dc0f1768a92500ce3f8c8670d8cef9080f832a125d15ffc36b8a1098522320f7

Analysis

max time kernel
118s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02/10/2024, 03:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dc0f1768a92500ce3f8c8670d8cef9080f832a125d15ffc36b8a1098522320f7N.exe
Size

468KB
MD5

d8b503d774a8f02150b2b9a4d99981f0
SHA1

d3ee2d923467c887200dc43583130fadcd93a151
SHA256

dc0f1768a92500ce3f8c8670d8cef9080f832a125d15ffc36b8a1098522320f7
SHA512

cd56d159bd6b9bbb26955890a3be491ccc2d51099ec31385ff14432f4dbf3c95973deca79c7d8fa117131aa9f04b696cf0a3198c5d8624628913501e7b213cb6
SSDEEP

3072:yKAXogIdjI5UtbYJP0Wjff8pEPEugYpgn1x+V5hgLK3lOeuaxla:yK4orIUtOPbjffOkIWgLIgeua

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2812	Unicorn-39448.exe
2948	Unicorn-31581.exe
2944	Unicorn-28544.exe
2788	Unicorn-17015.exe
2776	Unicorn-20222.exe
2700	Unicorn-62686.exe
3032	Unicorn-61813.exe
2972	Unicorn-42264.exe
2264	Unicorn-5678.exe
2648	Unicorn-10743.exe
2288	Unicorn-10743.exe
2896	Unicorn-27743.exe
2916	Unicorn-47344.exe
2328	Unicorn-47609.exe
300	Unicorn-41479.exe
2364	Unicorn-49389.exe
2128	Unicorn-17594.exe
2952	Unicorn-60088.exe
1612	Unicorn-3094.exe
1592	Unicorn-37843.exe
1996	Unicorn-21241.exe
272	Unicorn-54864.exe
2536	Unicorn-57168.exe
2164	Unicorn-48238.exe
1860	Unicorn-6606.exe
1300	Unicorn-12736.exe
1332	Unicorn-53447.exe
1528	Unicorn-40448.exe
2064	Unicorn-46561.exe
2468	Unicorn-26695.exe
2448	Unicorn-34116.exe
1628	Unicorn-54423.exe
3068	Unicorn-17645.exe
2664	Unicorn-4646.exe
2708	Unicorn-49934.exe
2960	Unicorn-57028.exe
2588	Unicorn-23131.exe
2860	Unicorn-23204.exe
2644	Unicorn-61059.exe
2656	Unicorn-18482.exe
2580	Unicorn-152.exe
2560	Unicorn-36027.exe
1104	Unicorn-32305.exe
2976	Unicorn-2010.exe
2180	Unicorn-37563.exe
1208	Unicorn-50863.exe
1092	Unicorn-51622.exe
2372	Unicorn-5221.exe
2888	Unicorn-27880.exe
2908	Unicorn-10967.exe
784	Unicorn-28438.exe
2244	Unicorn-15004.exe
1080	Unicorn-53126.exe
1756	Unicorn-53126.exe
2528	Unicorn-20070.exe
2112	Unicorn-40413.exe
1072	Unicorn-25797.exe
236	Unicorn-63878.exe
1108	Unicorn-55923.exe
956	Unicorn-55923.exe
2508	Unicorn-10251.exe
1644	Unicorn-10251.exe
1740	Unicorn-60500.exe
2260	Unicorn-54787.exe

Loads dropped DLL 64 IoCs

pid	Process
2140	dc0f1768a92500ce3f8c8670d8cef9080f832a125d15ffc36b8a1098522320f7N.exe
2140	dc0f1768a92500ce3f8c8670d8cef9080f832a125d15ffc36b8a1098522320f7N.exe
2812	Unicorn-39448.exe
2812	Unicorn-39448.exe
2140	dc0f1768a92500ce3f8c8670d8cef9080f832a125d15ffc36b8a1098522320f7N.exe
2140	dc0f1768a92500ce3f8c8670d8cef9080f832a125d15ffc36b8a1098522320f7N.exe
2948	Unicorn-31581.exe
2944	Unicorn-28544.exe
2948	Unicorn-31581.exe
2944	Unicorn-28544.exe
2812	Unicorn-39448.exe
2812	Unicorn-39448.exe
2140	dc0f1768a92500ce3f8c8670d8cef9080f832a125d15ffc36b8a1098522320f7N.exe
2140	dc0f1768a92500ce3f8c8670d8cef9080f832a125d15ffc36b8a1098522320f7N.exe
2788	Unicorn-17015.exe
2788	Unicorn-17015.exe
2944	Unicorn-28544.exe
2944	Unicorn-28544.exe
3032	Unicorn-61813.exe
2700	Unicorn-62686.exe
3032	Unicorn-61813.exe
2700	Unicorn-62686.exe
2948	Unicorn-31581.exe
2140	dc0f1768a92500ce3f8c8670d8cef9080f832a125d15ffc36b8a1098522320f7N.exe
2776	Unicorn-20222.exe
2776	Unicorn-20222.exe
2948	Unicorn-31581.exe
2140	dc0f1768a92500ce3f8c8670d8cef9080f832a125d15ffc36b8a1098522320f7N.exe
2812	Unicorn-39448.exe
2812	Unicorn-39448.exe
2264	Unicorn-5678.exe
2264	Unicorn-5678.exe
2972	Unicorn-42264.exe
2972	Unicorn-42264.exe
2944	Unicorn-28544.exe
2944	Unicorn-28544.exe
2788	Unicorn-17015.exe
2788	Unicorn-17015.exe
300	Unicorn-41479.exe
300	Unicorn-41479.exe
2812	Unicorn-39448.exe
2812	Unicorn-39448.exe
2916	Unicorn-47344.exe
2916	Unicorn-47344.exe
2896	Unicorn-27743.exe
2896	Unicorn-27743.exe
2140	dc0f1768a92500ce3f8c8670d8cef9080f832a125d15ffc36b8a1098522320f7N.exe
2140	dc0f1768a92500ce3f8c8670d8cef9080f832a125d15ffc36b8a1098522320f7N.exe
2948	Unicorn-31581.exe
2948	Unicorn-31581.exe
2648	Unicorn-10743.exe
2648	Unicorn-10743.exe
2700	Unicorn-62686.exe
2700	Unicorn-62686.exe
2328	Unicorn-47609.exe
2328	Unicorn-47609.exe
2288	Unicorn-10743.exe
2288	Unicorn-10743.exe
2776	Unicorn-20222.exe
2776	Unicorn-20222.exe
3032	Unicorn-61813.exe
3032	Unicorn-61813.exe
2364	Unicorn-49389.exe
2364	Unicorn-49389.exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58016.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53394.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4442.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55908.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20222.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28438.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15004.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63878.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38072.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44501.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58076.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29385.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5209.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19256.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20541.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41812.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14756.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39443.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17359.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62121.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17699.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20499.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53126.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60500.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30797.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36253.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19195.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4106.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19300.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33971.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18481.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14341.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47609.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15917.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32532.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44533.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4106.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62057.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38991.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50308.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9971.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10967.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57511.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40097.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49041.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38656.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10743.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13963.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57743.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29416.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26313.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2010.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55923.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63840.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44344.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-340.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34116.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32305.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40413.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36750.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20541.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3163.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36545.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6606.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2140	dc0f1768a92500ce3f8c8670d8cef9080f832a125d15ffc36b8a1098522320f7N.exe
2812	Unicorn-39448.exe
2948	Unicorn-31581.exe
2944	Unicorn-28544.exe
2788	Unicorn-17015.exe
2700	Unicorn-62686.exe
2776	Unicorn-20222.exe
3032	Unicorn-61813.exe
2972	Unicorn-42264.exe
2264	Unicorn-5678.exe
2916	Unicorn-47344.exe
2896	Unicorn-27743.exe
2288	Unicorn-10743.exe
2648	Unicorn-10743.exe
2328	Unicorn-47609.exe
300	Unicorn-41479.exe
2364	Unicorn-49389.exe
2128	Unicorn-17594.exe
2952	Unicorn-60088.exe
1612	Unicorn-3094.exe
1592	Unicorn-37843.exe
1996	Unicorn-21241.exe
272	Unicorn-54864.exe
1860	Unicorn-6606.exe
2536	Unicorn-57168.exe
2164	Unicorn-48238.exe
1300	Unicorn-12736.exe
1332	Unicorn-53447.exe
1528	Unicorn-40448.exe
2064	Unicorn-46561.exe
2468	Unicorn-26695.exe
2448	Unicorn-34116.exe
1628	Unicorn-54423.exe
3068	Unicorn-17645.exe
2588	Unicorn-23131.exe
2664	Unicorn-4646.exe
2960	Unicorn-57028.exe
2708	Unicorn-49934.exe
2860	Unicorn-23204.exe
2644	Unicorn-61059.exe
2656	Unicorn-18482.exe
2560	Unicorn-36027.exe
2580	Unicorn-152.exe
1104	Unicorn-32305.exe
2180	Unicorn-37563.exe
1208	Unicorn-50863.exe
2372	Unicorn-5221.exe
2976	Unicorn-2010.exe
1092	Unicorn-51622.exe
2908	Unicorn-10967.exe
2888	Unicorn-27880.exe
784	Unicorn-28438.exe
2244	Unicorn-15004.exe
2528	Unicorn-20070.exe
2112	Unicorn-40413.exe
1080	Unicorn-53126.exe
1756	Unicorn-53126.exe
1072	Unicorn-25797.exe
236	Unicorn-63878.exe
2508	Unicorn-10251.exe
956	Unicorn-55923.exe
1644	Unicorn-10251.exe
1740	Unicorn-60500.exe
2260	Unicorn-54787.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2140 wrote to memory of 2812	2140	dc0f1768a92500ce3f8c8670d8cef9080f832a125d15ffc36b8a1098522320f7N.exe	30
PID 2140 wrote to memory of 2812	2140	dc0f1768a92500ce3f8c8670d8cef9080f832a125d15ffc36b8a1098522320f7N.exe	30
PID 2140 wrote to memory of 2812	2140	dc0f1768a92500ce3f8c8670d8cef9080f832a125d15ffc36b8a1098522320f7N.exe	30
PID 2140 wrote to memory of 2812	2140	dc0f1768a92500ce3f8c8670d8cef9080f832a125d15ffc36b8a1098522320f7N.exe	30
PID 2812 wrote to memory of 2948	2812	Unicorn-39448.exe	31
PID 2812 wrote to memory of 2948	2812	Unicorn-39448.exe	31
PID 2812 wrote to memory of 2948	2812	Unicorn-39448.exe	31
PID 2812 wrote to memory of 2948	2812	Unicorn-39448.exe	31
PID 2140 wrote to memory of 2944	2140	dc0f1768a92500ce3f8c8670d8cef9080f832a125d15ffc36b8a1098522320f7N.exe	32
PID 2140 wrote to memory of 2944	2140	dc0f1768a92500ce3f8c8670d8cef9080f832a125d15ffc36b8a1098522320f7N.exe	32
PID 2140 wrote to memory of 2944	2140	dc0f1768a92500ce3f8c8670d8cef9080f832a125d15ffc36b8a1098522320f7N.exe	32
PID 2140 wrote to memory of 2944	2140	dc0f1768a92500ce3f8c8670d8cef9080f832a125d15ffc36b8a1098522320f7N.exe	32
PID 2948 wrote to memory of 2776	2948	Unicorn-31581.exe	33
PID 2948 wrote to memory of 2776	2948	Unicorn-31581.exe	33
PID 2948 wrote to memory of 2776	2948	Unicorn-31581.exe	33
PID 2948 wrote to memory of 2776	2948	Unicorn-31581.exe	33
PID 2944 wrote to memory of 2788	2944	Unicorn-28544.exe	34
PID 2944 wrote to memory of 2788	2944	Unicorn-28544.exe	34
PID 2944 wrote to memory of 2788	2944	Unicorn-28544.exe	34
PID 2944 wrote to memory of 2788	2944	Unicorn-28544.exe	34
PID 2812 wrote to memory of 2700	2812	Unicorn-39448.exe	35
PID 2812 wrote to memory of 2700	2812	Unicorn-39448.exe	35
PID 2812 wrote to memory of 2700	2812	Unicorn-39448.exe	35
PID 2812 wrote to memory of 2700	2812	Unicorn-39448.exe	35
PID 2140 wrote to memory of 3032	2140	dc0f1768a92500ce3f8c8670d8cef9080f832a125d15ffc36b8a1098522320f7N.exe	36
PID 2140 wrote to memory of 3032	2140	dc0f1768a92500ce3f8c8670d8cef9080f832a125d15ffc36b8a1098522320f7N.exe	36
PID 2140 wrote to memory of 3032	2140	dc0f1768a92500ce3f8c8670d8cef9080f832a125d15ffc36b8a1098522320f7N.exe	36
PID 2140 wrote to memory of 3032	2140	dc0f1768a92500ce3f8c8670d8cef9080f832a125d15ffc36b8a1098522320f7N.exe	36
PID 2788 wrote to memory of 2972	2788	Unicorn-17015.exe	37
PID 2788 wrote to memory of 2972	2788	Unicorn-17015.exe	37
PID 2788 wrote to memory of 2972	2788	Unicorn-17015.exe	37
PID 2788 wrote to memory of 2972	2788	Unicorn-17015.exe	37
PID 2944 wrote to memory of 2264	2944	Unicorn-28544.exe	38
PID 2944 wrote to memory of 2264	2944	Unicorn-28544.exe	38
PID 2944 wrote to memory of 2264	2944	Unicorn-28544.exe	38
PID 2944 wrote to memory of 2264	2944	Unicorn-28544.exe	38
PID 2700 wrote to memory of 2648	2700	Unicorn-62686.exe	40
PID 2700 wrote to memory of 2648	2700	Unicorn-62686.exe	40
PID 2700 wrote to memory of 2648	2700	Unicorn-62686.exe	40
PID 2700 wrote to memory of 2648	2700	Unicorn-62686.exe	40
PID 3032 wrote to memory of 2288	3032	Unicorn-61813.exe	39
PID 3032 wrote to memory of 2288	3032	Unicorn-61813.exe	39
PID 3032 wrote to memory of 2288	3032	Unicorn-61813.exe	39
PID 3032 wrote to memory of 2288	3032	Unicorn-61813.exe	39
PID 2776 wrote to memory of 2328	2776	Unicorn-20222.exe	43
PID 2776 wrote to memory of 2328	2776	Unicorn-20222.exe	43
PID 2776 wrote to memory of 2328	2776	Unicorn-20222.exe	43
PID 2776 wrote to memory of 2328	2776	Unicorn-20222.exe	43
PID 2948 wrote to memory of 2896	2948	Unicorn-31581.exe	41
PID 2948 wrote to memory of 2896	2948	Unicorn-31581.exe	41
PID 2948 wrote to memory of 2896	2948	Unicorn-31581.exe	41
PID 2948 wrote to memory of 2896	2948	Unicorn-31581.exe	41
PID 2140 wrote to memory of 2916	2140	dc0f1768a92500ce3f8c8670d8cef9080f832a125d15ffc36b8a1098522320f7N.exe	42
PID 2140 wrote to memory of 2916	2140	dc0f1768a92500ce3f8c8670d8cef9080f832a125d15ffc36b8a1098522320f7N.exe	42
PID 2140 wrote to memory of 2916	2140	dc0f1768a92500ce3f8c8670d8cef9080f832a125d15ffc36b8a1098522320f7N.exe	42
PID 2140 wrote to memory of 2916	2140	dc0f1768a92500ce3f8c8670d8cef9080f832a125d15ffc36b8a1098522320f7N.exe	42
PID 2812 wrote to memory of 300	2812	Unicorn-39448.exe	44
PID 2812 wrote to memory of 300	2812	Unicorn-39448.exe	44
PID 2812 wrote to memory of 300	2812	Unicorn-39448.exe	44
PID 2812 wrote to memory of 300	2812	Unicorn-39448.exe	44
PID 2264 wrote to memory of 2364	2264	Unicorn-5678.exe	45
PID 2264 wrote to memory of 2364	2264	Unicorn-5678.exe	45
PID 2264 wrote to memory of 2364	2264	Unicorn-5678.exe	45
PID 2264 wrote to memory of 2364	2264	Unicorn-5678.exe	45

C:\Users\Admin\AppData\Local\Temp\dc0f1768a92500ce3f8c8670d8cef9080f832a125d15ffc36b8a1098522320f7N.exe
"C:\Users\Admin\AppData\Local\Temp\dc0f1768a92500ce3f8c8670d8cef9080f832a125d15ffc36b8a1098522320f7N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2140
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39448.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39448.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31581.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31581.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20222.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20222.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47609.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40448.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10251.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-160.exe
        8⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17359.exe
        7⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39054.exe
        7⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47419.exe
        7⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61098.exe
        7⤵
        
        PID:5052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55923.exe
        6⤵
        Executes dropped EXE
        
        PID:1108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27115.exe
        6⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26822.exe
        7⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20541.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-340.exe
        7⤵
        
        PID:4100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36960.exe
        6⤵
        
        PID:2076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62121.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27097.exe
        7⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20541.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-340.exe
        7⤵
        
        PID:4756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34701.exe
        6⤵
        
        PID:3664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37414.exe
        6⤵
        
        PID:4272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36741.exe
        6⤵
        
        PID:4900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26695.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41056.exe
        6⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38991.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20541.exe
        7⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-340.exe
        7⤵
        
        PID:4852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17359.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47933.exe
        6⤵
        
        PID:3464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52165.exe
        6⤵
        
        PID:764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3597.exe
        5⤵
        
        PID:560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36960.exe
        5⤵
        
        PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36253.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22218.exe
        5⤵
        
        PID:3976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61628.exe
        5⤵
        
        PID:5076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27743.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57168.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36027.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24344.exe
        7⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30797.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11241.exe
        7⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29385.exe
        7⤵
        
        PID:4252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63840.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27698.exe
        6⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17756.exe
        7⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14667.exe
        7⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43999.exe
        7⤵
        
        PID:4760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32566.exe
        6⤵
        
        PID:4024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52748.exe
        6⤵
        
        PID:3868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46541.exe
        6⤵
        
        PID:4140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32305.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53394.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15037.exe
        6⤵
        
        PID:276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11241.exe
        6⤵
        
        PID:3948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61413.exe
        6⤵
        
        PID:3148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63077.exe
        6⤵
        
        PID:5100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29640.exe
        5⤵
        
        PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37653.exe
        5⤵
        
        PID:2804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50308.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58945.exe
        5⤵
        
        PID:4284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41692.exe
        5⤵
        
        PID:4200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6606.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54787.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38991.exe
        6⤵
        
        PID:3132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32185.exe
        6⤵
        
        PID:4232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5197.exe
        5⤵
        
        PID:1108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26313.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19447.exe
        5⤵
        
        PID:3432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59839.exe
        5⤵
        
        PID:4696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57511.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31921.exe
        5⤵
        
        PID:3036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36433.exe
        5⤵
        
        PID:2268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53307.exe
        5⤵
        
        PID:3892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38082.exe
        5⤵
        
        PID:4584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41199.exe
        5⤵
        
        PID:4772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28294.exe
      4⤵
      PID:2196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19718.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19718.exe
      4⤵
      PID:3392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39284.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39284.exe
      4⤵
      PID:4068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40097.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40097.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62686.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62686.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10743.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12736.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10967.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50265.exe
        7⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38656.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13963.exe
        7⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20499.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56094.exe
        7⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63077.exe
        7⤵
        
        PID:4968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49341.exe
        6⤵
        
        PID:2876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40845.exe
        6⤵
        
        PID:3204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4486.exe
        6⤵
        
        PID:3128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30305.exe
        6⤵
        
        PID:4596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15004.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22463.exe
        6⤵
        
        PID:3248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57765.exe
        6⤵
        
        PID:3460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-340.exe
        6⤵
        
        PID:4956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
        5⤵
        
        PID:2980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49760.exe
        5⤵
        
        PID:2084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3839.exe
        5⤵
        
        PID:3536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22907.exe
        5⤵
        
        PID:4864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60888.exe
        5⤵
        
        PID:4476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53447.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53447.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27880.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3784.exe
        6⤵
        
        PID:2200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48976.exe
        6⤵
        
        PID:3588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14988.exe
        6⤵
        
        PID:3660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46841.exe
        6⤵
        
        PID:4668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44344.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44919.exe
        5⤵
        
        PID:3372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38754.exe
        5⤵
        
        PID:3820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58076.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25777.exe
        5⤵
        
        PID:4328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28438.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28438.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46072.exe
        5⤵
        
        PID:2256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13963.exe
        5⤵
        
        PID:1472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4163.exe
        5⤵
        
        PID:3492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44885.exe
        5⤵
        
        PID:3220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63077.exe
        5⤵
        
        PID:5000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53181.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53181.exe
      4⤵
      PID:2856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58531.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58531.exe
      4⤵
      PID:1604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50308.exe
      4⤵
      PID:4016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14871.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14871.exe
      4⤵
      PID:4384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41479.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41479.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37843.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18482.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22103.exe
        6⤵
        
        PID:2592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3756.exe
        6⤵
        
        PID:2612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6639.exe
        6⤵
        
        PID:3528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4226.exe
        6⤵
        
        PID:5012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23762.exe
        5⤵
        
        PID:2420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29727.exe
        5⤵
        
        PID:2564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9971.exe
        5⤵
        
        PID:3992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6911.exe
        5⤵
        
        PID:4648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-152.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46549.exe
        5⤵
        
        PID:2688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19224.exe
        5⤵
        
        PID:1632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19978.exe
        5⤵
        
        PID:3684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60707.exe
        5⤵
        
        PID:4108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60888.exe
        5⤵
        
        PID:4216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58016.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37653.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37653.exe
      4⤵
      PID:1568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46589.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46589.exe
      4⤵
      PID:2092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19300.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19300.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63607.exe
      4⤵
      PID:4128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21241.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21241.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55923.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55923.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53202.exe
        5⤵
        
        PID:2432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54062.exe
        5⤵
        
        PID:1768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32476.exe
        5⤵
        
        PID:3188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11828.exe
        5⤵
        
        PID:3504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63077.exe
        5⤵
        
        PID:4960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31944.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31944.exe
      4⤵
      PID:2240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34638.exe
      4⤵
      PID:1112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33971.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33971.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59329.exe
      4⤵
      PID:4244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42076.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42076.exe
      4⤵
      PID:4840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51622.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51622.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39803.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39803.exe
      4⤵
      PID:1828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19909.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19909.exe
      4⤵
      PID:2712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59172.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59172.exe
      4⤵
      PID:3728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6911.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6911.exe
      4⤵
      PID:4632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60888.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60888.exe
      4⤵
      PID:3872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46926.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46926.exe
    3⤵
    PID:984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65527.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65527.exe
    3⤵
    PID:2204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25588.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25588.exe
    3⤵
    PID:2604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26412.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26412.exe
    3⤵
    PID:3440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40941.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40941.exe
    3⤵
    PID:5020
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28544.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28544.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17015.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17015.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42264.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42264.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17594.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4646.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11339.exe
        7⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15992.exe
        7⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4106.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20318.exe
        7⤵
        
        PID:4336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16668.exe
        6⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32831.exe
        7⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41812.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-340.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23606.exe
        6⤵
        
        PID:3236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15088.exe
        6⤵
        
        PID:3224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30305.exe
        6⤵
        
        PID:4536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49934.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39803.exe
        6⤵
        
        PID:2988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47326.exe
        6⤵
        
        PID:2184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49389.exe
        6⤵
        
        PID:4076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61413.exe
        6⤵
        
        PID:3184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63077.exe
        6⤵
        
        PID:4924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28758.exe
        5⤵
        
        PID:2016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33564.exe
        5⤵
        
        PID:2840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1363.exe
        5⤵
        
        PID:3532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52357.exe
        5⤵
        
        PID:3468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3094.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3094.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23204.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20070.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25158.exe
        7⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36545.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32532.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22405.exe
        6⤵
        
        PID:1244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39733.exe
        6⤵
        
        PID:3356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62966.exe
        6⤵
        
        PID:4508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63878.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36534.exe
        6⤵
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15992.exe
        6⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12961.exe
        7⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50163.exe
        7⤵
        
        PID:5060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4106.exe
        6⤵
        
        PID:4004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23007.exe
        6⤵
        
        PID:4412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37498.exe
        5⤵
        
        PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19256.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50507.exe
        5⤵
        
        PID:3836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12881.exe
        5⤵
        
        PID:4548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60888.exe
        5⤵
        
        PID:4504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61059.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61059.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20613.exe
        5⤵
        
        PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46176.exe
        5⤵
        
        PID:3608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55325.exe
        5⤵
        
        PID:3752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47371.exe
        5⤵
        
        PID:4716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19195.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28987.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28987.exe
      4⤵
      PID:1456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57443.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57443.exe
      4⤵
      PID:3964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36750.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36750.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42076.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42076.exe
      4⤵
      PID:3448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5678.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5678.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49389.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49389.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54423.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37225.exe
        6⤵
        
        PID:1788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25318.exe
        6⤵
        
        PID:3400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41554.exe
        6⤵
        
        PID:3848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4226.exe
        6⤵
        
        PID:5032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65376.exe
        5⤵
        
        PID:2848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59437.exe
        6⤵
        
        PID:3100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18481.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63158.exe
        6⤵
        
        PID:4664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61331.exe
        5⤵
        
        PID:2108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9971.exe
        5⤵
        
        PID:4036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6911.exe
        5⤵
        
        PID:4740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17645.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17645.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7239.exe
        5⤵
        
        PID:3052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19909.exe
        5⤵
        
        PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25924.exe
        5⤵
        
        PID:3212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29416.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8711.exe
        5⤵
        
        PID:4332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44711.exe
      4⤵
      PID:1648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33564.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33564.exe
      4⤵
      PID:2844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17699.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17699.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33197.exe
      4⤵
      PID:3108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63607.exe
      4⤵
      PID:4928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60088.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60088.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57028.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57028.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3669.exe
        5⤵
        
        PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13591.exe
        5⤵
        
        PID:2496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19909.exe
        5⤵
        
        PID:964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9971.exe
        5⤵
        
        PID:3812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45753.exe
        5⤵
        
        PID:4600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57011.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57011.exe
      4⤵
      PID:2360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29727.exe
      4⤵
      PID:264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9971.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9971.exe
      4⤵
      PID:4020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6911.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6911.exe
      4⤵
      PID:4640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23131.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23131.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53126.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40648.exe
        5⤵
        
        PID:968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55908.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61215.exe
        5⤵
        
        PID:4308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5821.exe
        5⤵
        
        PID:4256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32532.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32532.exe
      4⤵
      PID:2396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22405.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22405.exe
      4⤵
      PID:1260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12504.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12504.exe
      4⤵
      PID:2660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39443.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39443.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43822.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43822.exe
      4⤵
      PID:4576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40413.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40413.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51417.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51417.exe
      4⤵
      PID:1340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13963.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13963.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4163.exe
      4⤵
      PID:3500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29385.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27679.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27679.exe
    3⤵
    PID:884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59061.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59061.exe
    3⤵
    PID:924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45842.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45842.exe
    3⤵
    PID:3828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3081.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3081.exe
    3⤵
    PID:4564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38222.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38222.exe
    3⤵
    PID:4456
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61813.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61813.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10743.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10743.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46561.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10251.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45685.exe
        6⤵
        
        PID:3840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63981.exe
        6⤵
        
        PID:4192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3486.exe
        6⤵
        
        PID:4524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17359.exe
        5⤵
        
        PID:2376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49041.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54841.exe
        5⤵
        
        PID:3596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38804.exe
        5⤵
        
        PID:2472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30305.exe
        5⤵
        
        PID:4592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60500.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60500.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3669.exe
        5⤵
        
        PID:3028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65193.exe
        5⤵
        
        PID:2652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4106.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23446.exe
        5⤵
        
        PID:4624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43822.exe
        5⤵
        
        PID:4608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5209.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35593.exe
      4⤵
      PID:948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1306.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1306.exe
      4⤵
      PID:3936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63343.exe
      4⤵
      PID:4376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34116.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34116.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37563.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37563.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4442.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55515.exe
        5⤵
        
        PID:1684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50733.exe
        5⤵
        
        PID:3336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44501.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63077.exe
        5⤵
        
        PID:3420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17249.exe
      4⤵
      PID:588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44533.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17106.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17106.exe
      4⤵
      PID:3912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49733.exe
      4⤵
      PID:3096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46541.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46541.exe
      4⤵
      PID:5112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5221.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5221.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54027.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54027.exe
      4⤵
      PID:2036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19224.exe
      4⤵
      PID:2104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19978.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19978.exe
      4⤵
      PID:3672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6379.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6379.exe
      4⤵
      PID:4884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4177.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4177.exe
    3⤵
    PID:304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61468.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61468.exe
    3⤵
    PID:1588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44341.exe
      4⤵
      PID:3760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20541.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20541.exe
      4⤵
      PID:2348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-340.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-340.exe
      4⤵
      PID:4832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51164.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51164.exe
    3⤵
    PID:3796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53278.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53278.exe
    3⤵
    PID:3744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42076.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42076.exe
    3⤵
    PID:4148
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47344.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47344.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54864.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54864.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2010.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2010.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55519.exe
        5⤵
        
        PID:3116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13331.exe
        5⤵
        
        PID:5068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23814.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23814.exe
      4⤵
      PID:1312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33640.exe
      4⤵
      PID:2000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9971.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9971.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14341.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50863.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50863.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55122.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55122.exe
      4⤵
      PID:1872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50917.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50917.exe
      4⤵
      PID:2544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11241.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11241.exe
      4⤵
      PID:3928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53668.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53668.exe
      4⤵
      PID:5048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48473.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48473.exe
    3⤵
    PID:572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37653.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37653.exe
    3⤵
    PID:320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8441.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8441.exe
    3⤵
    PID:3956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36212.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36212.exe
    3⤵
    PID:3832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63607.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63607.exe
    3⤵
    PID:5096
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48238.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48238.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53126.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53126.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42976.exe
      4⤵
      PID:1124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25379.exe
        5⤵
        
        PID:3716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14505.exe
        5⤵
        
        PID:4120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-663.exe
        5⤵
        
        PID:4708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5197.exe
      4⤵
      PID:1728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62057.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14756.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46541.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46541.exe
      4⤵
      PID:4104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4042.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4042.exe
    3⤵
    PID:2724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38072.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30455.exe
      4⤵
      PID:4320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61061.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61061.exe
    3⤵
    PID:944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38342.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38342.exe
    3⤵
    PID:3168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3163.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3163.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46541.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46541.exe
    3⤵
    PID:4916
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25797.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25797.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15917.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15917.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65193.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65193.exe
    3⤵
    PID:2740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53307.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53307.exe
    3⤵
    PID:3908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59947.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59947.exe
    3⤵
    PID:4452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58065.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58065.exe
    3⤵
    PID:4824
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35280.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35280.exe
  2⤵
  PID:1880
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9840.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9840.exe
  2⤵
  PID:676
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40507.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40507.exe
  2⤵
  PID:4060
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57743.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57743.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-17015.exe

Filesize
468KB

MD5
1f7afd799bc55c904be6ca165d332bc2

SHA1
228e7385b5663b9bd78e31aef9b9c6b5138c2c53

SHA256
a573b6eb13f4e5dc82586adcc8c281cff1f81df22d7ab968f60a68656f883fa6

SHA512
c6eb2fb2b6fcc52430fd762afd4454e5af50cfbf41d62b6e10e519d5889d66033e04b6296bc238d6a6d8dfb95fab2d3dcc0b35993d4b3c51bdef584218fc8261

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17699.exe

Filesize
468KB

MD5
42e2bcc5e46848d879cee431372497f8

SHA1
fef844906363bb10d59494eded8caa99825fbdbe

SHA256
303a8c33c150b6ec92ea01852a2226164a644148588a0301b265b344513084c8

SHA512
db584c95376af93c27b2c4b7e9f61f8cd1abb673645327bdeef8cf6df1fb89de81006a5c2da4354f04e61d2f9cf60e943c0b8c74ad777cbfc54bbed40c3c3fa7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23814.exe

Filesize
468KB

MD5
a76d0be738f7fa1796761fb43d6728e2

SHA1
61e08831b7757b297737444d2c785b3441bea13e

SHA256
27ce71d448da9a942b1aa588f961362838bcb46714154057f347c82743310330

SHA512
d9bd8332e6a90c8065eeca171a3bcc672ce838bec926ba6b96156ed42a8e1d914ddcb1f7aca04a9b89d5a7b48b692235306fa9b60e1ecf0ef61923545c3d65bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44919.exe

Filesize
468KB

MD5
0bcdbf69f9ca063b5260da4b06e86e14

SHA1
c0fbe2820cdd05b481d6292ffd2d59061cca5b27

SHA256
1503ce6488cecb1dd3198929d81eac0336879dd97eabe4b0b91f4b0d71472732

SHA512
832d41bbc12a146ce5590d9c684771849cd885c681eaf6d724efa0ed07079e426bd1b3cc18c1837b2bee5894eb6b009398604089ba456bf7e21a3052f1de7859

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5678.exe

Filesize
468KB

MD5
9a2539ed40fb32f4b3218f247b8318bc

SHA1
325497d969806d9391e2e739c6d6218128d60b1b

SHA256
16875c2c890903b4bb0ffb62d5340bea3cb805afe6445179adf96dc0122ea05b

SHA512
3d0a1599b155fe0e8cfc959b497bf538ecfe604e0e66f3b93dc9add7caf987da71fbe7e1f8eb9dc5b0a4fea51840b369865201d824bebd3819977248d0c5a324

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60088.exe

Filesize
468KB

MD5
001f3c459987ac03759c1a31b03ad74e

SHA1
47bbdde254bd5d11644d4218597be5d248cccbe7

SHA256
464c591dd6764ca1ae727c82573793c61d28ff046f43ec282f2de6920f741e5a

SHA512
59739c03505a24306ff7966bfe5740889cc79e59b726efbc5bd90568f2cc2331c8e7076bcc9af19a16dea3a3af9af1633b0d93cc9f8983b6101316cc4adb8edc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10743.exe

Filesize
468KB

MD5
f78eeaec9b3a51eae924547a9b731ec5

SHA1
f9ec5c289bc2b8bf47dda449a11e34b9645925fe

SHA256
2f45d89ce08d305557afdedad6dcdf82237f3aa277d833f4b5a4c1b1c80bf0de

SHA512
4b89d1b3616419dab177d74539fcc503b9be633547b650f24244c4de2703acdb8894ee0c6a371b66b40795344427f71b3322af347aae93af982a6384e2c1666c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17594.exe

Filesize
468KB

MD5
5d0702b6d9f10fad270e4ebeb931584f

SHA1
8fb30547db35ebf815dfcdef59ec90a74e565da2

SHA256
8d72d0b619325fa2ccc4b21e111015ed5d10324baf8072c46a065d2ef066d654

SHA512
8c40c3a477f423487a3e0dae96e0394a1f028fb5c92334fe858d35fdc246eb5a53d38cee06afe3c74d746f4bb25c80fd0993bae1874187aa5ee88c6c8f401c2e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20222.exe

Filesize
468KB

MD5
1bdcd70dce7b64ac8632ba6977dbd3d4

SHA1
9c928e63676e84031d67798b6403831d6d505a63

SHA256
52dc2e9102ab1558ca902549df4935554ca38f67ebdbd366f43f1028bab19d1e

SHA512
b7bcaef423a7e3af312524b9498fb766de9a4d1424e4bdfdfae4e3b949690597b18adc1e9bf850340cf8574345bda522a69efb09c873d1c64ffacbf6d7d39aba

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27743.exe

Filesize
468KB

MD5
3ca68e47addd144d7192d97c029ad767

SHA1
764ed3505d01f1d19583613a60c375a3211a1a60

SHA256
9290b0c05a859e5c1a7252739ed90ba821947c6a4496bc4f36c9d54362fb3cdd

SHA512
399ee6a2301951092aa1d9812fe2024810de1ea7e8b5d304f5bd01b21cb9c7bc7b112af14ae79e8fc04e925dcfa23813fbe952bce6ffac838ab9f66b73006068

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28544.exe

Filesize
468KB

MD5
1a4957f5082fc9c11037846390634695

SHA1
1d4cfd1df7fa689dfb75832b46b6bdbe18782280

SHA256
39fd367f4ebf580c4b7a072782b5647853d7101950cc2e89eb9ad91677b72536

SHA512
ed5886a38471885a444e1483d36cc138940bf4f0af18b381a21144f2404c41d5b9c90bdbc833acb24352a0786a36e8c8f5fe07f11927759c09111c0e33516548

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31581.exe

Filesize
468KB

MD5
c21f76ee59b7979aadab0999cb3114de

SHA1
70f305b94eb0f266e5f2e584eff1103e39394fdf

SHA256
8dbbbbea6088fd7cb8650dbed607077fdd31abf5e3c464323b14cdf4d61b5296

SHA512
3f052f7dbdf616b2cf05f616e08270e00f21274a9fa4c8cdf733cd508dbbc11db887c6aa3255e560364dae12edc89e86ae92e4b7df591a95afb68036da39400e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39448.exe

Filesize
468KB

MD5
2ee2f742f9f4495db8342d84024e78b3

SHA1
264839e32f6137cc0492a62dd7faf168110dd3e9

SHA256
2dbaebd3d2d49e84f1bdb6eda3b9f5a6317ccc3eee991b183b0abb09108f76cf

SHA512
cd10017bf369ee2a0a837380be7224f649908ae69d4fd72a925968ac2883e22e6c20187c88e72bf5fd6528492767b2cffc118f73602f799c714c8abc5111e20c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41479.exe

Filesize
468KB

MD5
ac102a6feba5f7fab8cf683ddf25ba2f

SHA1
4ad713d2c044ca66b041cbdb65db26150cc03f4b

SHA256
0bce2b9230e7a4ed60f85491738169657b851adef88409e89203052612040f66

SHA512
373a8be341a221830ed9f0c1e15e6e61b542cea6fdeeb6058aae990e9ebb2880c82facf67e34aa0d336e1b6f201e2bacc0841adcfeb4a400bca9b243d5d5ffe5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42264.exe

Filesize
468KB

MD5
20b195c463c7e48d16c80fceffef8073

SHA1
13b8e1eb2f1993d528b900ce3fb1c8dbb4d534cb

SHA256
f54f7292ff34f7a6cbf6c44b73207bd294fb25ee95e19d94ee01088c42f395a0

SHA512
59af05b820d890d748357f8f4df5b63888ba9dcf1d2ffb490612e026a49af4dd7f38729f1b8d85c93d3fab642cce090c93474f20697f5b3fbb289b7f74e3328f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47344.exe

Filesize
468KB

MD5
bb3c2354cd9e638534dd59603cd11e34

SHA1
c22c6735926ab2e956e912ca5426d1d65260f7ea

SHA256
7a6d7ca501d1fab648e91c1f5c795bd125d2dff3d23a6b9d44e2d37ee28b8dd6

SHA512
4aaa0b327f352d2d656877345aa9b1a1cbb3d817ae5fde9d55e5a56240527f908f87feb40911410e19ce01ed291055a05ed62682ed4b4f474a6494ed653a2c8d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47609.exe

Filesize
468KB

MD5
75da9a1e2dcea24cd37b36163372d594

SHA1
df08c76b719fba7f34a4321741b7a3a02bf89a2e

SHA256
059d4b9360808b63d46fb00da76262390030781c27289a3c7179b0a20aaa539b

SHA512
c9cbe73dcb6d35a58e16916a94ee3936d7e696be6e85f2af1744842a10110fbcaa03803e90f54f5637091d32dd17fa779feb9d552be97c3870a431b4f3c08ce4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49389.exe

Filesize
468KB

MD5
6bef706c45c5b3f3478f709a75dde1be

SHA1
b24aefd8daa61c9ff2b53cf1091f40f277847c82

SHA256
b630ef5793f311eec4157c6681628e27802cea491a36f25ae91deef767be6cb7

SHA512
0fd2d1848027736ed55e739a0ed3e68563184f80937f6d1e13dec5a2210ce93f6136deae1b313e4c10681da8217eec89c3e503284366c9c3d04e6278140001ec

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61813.exe

Filesize
468KB

MD5
3244d798ca634370ac5dc17159b84541

SHA1
f6f38161888cceacc5b15ec7fd7789fdd19218ee

SHA256
adf2f93e212bf84f4c35fe5f632c73de198190f5be87bf1a6ca30d9185b595b6

SHA512
a3a10c8893314c0fca569565e9d8f5def07b75dd9f136bce93eb68411346d3334d77dc023be01356983a9a8940d4045d97c4c62ce69b782b13e193bb1c893678

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62686.exe

Filesize
468KB

MD5
91fc78413fea784ef26a1974c95014c3

SHA1
9df3df6daf3655c76836e6cbd9d9fdf0ecbb5e28

SHA256
8605048add1ce8e3a5cd9ab330db946ad8f300373a67c5fc787b769c14c681b1

SHA512
df613c1360941989049f29e2e30eeb08cb79850998ef28c07f536fbea8188e6cf7039e93c189425ca6f2c34bacdf462b4145a01f428ebad1bb11afba8c93daf9

Download Submit