe
        6⤵
        
        PID:4496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34201.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9831.exe
        6⤵
        
        PID:1600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33899.exe
        6⤵
        
        PID:2916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27484.exe
        6⤵
        
        PID:3392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47050.exe
        6⤵
        
        PID:3640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12780.exe
        6⤵
        
        PID:3224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24693.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7428.exe
        5⤵
        
        PID:2408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44835.exe
        5⤵
        
        PID:2292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8149.exe
        5⤵
        
        PID:3428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38915.exe
        5⤵
        
        PID:3684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61401.exe
        5⤵
        
        PID:3720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57871.exe
        5⤵
        
        PID:4996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44338.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60394.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56777.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60013.exe
        7⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55322.exe
        7⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44029.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16665.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46012.exe
        6⤵
        
        PID:3080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15435.exe
        6⤵
        
        PID:4060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48313.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13430.exe
        6⤵
        
        PID:4760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43709.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30400.exe
        5⤵
        
        PID:1740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26450.exe
        5⤵
        
        PID:3740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5127.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39532.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28197.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38578.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47635.exe
        5⤵
        
        PID:808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3553.exe
        5⤵
        
        PID:3676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40145.exe
        5⤵
        
        PID:3800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63207.exe
        5⤵
        
        PID:4888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50132.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50132.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34430.exe
        5⤵
        
        PID:4516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54222.exe
        5⤵
        
        PID:4664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7071.exe
      4⤵
      PID:1780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48091.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48091.exe
      4⤵
      PID:1660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10970.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10970.exe
      4⤵
      PID:3088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52173.exe
      4⤵
      PID:3808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54647.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54647.exe
      4⤵
      PID:4660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22381.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22381.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21225.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21225.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:3008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21692.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63575.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50729.exe
        7⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39109.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40636.exe
        7⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47783.exe
        7⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59312.exe
        7⤵
        
        PID:4632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16665.exe
        6⤵
        
        PID:936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24684.exe
        6⤵
        
        PID:3376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60744.exe
        6⤵
        
        PID:2720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56289.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20228.exe
        6⤵
        
        PID:4276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19205.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36531.exe
        6⤵
        
        PID:2876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39109.exe
        6⤵
        
        PID:2064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52430.exe
        6⤵
        
        PID:3364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17553.exe
        6⤵
        
        PID:3604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18670.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30400.exe
        5⤵
        
        PID:872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32068.exe
        5⤵
        
        PID:964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15435.exe
        5⤵
        
        PID:4028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48313.exe
        5⤵
        
        PID:3344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20228.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24192.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40140.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57205.exe
        5⤵
        
        PID:2624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26202.exe
        5⤵
        
        PID:1744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58295.exe
        5⤵
        
        PID:3404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8888.exe
        5⤵
        
        PID:1632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44537.exe
        5⤵
        
        PID:4740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32639.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32639.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30387.exe
        5⤵
        
        PID:328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1938.exe
        5⤵
        
        PID:3140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1574.exe
        5⤵
        
        PID:3608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19250.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33827.exe
      4⤵
      PID:2980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20811.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20811.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58016.exe
      4⤵
      PID:3216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8434.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8434.exe
      4⤵
      PID:4304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56894.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56894.exe
      4⤵
      PID:4164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64295.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64295.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17608.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17608.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20522.exe
        5⤵
        
        PID:2812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33899.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27484.exe
        5⤵
        
        PID:3480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49542.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24639.exe
        5⤵
        
        PID:4336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7262.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7262.exe
      4⤵
      PID:2972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49773.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49773.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3553.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3553.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9592.exe
      4⤵
      PID:3152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12594.exe
      4⤵
      PID:4608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19288.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19288.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40140.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2815.exe
        5⤵
        
        PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39301.exe
        5⤵
        
        PID:2052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11781.exe
        5⤵
        
        PID:2284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8508.exe
        5⤵
        
        PID:4296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41229.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34096.exe
      4⤵
      PID:1684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27956.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27956.exe
      4⤵
      PID:656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11040.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11040.exe
      4⤵
      PID:3984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26127.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26127.exe
      4⤵
      PID:3968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14522.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14522.exe
      4⤵
      PID:4456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56482.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56482.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18000.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18000.exe
      4⤵
      PID:1220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33899.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33899.exe
      4⤵
      PID:2340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27484.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27484.exe
      4⤵
      PID:3408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18815.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18815.exe
      4⤵
      PID:3112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14034.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14034.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23284.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23284.exe
      4⤵
      PID:4844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48340.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48340.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45365.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45365.exe
    3⤵
    PID:1628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3684.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3684.exe
    3⤵
    PID:3416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12049.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12049.exe
    3⤵
    PID:3736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24962.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24962.exe
    3⤵
    PID:4212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34336.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34336.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4916
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50347.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50347.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58583.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58583.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59626.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2916.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5280.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26319.exe
        8⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28378.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43453.exe
        8⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47635.exe
        7⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33350.exe
        7⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38385.exe
        7⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49721.exe
        7⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17981.exe
        7⤵
        
        PID:4588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4657.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45222.exe
        6⤵
        
        PID:2020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16049.exe
        6⤵
        
        PID:3244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10583.exe
        6⤵
        
        PID:1736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48313.exe
        6⤵
        
        PID:3232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3471.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8269.exe
        6⤵
        
        PID:3016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33899.exe
        6⤵
        
        PID:1276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27484.exe
        6⤵
        
        PID:3488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49542.exe
        6⤵
        
        PID:3188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28744.exe
        6⤵
        
        PID:4948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23819.exe
        6⤵
        
        PID:5004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55232.exe
        5⤵
        
        PID:2688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8736.exe
        6⤵
        
        PID:2088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47278.exe
        6⤵
        
        PID:2924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52430.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21637.exe
        6⤵
        
        PID:3812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34430.exe
        6⤵
        
        PID:4696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36266.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51538.exe
        5⤵
        
        PID:1000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50160.exe
        5⤵
        
        PID:3332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26782.exe
        5⤵
        
        PID:4000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8095.exe
        5⤵
        
        PID:4816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38390.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38390.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41811.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22242.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36531.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5336.exe
        7⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31970.exe
        7⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61974.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17981.exe
        7⤵
        
        PID:4528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34375.exe
        6⤵
        
        PID:1760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61616.exe
        6⤵
        
        PID:1188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15435.exe
        6⤵
        
        PID:4076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48313.exe
        6⤵
        
        PID:3456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20228.exe
        6⤵
        
        PID:4592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43408.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35904.exe
        6⤵
        
        PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9871.exe
        5⤵
        
        PID:2096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7755.exe
        5⤵
        
        PID:836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19345.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44379.exe
        5⤵
        
        PID:4312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27344.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10984.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10984.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11834.exe
        5⤵
        
        PID:2656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33350.exe
        5⤵
        
        PID:3440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38385.exe
        5⤵
        
        PID:3708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29109.exe
        5⤵
        
        PID:3176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22286.exe
      4⤵
      PID:1056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25156.exe
      4⤵
      PID:2476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8398.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8398.exe
      4⤵
      PID:3884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26658.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26658.exe
      4⤵
      PID:3844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9434.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9434.exe
      4⤵
      PID:4184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56014.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56014.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35890.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4068.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19043.exe
        6⤵
        
        PID:1488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-324.exe
        6⤵
        
        PID:2900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9643.exe
        6⤵
        
        PID:3104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12701.exe
        6⤵
        
        PID:3548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34430.exe
        6⤵
        
        PID:4688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54408.exe
        5⤵
        
        PID:1164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61013.exe
        5⤵
        
        PID:2256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31970.exe
        5⤵
        
        PID:4044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37853.exe
        5⤵
        
        PID:4132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34961.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47602.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47602.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43454.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16183.exe
        5⤵
        
        PID:3632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50583.exe
        5⤵
        
        PID:3764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49894.exe
        5⤵
        
        PID:4100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30400.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30400.exe
      4⤵
      PID:2288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58710.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58710.exe
      4⤵
      PID:1184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15435.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15435.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12475.exe
      4⤵
      PID:4704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6232.exe
      4⤵
      PID:4676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27621.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27621.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43656.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43656.exe
      4⤵
      PID:1484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14221.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14221.exe
      4⤵
      PID:2996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21511.exe
      4⤵
      PID:3992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34793.exe
      4⤵
      PID:3948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31057.exe
      4⤵
      PID:4428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34839.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34839.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54046.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54046.exe
    3⤵
    PID:2960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54885.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54885.exe
    3⤵
    PID:3788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43896.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43896.exe
    3⤵
    PID:4788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30852.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30852.exe
    3⤵
    PID:4896
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40201.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40201.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51951.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51951.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:3040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48718.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48718.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63417.exe
        5⤵
        Executes dropped EXE
        
        PID:540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-760.exe
        5⤵
        
        PID:2024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55751.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2280.exe
        5⤵
        
        PID:3280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-373.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63207.exe
        5⤵
        
        PID:4868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45005.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45005.exe
      4⤵
      PID:2168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57662.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43110.exe
        5⤵
        
        PID:2872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4599.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65519.exe
        5⤵
        
        PID:3780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35141.exe
        5⤵
        
        PID:4352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30919.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30919.exe
      4⤵
      PID:2888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31985.exe
      4⤵
      PID:2344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2375.exe
      4⤵
      PID:4016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9592.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-861.exe
      4⤵
      PID:4436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14462.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14462.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56860.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56860.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29178.exe
        5⤵
        
        PID:2592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13749.exe
        5⤵
        
        PID:3496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41185.exe
        5⤵
        
        PID:1548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64424.exe
        5⤵
        
        PID:3340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22446.exe
        5⤵
        
        PID:4656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31932.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31932.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40110.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40110.exe
      4⤵
      PID:3724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57384.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57384.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9434.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9434.exe
      4⤵
      PID:4192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34009.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34009.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61466.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61466.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56214.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56214.exe
      4⤵
      PID:2244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52430.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21637.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21637.exe
      4⤵
      PID:3756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32944.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32944.exe
      4⤵
      PID:5040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11268.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11268.exe
    3⤵
    PID:2564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50045.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50045.exe
    3⤵
    PID:2360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33094.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33094.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13502.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13502.exe
    3⤵
    PID:1492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63207.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63207.exe
    3⤵
    PID:4876
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4623.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4623.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5355.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5355.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23721.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64870.exe
        5⤵
        
        PID:756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3692.exe
        6⤵
        
        PID:2404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61777.exe
        6⤵
        
        PID:2012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4599.exe
        6⤵
        
        PID:3828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45645.exe
        6⤵
        
        PID:3100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50010.exe
        6⤵
        
        PID:1400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2685.exe
        5⤵
        
        PID:1820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27956.exe
        5⤵
        
        PID:956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33599.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56854.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13899.exe
        5⤵
        
        PID:4232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46759.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46759.exe
      4⤵
      PID:368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47635.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47635.exe
      4⤵
      PID:2384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33350.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33350.exe
      4⤵
      PID:3512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33006.exe
      4⤵
      PID:3156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31100.exe
      4⤵
      PID:4328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20228.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20228.exe
      4⤵
      PID:4604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53056.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53056.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49665.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49665.exe
      4⤵
      PID:2324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19043.exe
        5⤵
        
        PID:860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26966.exe
        5⤵
        
        PID:2836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4599.exe
        5⤵
        
        PID:3836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39615.exe
        5⤵
        
        PID:1388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2135.exe
        5⤵
        
        PID:4940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47723.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47723.exe
      4⤵
      PID:2492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33822.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33822.exe
      4⤵
      PID:1588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24933.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24933.exe
      4⤵
      PID:3912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9418.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9418.exe
      4⤵
      PID:3256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40072.exe
      4⤵
      PID:4732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58740.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58740.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36531.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36531.exe
      4⤵
      PID:2644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33350.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33350.exe
      4⤵
      PID:3528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64835.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64835.exe
      4⤵
      PID:3932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30562.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30562.exe
      4⤵
      PID:4200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19200.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19200.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36266.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36266.exe
    3⤵
    PID:2036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25215.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25215.exe
    3⤵
    PID:3368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56278.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56278.exe
    3⤵
    PID:944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29423.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29423.exe
    3⤵
    PID:4092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19093.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19093.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4156
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10623.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10623.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34795.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34795.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3941.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3941.exe
      4⤵
      PID:1616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39685.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39685.exe
      4⤵
      PID:2828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52430.exe
      4⤵
      PID:3320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56448.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56448.exe
      4⤵
      PID:3148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18670.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18670.exe
      4⤵
      PID:4936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16665.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16665.exe
    3⤵
    PID:1768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11201.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11201.exe
    3⤵
    PID:1084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49630.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49630.exe
    3⤵
    PID:3472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5225.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5225.exe
    3⤵
    PID:4772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31987.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31987.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4840
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31394.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31394.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30444.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30444.exe
    3⤵
    PID:1308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33899.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33899.exe
    3⤵
    PID:1692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27484.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27484.exe
    3⤵
    PID:3384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49542.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49542.exe
    3⤵
    PID:3220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48844.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48844.exe
    3⤵
    PID:4360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28479.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28479.exe
    3⤵
    PID:4180
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5707.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5707.exe
  2⤵
  PID:2724
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23834.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23834.exe
  2⤵
  PID:2884
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63886.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63886.exe
  2⤵
  PID:3504
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16249.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16249.exe
  2⤵
  PID:1624
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5887.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5887.exe
  2⤵
  PID:3864
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38694.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38694.exe
  2⤵
  PID:4248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-22381.exe

Filesize
468KB

MD5
d24e42471d2f63cf25a6cb1b4086cc12

SHA1
c06a1cae6dc36d5610e6a8d732614ea56ec18bd3

SHA256
0d5e4f65fede69b3e8f4f12c3d7ac032a8887bdb8d4f394c66fd84aaed8c6ff3

SHA512
f29f9b397ca1d1537a5b805caaa85d49bec1e0e19738f1c151171b5adeffc5e86a7d9a15e0f66283a9b47372d0b0c1bdb02784601a719e1eb950e0adc5d09b56

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40201.exe

Filesize
468KB

MD5
32168b6c74691b52d7a1ee5d418d7704

SHA1
b0e275ff126b289d7debd590deb03f476ccebf3b

SHA256
3559d1a1e7da0bc2192457e8882abf034502d043c02382307ab04de7d3323c17

SHA512
cef68a095799cfc0de113163749480271415239bc24bce83f5ee74c4bd3731c2517ff28a8e75d467df205ef3dbca3776b7628b03ff995225c8c32f2993ad1f52

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44338.exe

Filesize
468KB

MD5
6dd3e1a6027e8ffe02246ffd44481c2a

SHA1
964b5a12679d822fc3e3f336a67ccdd56034147b

SHA256
39df4bd3725eabd58eaa41b5895858715b4d29acb14b6a4cbf6be279097450f9

SHA512
a5383bb1f3f12abad966303ae336255deedb0ce193ad0d12b284ae2449e1a8221e695c9cc98c3858dc3e73c6c93d22c4365b8a08867abe74a8bb70b1ceac8edd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47783.exe

Filesize
468KB

MD5
4d8b906e6290031160abb253f136691a

SHA1
31152b29403e6d2678a6e3e1941fd1bf0bc1737f

SHA256
1a2bd94332e41931e240f19bfa0200747a9cad6fb51f7ae0cd2478a7224a35fa

SHA512
a2971590a5a1fea9b406795bce37addc96ecb619a483ab1f76724346228c4f24d5c2fac5d37e58205f1dbfdf3a69502ddbe8db8c168ef1f54c74f26f57e9a63f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52173.exe

Filesize
468KB

MD5
2f40265e40f2ad8fecdf4b31b4e73f18

SHA1
05ed8579636ddcc6a41c50d32877ec5e0156e639

SHA256
382a99bef3b688caa3f6ec98e98c3d43b9001fb89f733cb4e412aa39024c43b4

SHA512
d10b7e9fb6a5a309925984272224b564a846ac81e09b75b6e89810625f085926ea7db0ffe942eabb8d26aba42cbe0b0cbe1979449340ba0a82f62ed712bf8f1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58583.exe

Filesize
468KB

MD5
cadf9fce3d818d13f6e71b1524ed175e

SHA1
e5bd34799ffa5abb17ae99e675de4cc27844e39f

SHA256
9f54fbf432ffd90727f67c7d83bf4737100c395de97fe0594d5ca29ef11f3907

SHA512
3444e865ed9ba77f0bf3cc8a7c008d27559ba4c73e83aed21c016a98acee8039a6585b802d6bec3bc18b1a081e84e5819006e9b0b67ecf1218a79219791bfc8f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17608.exe

Filesize
468KB

MD5
7d13db2a67fef892c7b424d7d87b0703

SHA1
c2f9165f5a49f39274bd3d988d34d074ebf6b22e

SHA256
b9ae7c251d5452e10d93494116871e3448cb78dd0194e0326967c629c4009dc5

SHA512
9c45c1806fe9895c9cc167e75785d78b44f77512ecf8cdd5b59c52ccb4ca84de1c4718bb83824ad19f9bd6c0bdd03085dd48addd583f7979cfcce15f7cee5ade

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21225.exe

Filesize
468KB

MD5
43c99a595bb76676ef8c64929dbed5e1

SHA1
52fc9ca4f44d995589929fc27e313a81f8ad1107

SHA256
ef1fa78e23c278849bf793b602c9618da270136b83ac0494a5c9b6fb81f5aefc

SHA512
9919d0e4632aca940b6d6f035a5d8145620d087ffe14623c6c9e029296ab3735f5a5b9a2361ceb49d076534594c92acce5dc0d0219bdb49ce372d16225895d8b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36.exe

Filesize
468KB

MD5
e3c24d763d101b67fae662e9ebf471d8

SHA1
25d13bdb9cb972e4d782e2a71792521b15514d7f

SHA256
fad75fb0ccdab62a3d0d1ddd9755ca05926fdfb1ba1a80b460b4db06b53347db

SHA512
8fdf608f7feb919d6e32ba5bd898ca778fdf5463a5a6efeb97d2ec48b6c731cf14b4311f8e1cfd1a17596b9ebf2df9e1d36e5a00778b4490378897ca5cce5822

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38390.exe

Filesize
468KB

MD5
a8f1c21bcb1151283988bd86119cc6bc

SHA1
4f97fab88867338a3b267d768d094c52449a5e51

SHA256
3b1e052926bc788015162b1a9e8df0d705eaa8dcda0bf833c10c90e03108ea9c

SHA512
403b533cc6dfa714a75736bba4c5d7301f00310c4363f69c4461243156ab8ee9856a5d63ad7505d749f161ec7f029e763f52f75ab5235ae4cc9676f8d558a366

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39403.exe

Filesize
468KB

MD5
aa369f612089a553e54ea011e49fdcad

SHA1
55ec60a86f732bf07d5cbd12d85c123fcbfc1663

SHA256
fa96ea4e6f289a5fe94531dd51765b16c9f927878d1268b9a01045d8cf87d9b3

SHA512
d30d76aee0cf1780643f5fc8dbd53b6d9e3dfbe7fce1944e537405a16d4c5372fedfdcceeb5fed2a0b0b626d1fda7d0d3cdb10e91bc2fb6fbe5d434c232b4cb4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4623.exe

Filesize
468KB

MD5
29566b8c1ba0e8e835908b2cfeb849d5

SHA1
73f5808a421d0081f5a30f6ca3a8860ec1d4a03c

SHA256
f5151c6bd6f5f2ce398e130b82126db3e553b1a33e750a1d59525535f71e35b0

SHA512
61500acda2143e20e5b5170c2407245d9db067decfe984655a56469c56e84510cb87d3fd44cab79c3c66599322aa6b13bc15bca13e4f6201c3b7bc726eb13f00

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47654.exe

Filesize
468KB

MD5
22b94652dab4aba7aeff4149c04854f9

SHA1
8603e2736f176c7e25d6311d8f014ded6ffb1f73

SHA256
c4f1b7765b16bcb1b59b3e3452d31f6854de3f75f53ee30d3b4f94c15d903517

SHA512
8f6123a0a7bbe91e44eca581ea2430c39089927624fdc0d272536074051f403f53d538e000798d8bb69035ca4d55348edcb2789458a311c840dc51b42a2876e5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49237.exe

Filesize
468KB

MD5
6813db1ac026506027dfcab7a48ce316

SHA1
4b4120aa55ce337ff656ee9f1c3f81f12720b1e3

SHA256
f2e80ccbb45f9379fd737256e053821ac11ff7936fe4401ded190a787c4c1e9a

SHA512
5b190beb32da7060073c537bdae3f64a1d108388934ac231d710b39ebc5cd638cc014ecc3e2636063dec2cea307aaf5b70dcf36112d749dec7d663e7afa7fc05

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50347.exe

Filesize
468KB

MD5
2af40ebe10572916768e7b1fae23fecc

SHA1
a09afc29abbc04ef258ddcc0b0ad8a185e64a41a

SHA256
b19c6fcdd6116e81bd3f12ced47b48d2d3433ac84b6bf096f6cf5a7f852bcc60

SHA512
d9ea3c1a2ffdc42d3f6f8fe9e51675a391a22337422d52222399429601a4158479380c172b25a5e1228752c40229fc2f2d699da31b6458725e3b872d7044141b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51951.exe

Filesize
468KB

MD5
68b6ba0f6ad8a87fc0af07956f409d5b

SHA1
2f44c36f0a69193f4b4eef0129b05cfe57faf97c

SHA256
758a0b2a55c04cddf6f29f3741f6b50a7acbf5b1c8f7290035ddf3a7d44690c6

SHA512
b9f0c2b6b7fc63e7ec161429ace56709c570e04fe507295289beb37e253ae1eddb2fc27552a3a293eae6ae96961c95194f81d3b0fb6fd2713fe2ead376b34d07

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5355.exe

Filesize
468KB

MD5
634ddd3ae381d9322dbb052116328f59

SHA1
db7518aea848cdd29739072ca3bd1b99dcb0e60b

SHA256
9f1fba85a1e470deffa0560bb6a59ae6d8fec11ba801b46d9b06d729f59336ea

SHA512
016c879e842cf8bdb967bcf9fa08c6c12563dc4d8bc8e55ce36f163e592cf0e597182f01b507dbb3965ec00d433050bc95de6a00df56857975c1e544ec9b3f23

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56014.exe

Filesize
468KB

MD5
60201ca17edb7efe53928b672b2c8d75

SHA1
881745b0c72788a1eb741e50808f2dd8b94aa195

SHA256
4b1106bd027440078c7bf5c58033b173d900ef25d421977830bb027a1aa933ce

SHA512
02b5144187207b21a2c55b5fecb18b9781ac2cbefa8ba255b42298eee4f9e8b55135f76e4fe51ffd56d2e23e2acdccc64e98875038ce96cebb750d4f183ad93b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59626.exe

Filesize
468KB

MD5
a97480604270d01c80368de4b0b86735

SHA1
1df361b829ac06c3b89ec2bb1d966476d3899060

SHA256
5530cde06f1b9b75d6bff72bc9fd9fcae0eeca2a8532cf1aec3bc7c032acb238

SHA512
a7c7437a9448404b520a73ed4071d51279732589bc4c635e06c9876177103122aee72f50807748ce3a722d35a92283750ed9c5dd4e2746f232b66d87dad9df09

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64295.exe

Filesize
468KB

MD5
0ea5713c712644e8e28cbf6efc43c2f3

SHA1
b63255d379146c53c4913684e92915c5ad121207

SHA256
50629777b81b46a9dfd7d663031633a4171f70d517eb14f9a94d9be30743029c

SHA512
25d15683480f61459d0e1e745480fbc16823498bbc83aa1d73a78d50a2a61d83a576ac9a2f95d327dea57a6506d5e68dbbb86fd84e620105c92fcace4d625658

Download Submit