f1aaa35a195621cd7e1835b943389f930eaebdb1003227be29ccc2bc52953aee

Analysis

max time kernel
120s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02/10/2024, 06:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f1aaa35a195621cd7e1835b943389f930eaebdb1003227be29ccc2bc52953aeeN.exe
Size

468KB
MD5

1e3febc0ffff084a9c96336e5a569400
SHA1

978633585a0c2b322941b00ee07477ceee9c7336
SHA256

f1aaa35a195621cd7e1835b943389f930eaebdb1003227be29ccc2bc52953aee
SHA512

f8ec6b3c4e65fc21788637ecd129cbea806409725008b2b50e26b733451b69681772c0b3c3b8b24af67e0dbafdbff9ec85c59be4434a43a42b5b35480134f25b
SSDEEP

3072:lGZ3ogIKW05DtbYJHxcOcfr/9Cdlw0p0nLHeapP+UPuLUX/g6cl4:lGBop8DtOHKOcf5YVLUPQa/g6

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2520	Unicorn-46360.exe
2088	Unicorn-53023.exe
2392	Unicorn-24605.exe
2780	Unicorn-55841.exe
2076	Unicorn-58830.exe
2764	Unicorn-30796.exe
2620	Unicorn-20027.exe
2828	Unicorn-52904.exe
1584	Unicorn-9027.exe
2564	Unicorn-37445.exe
2492	Unicorn-55701.exe
1900	Unicorn-19499.exe
1224	Unicorn-22954.exe
324	Unicorn-55701.exe
1972	Unicorn-39100.exe
2876	Unicorn-48815.exe
2624	Unicorn-52494.exe
2276	Unicorn-48239.exe
1764	Unicorn-44138.exe
396	Unicorn-36044.exe
2496	Unicorn-44212.exe
1156	Unicorn-42327.exe
1304	Unicorn-5016.exe
1832	Unicorn-11850.exe
2132	Unicorn-52111.exe
1748	Unicorn-20092.exe
1824	Unicorn-46551.exe
800	Unicorn-28177.exe
1616	Unicorn-28177.exe
3020	Unicorn-41559.exe
2448	Unicorn-56573.exe
1756	Unicorn-37326.exe
944	Unicorn-37326.exe
2504	Unicorn-25820.exe
2476	Unicorn-61062.exe
1604	Unicorn-23219.exe
1376	Unicorn-57533.exe
2352	Unicorn-61254.exe
2532	Unicorn-47834.exe
2716	Unicorn-50521.exe
2740	Unicorn-40315.exe
2856	Unicorn-43609.exe
2720	Unicorn-15728.exe
1688	Unicorn-11534.exe
2700	Unicorn-372.exe
2708	Unicorn-23725.exe
2460	Unicorn-53060.exe
564	Unicorn-23760.exe
1964	Unicorn-43626.exe
1676	Unicorn-37496.exe
2648	Unicorn-43626.exe
2376	Unicorn-63833.exe
2020	Unicorn-26714.exe
2044	Unicorn-34882.exe
2944	Unicorn-41248.exe
2920	Unicorn-37186.exe
2136	Unicorn-31055.exe
1152	Unicorn-5399.exe
2916	Unicorn-61415.exe
1300	Unicorn-33765.exe
984	Unicorn-53631.exe
824	Unicorn-47118.exe
1332	Unicorn-56127.exe
2472	Unicorn-45845.exe

Loads dropped DLL 64 IoCs

pid	Process
2084	f1aaa35a195621cd7e1835b943389f930eaebdb1003227be29ccc2bc52953aeeN.exe
2084	f1aaa35a195621cd7e1835b943389f930eaebdb1003227be29ccc2bc52953aeeN.exe
2520	Unicorn-46360.exe
2520	Unicorn-46360.exe
2084	f1aaa35a195621cd7e1835b943389f930eaebdb1003227be29ccc2bc52953aeeN.exe
2084	f1aaa35a195621cd7e1835b943389f930eaebdb1003227be29ccc2bc52953aeeN.exe
2088	Unicorn-53023.exe
2088	Unicorn-53023.exe
2392	Unicorn-24605.exe
2392	Unicorn-24605.exe
2520	Unicorn-46360.exe
2520	Unicorn-46360.exe
2084	f1aaa35a195621cd7e1835b943389f930eaebdb1003227be29ccc2bc52953aeeN.exe
2084	f1aaa35a195621cd7e1835b943389f930eaebdb1003227be29ccc2bc52953aeeN.exe
2780	Unicorn-55841.exe
2780	Unicorn-55841.exe
2088	Unicorn-53023.exe
2088	Unicorn-53023.exe
2764	Unicorn-30796.exe
2764	Unicorn-30796.exe
2520	Unicorn-46360.exe
2076	Unicorn-58830.exe
2520	Unicorn-46360.exe
2076	Unicorn-58830.exe
2620	Unicorn-20027.exe
2392	Unicorn-24605.exe
2620	Unicorn-20027.exe
2392	Unicorn-24605.exe
2084	f1aaa35a195621cd7e1835b943389f930eaebdb1003227be29ccc2bc52953aeeN.exe
2084	f1aaa35a195621cd7e1835b943389f930eaebdb1003227be29ccc2bc52953aeeN.exe
2828	Unicorn-52904.exe
2828	Unicorn-52904.exe
2780	Unicorn-55841.exe
2780	Unicorn-55841.exe
1584	Unicorn-9027.exe
1584	Unicorn-9027.exe
2088	Unicorn-53023.exe
2088	Unicorn-53023.exe
2492	Unicorn-55701.exe
1224	Unicorn-22954.exe
2492	Unicorn-55701.exe
1224	Unicorn-22954.exe
2076	Unicorn-58830.exe
2076	Unicorn-58830.exe
1972	Unicorn-39100.exe
2520	Unicorn-46360.exe
1972	Unicorn-39100.exe
2520	Unicorn-46360.exe
2084	f1aaa35a195621cd7e1835b943389f930eaebdb1003227be29ccc2bc52953aeeN.exe
2084	f1aaa35a195621cd7e1835b943389f930eaebdb1003227be29ccc2bc52953aeeN.exe
1900	Unicorn-19499.exe
1900	Unicorn-19499.exe
2392	Unicorn-24605.exe
2392	Unicorn-24605.exe
2564	Unicorn-37445.exe
324	Unicorn-55701.exe
2564	Unicorn-37445.exe
324	Unicorn-55701.exe
2620	Unicorn-20027.exe
2620	Unicorn-20027.exe
2764	Unicorn-30796.exe
2764	Unicorn-30796.exe
2876	Unicorn-48815.exe
2624	Unicorn-52494.exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58220.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35055.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40288.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47834.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28553.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55294.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31147.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6473.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38198.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1058.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2334.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28553.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36717.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11516.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28090.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53125.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-603.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61401.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47679.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28068.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44080.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30890.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19167.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6030.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37856.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5082.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34599.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61254.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1994.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36717.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36717.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24844.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35833.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55701.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17400.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9092.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52678.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45594.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48637.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11692.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14310.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34882.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23681.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54359.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39014.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11983.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42327.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37186.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61415.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28553.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60894.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12839.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33947.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44080.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43609.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40159.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16157.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39014.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44560.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14055.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3800.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28582.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11184.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2084	f1aaa35a195621cd7e1835b943389f930eaebdb1003227be29ccc2bc52953aeeN.exe
2520	Unicorn-46360.exe
2088	Unicorn-53023.exe
2392	Unicorn-24605.exe
2780	Unicorn-55841.exe
2620	Unicorn-20027.exe
2764	Unicorn-30796.exe
2076	Unicorn-58830.exe
2828	Unicorn-52904.exe
1584	Unicorn-9027.exe
1224	Unicorn-22954.exe
2564	Unicorn-37445.exe
2492	Unicorn-55701.exe
1972	Unicorn-39100.exe
1900	Unicorn-19499.exe
324	Unicorn-55701.exe
2876	Unicorn-48815.exe
2624	Unicorn-52494.exe
2276	Unicorn-48239.exe
1764	Unicorn-44138.exe
396	Unicorn-36044.exe
2496	Unicorn-44212.exe
1156	Unicorn-42327.exe
1832	Unicorn-11850.exe
1748	Unicorn-20092.exe
2132	Unicorn-52111.exe
1824	Unicorn-46551.exe
1304	Unicorn-5016.exe
1616	Unicorn-28177.exe
800	Unicorn-28177.exe
2448	Unicorn-56573.exe
3020	Unicorn-41559.exe
1756	Unicorn-37326.exe
944	Unicorn-37326.exe
1604	Unicorn-23219.exe
2504	Unicorn-25820.exe
1376	Unicorn-57533.exe
2352	Unicorn-61254.exe
2532	Unicorn-47834.exe
2716	Unicorn-50521.exe
2740	Unicorn-40315.exe
2856	Unicorn-43609.exe
2720	Unicorn-15728.exe
1688	Unicorn-11534.exe
2700	Unicorn-372.exe
2708	Unicorn-23725.exe
2460	Unicorn-53060.exe
1676	Unicorn-37496.exe
2648	Unicorn-43626.exe
1964	Unicorn-43626.exe
564	Unicorn-23760.exe
2376	Unicorn-63833.exe
2020	Unicorn-26714.exe
2044	Unicorn-34882.exe
2944	Unicorn-41248.exe
2920	Unicorn-37186.exe
2136	Unicorn-31055.exe
984	Unicorn-53631.exe
2916	Unicorn-61415.exe
1300	Unicorn-33765.exe
1152	Unicorn-5399.exe
1332	Unicorn-56127.exe
824	Unicorn-47118.exe
596	Unicorn-54975.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 2520	2084	f1aaa35a195621cd7e1835b943389f930eaebdb1003227be29ccc2bc52953aeeN.exe	30
PID 2084 wrote to memory of 2520	2084	f1aaa35a195621cd7e1835b943389f930eaebdb1003227be29ccc2bc52953aeeN.exe	30
PID 2084 wrote to memory of 2520	2084	f1aaa35a195621cd7e1835b943389f930eaebdb1003227be29ccc2bc52953aeeN.exe	30
PID 2084 wrote to memory of 2520	2084	f1aaa35a195621cd7e1835b943389f930eaebdb1003227be29ccc2bc52953aeeN.exe	30
PID 2520 wrote to memory of 2088	2520	Unicorn-46360.exe	31
PID 2520 wrote to memory of 2088	2520	Unicorn-46360.exe	31
PID 2520 wrote to memory of 2088	2520	Unicorn-46360.exe	31
PID 2520 wrote to memory of 2088	2520	Unicorn-46360.exe	31
PID 2084 wrote to memory of 2392	2084	f1aaa35a195621cd7e1835b943389f930eaebdb1003227be29ccc2bc52953aeeN.exe	32
PID 2084 wrote to memory of 2392	2084	f1aaa35a195621cd7e1835b943389f930eaebdb1003227be29ccc2bc52953aeeN.exe	32
PID 2084 wrote to memory of 2392	2084	f1aaa35a195621cd7e1835b943389f930eaebdb1003227be29ccc2bc52953aeeN.exe	32
PID 2084 wrote to memory of 2392	2084	f1aaa35a195621cd7e1835b943389f930eaebdb1003227be29ccc2bc52953aeeN.exe	32
PID 2088 wrote to memory of 2780	2088	Unicorn-53023.exe	34
PID 2088 wrote to memory of 2780	2088	Unicorn-53023.exe	34
PID 2088 wrote to memory of 2780	2088	Unicorn-53023.exe	34
PID 2088 wrote to memory of 2780	2088	Unicorn-53023.exe	34
PID 2392 wrote to memory of 2076	2392	Unicorn-24605.exe	35
PID 2392 wrote to memory of 2076	2392	Unicorn-24605.exe	35
PID 2392 wrote to memory of 2076	2392	Unicorn-24605.exe	35
PID 2392 wrote to memory of 2076	2392	Unicorn-24605.exe	35
PID 2520 wrote to memory of 2764	2520	Unicorn-46360.exe	36
PID 2520 wrote to memory of 2764	2520	Unicorn-46360.exe	36
PID 2520 wrote to memory of 2764	2520	Unicorn-46360.exe	36
PID 2520 wrote to memory of 2764	2520	Unicorn-46360.exe	36
PID 2084 wrote to memory of 2620	2084	f1aaa35a195621cd7e1835b943389f930eaebdb1003227be29ccc2bc52953aeeN.exe	37
PID 2084 wrote to memory of 2620	2084	f1aaa35a195621cd7e1835b943389f930eaebdb1003227be29ccc2bc52953aeeN.exe	37
PID 2084 wrote to memory of 2620	2084	f1aaa35a195621cd7e1835b943389f930eaebdb1003227be29ccc2bc52953aeeN.exe	37
PID 2084 wrote to memory of 2620	2084	f1aaa35a195621cd7e1835b943389f930eaebdb1003227be29ccc2bc52953aeeN.exe	37
PID 2780 wrote to memory of 2828	2780	Unicorn-55841.exe	38
PID 2780 wrote to memory of 2828	2780	Unicorn-55841.exe	38
PID 2780 wrote to memory of 2828	2780	Unicorn-55841.exe	38
PID 2780 wrote to memory of 2828	2780	Unicorn-55841.exe	38
PID 2088 wrote to memory of 1584	2088	Unicorn-53023.exe	39
PID 2088 wrote to memory of 1584	2088	Unicorn-53023.exe	39
PID 2088 wrote to memory of 1584	2088	Unicorn-53023.exe	39
PID 2088 wrote to memory of 1584	2088	Unicorn-53023.exe	39
PID 2764 wrote to memory of 2564	2764	Unicorn-30796.exe	40
PID 2764 wrote to memory of 2564	2764	Unicorn-30796.exe	40
PID 2764 wrote to memory of 2564	2764	Unicorn-30796.exe	40
PID 2764 wrote to memory of 2564	2764	Unicorn-30796.exe	40
PID 2520 wrote to memory of 1224	2520	Unicorn-46360.exe	41
PID 2520 wrote to memory of 1224	2520	Unicorn-46360.exe	41
PID 2520 wrote to memory of 1224	2520	Unicorn-46360.exe	41
PID 2520 wrote to memory of 1224	2520	Unicorn-46360.exe	41
PID 2076 wrote to memory of 2492	2076	Unicorn-58830.exe	42
PID 2076 wrote to memory of 2492	2076	Unicorn-58830.exe	42
PID 2076 wrote to memory of 2492	2076	Unicorn-58830.exe	42
PID 2076 wrote to memory of 2492	2076	Unicorn-58830.exe	42
PID 2620 wrote to memory of 324	2620	Unicorn-20027.exe	43
PID 2620 wrote to memory of 324	2620	Unicorn-20027.exe	43
PID 2620 wrote to memory of 324	2620	Unicorn-20027.exe	43
PID 2620 wrote to memory of 324	2620	Unicorn-20027.exe	43
PID 2392 wrote to memory of 1900	2392	Unicorn-24605.exe	44
PID 2392 wrote to memory of 1900	2392	Unicorn-24605.exe	44
PID 2392 wrote to memory of 1900	2392	Unicorn-24605.exe	44
PID 2392 wrote to memory of 1900	2392	Unicorn-24605.exe	44
PID 2084 wrote to memory of 1972	2084	f1aaa35a195621cd7e1835b943389f930eaebdb1003227be29ccc2bc52953aeeN.exe	45
PID 2084 wrote to memory of 1972	2084	f1aaa35a195621cd7e1835b943389f930eaebdb1003227be29ccc2bc52953aeeN.exe	45
PID 2084 wrote to memory of 1972	2084	f1aaa35a195621cd7e1835b943389f930eaebdb1003227be29ccc2bc52953aeeN.exe	45
PID 2084 wrote to memory of 1972	2084	f1aaa35a195621cd7e1835b943389f930eaebdb1003227be29ccc2bc52953aeeN.exe	45
PID 2828 wrote to memory of 2876	2828	Unicorn-52904.exe	46
PID 2828 wrote to memory of 2876	2828	Unicorn-52904.exe	46
PID 2828 wrote to memory of 2876	2828	Unicorn-52904.exe	46
PID 2828 wrote to memory of 2876	2828	Unicorn-52904.exe	46

C:\Users\Admin\AppData\Local\Temp\f1aaa35a195621cd7e1835b943389f930eaebdb1003227be29ccc2bc52953aeeN.exe
"C:\Users\Admin\AppData\Local\Temp\f1aaa35a195621cd7e1835b943389f930eaebdb1003227be29ccc2bc52953aeeN.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46360.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46360.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53023.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53023.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55841.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52904.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48815.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37326.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23725.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55186.exe
        9⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9710.exe
        10⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28068.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15743.exe
        9⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23732.exe
        9⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39014.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28553.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12839.exe
        8⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47063.exe
        8⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35149.exe
        8⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3387.exe
        8⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23760.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25815.exe
        8⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30777.exe
        8⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41358.exe
        8⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52595.exe
        8⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14957.exe
        7⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31147.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59587.exe
        7⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11983.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25820.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1994.exe
        7⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58827.exe
        8⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18448.exe
        8⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40288.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61260.exe
        8⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54646.exe
        7⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15743.exe
        7⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48637.exe
        7⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53125.exe
        7⤵
        
        PID:4232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28728.exe
        6⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34559.exe
        7⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54572.exe
        7⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37950.exe
        7⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61260.exe
        7⤵
        
        PID:5064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25415.exe
        6⤵
        
        PID:436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54535.exe
        6⤵
        
        PID:3800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60184.exe
        6⤵
        
        PID:3264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23426.exe
        6⤵
        
        PID:4688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52494.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37326.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-372.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44080.exe
        8⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33491.exe
        8⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65392.exe
        7⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39813.exe
        7⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42521.exe
        7⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33223.exe
        7⤵
        
        PID:4276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53060.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63503.exe
        7⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21757.exe
        7⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14554.exe
        7⤵
        
        PID:4104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42289.exe
        6⤵
        
        PID:2368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18704.exe
        6⤵
        
        PID:2568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38398.exe
        6⤵
        
        PID:3980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18614.exe
        6⤵
        
        PID:3532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20452.exe
        6⤵
        
        PID:4888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23219.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28668.exe
        6⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37183.exe
        7⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21757.exe
        7⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55395.exe
        7⤵
        
        PID:4992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30851.exe
        6⤵
        
        PID:1772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55210.exe
        6⤵
        
        PID:3552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40744.exe
        6⤵
        
        PID:3780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12878.exe
        6⤵
        
        PID:5068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24184.exe
        5⤵
        
        PID:632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6292.exe
        5⤵
        
        PID:1644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14612.exe
        5⤵
        
        PID:3096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38056.exe
        5⤵
        
        PID:3776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6357.exe
        5⤵
        
        PID:4256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30459.exe
        5⤵
        
        PID:4844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9027.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9027.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48239.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61062.exe
        6⤵
        Executes dropped EXE
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1994.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29949.exe
        7⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15743.exe
        7⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8547.exe
        7⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39014.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39689.exe
        6⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52316.exe
        7⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14480.exe
        7⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57534.exe
        7⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43815.exe
        7⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11754.exe
        7⤵
        
        PID:4372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17400.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46795.exe
        7⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54359.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43461.exe
        7⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43663.exe
        7⤵
        
        PID:4320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24844.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11442.exe
        6⤵
        
        PID:3468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33223.exe
        6⤵
        
        PID:4268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7090.exe
        6⤵
        
        PID:4968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57533.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43626.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54470.exe
        7⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34348.exe
        7⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44613.exe
        7⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53092.exe
        7⤵
        
        PID:4388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28553.exe
        6⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33255.exe
        7⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34238.exe
        7⤵
        
        PID:4192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4308.exe
        6⤵
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63399.exe
        6⤵
        
        PID:3852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35149.exe
        6⤵
        
        PID:3884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11555.exe
        6⤵
        
        PID:5048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37496.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44080.exe
        6⤵
        
        PID:3180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8987.exe
        6⤵
        
        PID:4828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48154.exe
        5⤵
        
        PID:1624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14612.exe
        5⤵
        
        PID:3088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35586.exe
        5⤵
        
        PID:3668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45594.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50955.exe
        5⤵
        
        PID:4760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44138.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44138.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61254.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43626.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44080.exe
        7⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-819.exe
        7⤵
        
        PID:4384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36717.exe
        6⤵
        
        PID:1512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35833.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14312.exe
        6⤵
        
        PID:3252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31376.exe
        6⤵
        
        PID:4744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63833.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8974.exe
        6⤵
        
        PID:1828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58225.exe
        6⤵
        
        PID:3320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42755.exe
        6⤵
        
        PID:4056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47679.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42289.exe
        5⤵
        
        PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43593.exe
        5⤵
        
        PID:1716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54734.exe
        5⤵
        
        PID:3908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18614.exe
        5⤵
        
        PID:3488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36789.exe
        5⤵
        
        PID:4312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47834.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47834.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28693.exe
        5⤵
        
        PID:1732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22984.exe
        5⤵
        
        PID:900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45973.exe
        5⤵
        
        PID:3640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40744.exe
        5⤵
        
        PID:3756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37190.exe
        5⤵
        
        PID:5096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51180.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51180.exe
      4⤵
      PID:2756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55294.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31678.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31678.exe
      4⤵
      PID:3080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14055.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14055.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40259.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40259.exe
      4⤵
      PID:4080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63324.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63324.exe
      4⤵
      PID:4128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30796.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30796.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37445.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28177.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54975.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36717.exe
        6⤵
        
        PID:580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44560.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60184.exe
        6⤵
        
        PID:3284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31594.exe
        6⤵
        
        PID:5116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4007.exe
        5⤵
        
        PID:2052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36717.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44418.exe
        5⤵
        
        PID:4008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4510.exe
        5⤵
        
        PID:4764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56573.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26714.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28553.exe
        5⤵
        
        PID:2992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12839.exe
        5⤵
        
        PID:2452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44013.exe
        5⤵
        
        PID:3184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16157.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44609.exe
        5⤵
        
        PID:4160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31055.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31055.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44080.exe
        5⤵
        
        PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19209.exe
        5⤵
        
        PID:4940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48154.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48154.exe
      4⤵
      PID:2292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19167.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38198.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38198.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35680.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35680.exe
      4⤵
      PID:3580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55610.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55610.exe
      4⤵
      PID:4860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22954.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22954.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44212.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44212.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15728.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36588.exe
        6⤵
        
        PID:2204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49009.exe
        6⤵
        
        PID:3520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8301.exe
        6⤵
        
        PID:3260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19922.exe
        6⤵
        
        PID:4836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31298.exe
        5⤵
        
        PID:964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18978.exe
        5⤵
        
        PID:776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47063.exe
        5⤵
        
        PID:3960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35149.exe
        5⤵
        
        PID:3824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11534.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42289.exe
        5⤵
        
        PID:1952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36385.exe
        5⤵
        
        PID:2752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65507.exe
        5⤵
        
        PID:3160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18614.exe
        5⤵
        
        PID:3480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53125.exe
        5⤵
        
        PID:4208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61401.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61401.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3800.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31147.exe
      4⤵
      PID:2548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18520.exe
      4⤵
      PID:3716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1588.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1588.exe
      4⤵
      PID:4004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64459.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64459.exe
      4⤵
      PID:4832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11850.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11850.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23681.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23681.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30851.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30851.exe
      4⤵
      PID:2004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43539.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43539.exe
      4⤵
      PID:3460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18614.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18614.exe
      4⤵
      PID:3288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53125.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53125.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49151.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49151.exe
    3⤵
    PID:2140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28582.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28582.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6473.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6473.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22171.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22171.exe
    3⤵
    PID:3200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16878.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16878.exe
    3⤵
    PID:4776
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24605.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24605.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58830.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58830.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55701.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55701.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36044.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40315.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34882.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33789.exe
        8⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24214.exe
        8⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30890.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28553.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12839.exe
        7⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58220.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35149.exe
        7⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-603.exe
        7⤵
        
        PID:4228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41248.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28051.exe
        6⤵
        
        PID:2128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54514.exe
        6⤵
        
        PID:3540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38837.exe
        6⤵
        
        PID:3564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30459.exe
        6⤵
        
        PID:4800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43609.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48159.exe
        6⤵
        
        PID:2996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30851.exe
        6⤵
        
        PID:1956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45973.exe
        6⤵
        
        PID:3596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40744.exe
        6⤵
        
        PID:3768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12878.exe
        6⤵
        
        PID:5056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17550.exe
        5⤵
        
        PID:1704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28051.exe
        5⤵
        
        PID:2988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20772.exe
        5⤵
        
        PID:3608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34599.exe
        6⤵
        
        PID:4040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2334.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38653.exe
        5⤵
        
        PID:3236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26259.exe
        5⤵
        
        PID:4900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42327.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42327.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50521.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50521.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53631.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44080.exe
        6⤵
        
        PID:3176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25323.exe
        6⤵
        
        PID:4708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36717.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59587.exe
        5⤵
        
        PID:3792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11692.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59811.exe
        5⤵
        
        PID:4340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47118.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23250.exe
        5⤵
        
        PID:1684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19910.exe
        5⤵
        
        PID:4712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39489.exe
      4⤵
      PID:1640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11184.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11184.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55264.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55264.exe
      4⤵
      PID:3892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14149.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14149.exe
      4⤵
      PID:3996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9923.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9923.exe
      4⤵
      PID:4220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19499.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19499.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20092.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20092.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61415.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3047.exe
        6⤵
        
        PID:3528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56382.exe
        6⤵
        
        PID:4212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28553.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12839.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8635.exe
        5⤵
        
        PID:3128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35149.exe
        5⤵
        
        PID:3568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36059.exe
        5⤵
        
        PID:4996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33765.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33765.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44080.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41659.exe
        5⤵
        
        PID:4980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28051.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28051.exe
      4⤵
      PID:2952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20772.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20772.exe
      4⤵
      PID:3620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41274.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41274.exe
      4⤵
      PID:3872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8413.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8413.exe
      4⤵
      PID:5040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46551.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46551.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62108.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62108.exe
      4⤵
      PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44080.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9179.exe
        5⤵
        
        PID:4356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30851.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30851.exe
      4⤵
      PID:1068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19802.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19802.exe
      4⤵
      PID:3380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7474.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7474.exe
      4⤵
      PID:3148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22478.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22478.exe
      4⤵
      PID:4788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23416.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23416.exe
    3⤵
    PID:2064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11516.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11516.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46006.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46006.exe
    3⤵
    PID:3504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25799.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25799.exe
    3⤵
    PID:3484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60909.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60909.exe
    3⤵
    PID:5012
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20027.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20027.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55701.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55701.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28177.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28177.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60110.exe
        5⤵
        
        PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60894.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33947.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43721.exe
        5⤵
        
        PID:3704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1058.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3387.exe
        5⤵
        
        PID:4772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40244.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40244.exe
      4⤵
      PID:2976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9092.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9092.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39813.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39813.exe
      4⤵
      PID:696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35055.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35055.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50060.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50060.exe
      4⤵
      PID:3416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28621.exe
      4⤵
      PID:5028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41559.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41559.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37186.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37186.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14345.exe
        5⤵
        
        PID:548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44080.exe
        6⤵
        
        PID:3152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17155.exe
        6⤵
        
        PID:5032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20212.exe
        5⤵
        
        PID:1988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37856.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17045.exe
        5⤵
        
        PID:4164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28090.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36717.exe
      4⤵
      PID:2356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47526.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47526.exe
      4⤵
      PID:3784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-166.exe
      4⤵
      PID:3368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23426.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23426.exe
      4⤵
      PID:4704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5399.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5399.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34599.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34599.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26838.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26838.exe
      4⤵
      PID:5104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48154.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48154.exe
    3⤵
    PID:1628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19167.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19167.exe
    3⤵
    PID:2036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21862.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21862.exe
    3⤵
    PID:3952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35680.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35680.exe
    3⤵
    PID:3648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56290.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56290.exe
    3⤵
    PID:4412
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39100.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39100.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5016.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5016.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1994.exe
      4⤵
      PID:1308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11283.exe
        5⤵
        
        PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14480.exe
        5⤵
        
        PID:2584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2770.exe
        5⤵
        
        PID:3120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43815.exe
        5⤵
        
        PID:3616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52595.exe
        5⤵
        
        PID:4932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11449.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11449.exe
      4⤵
      PID:780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46602.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46602.exe
      4⤵
      PID:1400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3072.exe
      4⤵
      PID:3512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48637.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48637.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12284.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12284.exe
      4⤵
      PID:4380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33550.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33550.exe
    3⤵
    PID:1516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30851.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30851.exe
    3⤵
    PID:1904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2506.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2506.exe
    3⤵
    PID:3440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5082.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5082.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14310.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14310.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4696
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52111.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52111.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56127.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56127.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36908.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36908.exe
      4⤵
      PID:264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13589.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13589.exe
      4⤵
      PID:4196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22914.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22914.exe
      4⤵
      PID:4360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28553.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28553.exe
    3⤵
    PID:2864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12839.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12839.exe
    3⤵
    PID:3048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6030.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6030.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35149.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35149.exe
    3⤵
    PID:3868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60756.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60756.exe
    3⤵
    PID:4852
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45845.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45845.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42835.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42835.exe
    3⤵
    PID:1460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59332.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59332.exe
      4⤵
      PID:1908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5243.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5243.exe
      4⤵
      PID:688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52678.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52678.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32692.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32692.exe
      4⤵
      PID:4300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-603.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-603.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36717.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36717.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46545.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46545.exe
    3⤵
    PID:3584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24208.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24208.exe
    3⤵
    PID:3684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3924.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3924.exe
    3⤵
    PID:4400
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40159.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40159.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1260
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64721.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64721.exe
  2⤵
  PID:1896
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10972.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10972.exe
  2⤵
  PID:3676
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3533.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3533.exe
  2⤵
  PID:3924
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28935.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28935.exe
  2⤵
  PID:3404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-19499.exe

Filesize
468KB

MD5
1d43960381387e0d242c840a4793ad87

SHA1
0d8e5543324feb10583378c1b7232b4bb2ebb094

SHA256
daf3e59848dbbd6197dc990053e7104efbac0bd125f5a4d541c0f58d44ef81d8

SHA512
4a9ccc63bf385e16794bfbbf8a3e0ec37623acca6589c3bec501848e3c0b2ee633c2c3681ca793654109814ab9dec94012fa55e075f0f59c896d7147a08248c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22954.exe

Filesize
468KB

MD5
15ed110a8d69be515e71a25c011a299e

SHA1
3cc8347004f93b3ee6e47a46e521b9c36254d374

SHA256
a3fdd0f68333e8a5cba28114a9e2d3b91ab66081c2e07e105c86d389c6d41e25

SHA512
ff7a412840e3bd839120c3291196ea1eb2a1a87b0411186f0ad7b56da947c7128dd06850f6458d3dc966b374538b8ba774f93eb70ea81f2e0e425c84ed44a387

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30796.exe

Filesize
468KB

MD5
2455386e37e585e27b2d8a64d3c257ac

SHA1
b902a96ed28a1079c80e97c04c9a6ece3a2046e8

SHA256
10781f312243f3997fe04314e74b7b234994d3f887180d4f1023272a1f519a24

SHA512
e64efcd4b860a8799c0f20f0a63e8f9f548ccc2181ad6a72a7f35d7f5563a0a570191646afd57668c51bad33291dbf2460a1724a310433ca1858b6c48aa2858d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46006.exe

Filesize
468KB

MD5
011e43ef36c3178b6af1bdb067a6e5d7

SHA1
068c3a55923721911029c329c0f195dcaf6dd39c

SHA256
76d6b5255b7498017639704f324ddc7a5c08c1953bd55798d619b14a3fffa5fc

SHA512
4a6c552fe3ea30d29ad82a575e42ec490ab5020a06fdf34a0b3e618f67bbcda87c2fffd249ab6741677bb8bbca09f80b8eef247746a8ee4db0d846fa4528b4b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55186.exe

Filesize
468KB

MD5
588ac5e89265d94aba937db3a4019c26

SHA1
30a2e80afce9d0777125804d6c998268f7d2ba95

SHA256
8fecd504fd3ec50366eb3eef6cc7e83d05eda015127daf140627dd6a1c8eba54

SHA512
4d17b9faefcdc4617323285d6298752451a6860cd4ff0d1bf0533434c007fa791bb4df7923537661c9011b58a2a598a31eb4f271bb17f3b1eab9a84257a888e3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20027.exe

Filesize
468KB

MD5
cbe7c46110d57feaca411dab52f1fb05

SHA1
27fc2c13a7bf77aabba35588f78f6528e0997483

SHA256
efa35deb07aa81ab3fb359c8436fa47993dce87318fc96d08abafbacbf8fa483

SHA512
fc886f7651af336603177a66249b93eb37c6ac336e2726fbb28eb593ad3137f0468c7f3c48791861a7009c20c372cddd4c47302027a22664dfa78d13fecd7e15

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24605.exe

Filesize
468KB

MD5
f99250d6b7486a6dd98aec2a8754be9f

SHA1
e08d6ef8e152edadb0d93ed68dd7ec9430705894

SHA256
6d6e7ec5c9f4126adc857a4f77e7da9a35d970070a211b9b91735953cb5422a7

SHA512
1adca018496488d460c1e37232384643155487dce7ab1f547e42a1cb7cc6f83de4ab71d768b94dd22197479189617b2e2cf0dd2c3222ce5ab363cc2442be02aa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37445.exe

Filesize
468KB

MD5
73614d1d5fad2d7e6b56d3494e9873a6

SHA1
e13e9fc7efe4e5646a637201d2741a7f739cdd35

SHA256
dec3f1c066d8597cfb9dc89571ccd8d1e25a46e36fa752beec3256b433236b2c

SHA512
9e5d32bfd31adff0fa72fe346a0e67a311294a4ad7d4500c8e50067d3a671539010910434ec2c0a35267ee6617cd9b9acec96e3a0267df617e5c24ca143d3875

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39100.exe

Filesize
468KB

MD5
ceb13e1d1fe23b252abff94c58997841

SHA1
2c1b14b17478ebdbf78036e7b8ef80d8297fcf4b

SHA256
1a48a146fc1d41572b269255d722e77f7a6c7862e9e93f4256af302664f04bae

SHA512
1d01c18cb1640b67c13aced591a853b84197892cf4b9d2dffe45da9e0ffb14c79c7b33dea8cb61060d729ff343ae1747ddd7873b89357cd730ff3ea9c57a2a90

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46360.exe

Filesize
468KB

MD5
eb0c53c62d2ff385fc07e7e7d1e9e277

SHA1
292ef14d3eaeb122de3e0ac3fd6b24ca0eb6113a

SHA256
cb02f80e72224a40d2cc3af49a7a5a475e44073a331c0eb38f380dbe324f30d6

SHA512
c3d71e102b30dc8bf7fcfc729360905a3ed6ef69339c38e4c89d11082220587bc469db1d8e4ee67470bc0778464b0a0d95b7d6457784491a8ba6f567aeb32bc4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48239.exe

Filesize
468KB

MD5
c3a16947caeab9e37380da7e8721f62e

SHA1
7bfbe6c554f638e420b24778e5ac43f43377d9be

SHA256
87a19aecf0e8f77d76cb9de00380fef98757ee07c30366b949f4774c632f48fb

SHA512
b928aaec3c8ee5f2e30ba6c1057aaecfe4aefcf54f0dcb24908b299fce647062a268571e215bb0a8f8065cbaffddef216b29bbe25549ec4d050cd42092c461c4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48815.exe

Filesize
468KB

MD5
4f9f67a13163b4810f85cd69c40522c3

SHA1
0d38d19e821d119913086ca85d014c164dfcbf0b

SHA256
28aa6126eb7a9b1a80ea91eb1c61139a2ecbd546569fafb29ea0fc8e52455318

SHA512
33ab2a0f049541eb7bbee49f8290643c61f65ef97a858903e1fa90e894defa877a90edccb7e44358372ab39f3fba01ea3c6d95e0041ee7c4e20c5448655fe8de

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52494.exe

Filesize
468KB

MD5
e5b31b51e7ef0eb25c4317f84868a1a8

SHA1
b918927151ba12f130a45a857f7546bb6779d451

SHA256
a9ae392579a388ce69570a56c3e92db377b601b485fc061a562b528e1bf332fa

SHA512
5842522558778359474a595e8631875f28d395bf978051660b82a4959c39a4011993a4bf4019c3ef094176b1742952a26f1dbb401fa61cbee9ced1527284e5c9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52904.exe

Filesize
468KB

MD5
43a52901cff8da7491a170ab7648cff1

SHA1
b1e901a9368140df4f6e1525258cbed99dc8c42d

SHA256
982400ef688bcb1576415b13ffc0cbcad6aab69a0d74cefc26c16c5070966b7b

SHA512
3827d34af8152b3badd2d72cc8982750d1e259c54e5b11b14c0714c78c72c826ed6ed3d341b7f066f305b04859c2071aebcf6b32a6122da15d4d16c2ac9591b1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53023.exe

Filesize
468KB

MD5
2fe3f2b4253086b75f190f3ba6528e72

SHA1
08c58c6ac872b187ee054673ad25c2ace3a1aeec

SHA256
3922395199faa3bc45b246d7558837ab7efaff79c0a145f6f204dd6b65a64807

SHA512
1ec475e1acd5640c82d970289ed8dda895bf1362bc9085bac38cde8d825147bccf39e54fd8c2839486a81a4a337391920aad6edaf9602e2af972491944833e52

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55701.exe

Filesize
468KB

MD5
98440bc46f6c1a0dba4fe9e3dca38025

SHA1
c6c0bb171fde12443c6eb00cdd5ebcc119ee2d47

SHA256
3d5816ead75efea32dbd0b0724f71d5faf0ff0bcbf4143ff849215d138adec34

SHA512
9b85ba4a3a439d6d0060664fb56ed251de3650f6272afe6d69920be4b9bbfa4e1458c07d815fbb9f3c3cca52242eb7d30401d168c02e1c6fb50a1be723879d76

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55841.exe

Filesize
468KB

MD5
2dc5b87813bd5f5b0b326873535b8a33

SHA1
013657aded4c9b505a2d82ab756614a51b3c4089

SHA256
35a0b87787e4d9f5e35cc4d51f2ded047c834425e4b5720d21ad50c5781ea9a7

SHA512
a4cfa5ee77a2ad6c584024293eb83fe983069ee35a7071d4744525b2c441dff83d0526cb42b6e6154016a5b1f50bad33093de3104891054ce36d0f26ad44f445

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58830.exe

Filesize
468KB

MD5
29422ac0681192a3057e751bd3da1e90

SHA1
b02fd8ad18d7816a9bc81b2b48a7082f73716499

SHA256
f4f8925992db36526fdb159f2447fbc5d5a6246477f5f3e6248468ab8baa5587

SHA512
52fdc31ce91b92265d8d3877535f589456c0a3b384e2bf1192c8dec010d66c5ccae6152fa4e53439e269fe9780e8156ef60ebe9b3c8d4d8683de2f8fe66ccc27

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9027.exe

Filesize
468KB

MD5
c3e54d74723725ee90917004f7dc7d67

SHA1
e1e2e8c166cb86947d8ea5d4098a367b43b27d99

SHA256
d632ab530a8ff6a35b7ae50289780082789ff9051fdedc7488369245e28ed58b

SHA512
109d94edecf691721a7e29f122b6f41afc8bbc6bfc5b3fb3b73d03d991e1ffc24b1762f563642324373000f41e0c455f955c9a686d5c4fa0e6f56d232b29d588

Download Submit