a7765f4ccb8822d10df03376e018075b459b3a4f2f6080792d03868b42d04179

Analysis

max time kernel
115s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03/10/2024, 21:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a7765f4ccb8822d10df03376e018075b459b3a4f2f6080792d03868b42d04179N.exe
Size

468KB
MD5

99096b1066c6afc5b65172e16f2ea0e0
SHA1

b11e874c3c88983a4b66f8dd6c9e547c31c83a1b
SHA256

a7765f4ccb8822d10df03376e018075b459b3a4f2f6080792d03868b42d04179
SHA512

7ad25b1ddf52542ef08b3dfdd73b45a7f6fc8e6fe9bfbd5d0fefe50a6ed9a00454b8918a09991e6f0539dd0886765380c0404f1419683df901799cb284f16702
SSDEEP

3072:ZnCpovIwUf5/5bYAPgc5Of8nE5RhNIXPlmHoxS6seFfwGl9uGElN:ZnAoIB/5LPV5Ofr2h4eF4a9uG

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2648	Unicorn-46780.exe
2780	Unicorn-40641.exe
2696	Unicorn-16691.exe
2592	Unicorn-61144.exe
2720	Unicorn-46846.exe
2576	Unicorn-6489.exe
1452	Unicorn-52161.exe
2112	Unicorn-64818.exe
2156	Unicorn-1974.exe
2144	Unicorn-9395.exe
548	Unicorn-36038.exe
556	Unicorn-29907.exe
2076	Unicorn-59727.exe
1756	Unicorn-29598.exe
2140	Unicorn-8072.exe
1688	Unicorn-9918.exe
1372	Unicorn-61165.exe
2920	Unicorn-41321.exe
2184	Unicorn-17371.exe
1188	Unicorn-4372.exe
880	Unicorn-59795.exe
2440	Unicorn-18854.exe
1968	Unicorn-45960.exe
996	Unicorn-31015.exe
1276	Unicorn-9011.exe
2224	Unicorn-16167.exe
2204	Unicorn-38991.exe
1760	Unicorn-13724.exe
1716	Unicorn-28576.exe
2400	Unicorn-45467.exe
2324	Unicorn-2509.exe
2172	Unicorn-20718.exe
1712	Unicorn-6977.exe
2764	Unicorn-21267.exe
2768	Unicorn-23314.exe
2760	Unicorn-23314.exe
2772	Unicorn-36120.exe
2664	Unicorn-2793.exe
2860	Unicorn-4647.exe
2628	Unicorn-16905.exe
2644	Unicorn-5970.exe
2728	Unicorn-64730.exe
1136	Unicorn-50075.exe
1836	Unicorn-23698.exe
2836	Unicorn-11345.exe
2420	Unicorn-39842.exe
1592	Unicorn-39842.exe
360	Unicorn-39842.exe
2736	Unicorn-39842.exe
1672	Unicorn-59639.exe
2216	Unicorn-19483.exe
1656	Unicorn-56240.exe
568	Unicorn-21429.exe
788	Unicorn-18543.exe
2176	Unicorn-23397.exe
2136	Unicorn-44564.exe
2360	Unicorn-58207.exe
3036	Unicorn-49277.exe
1740	Unicorn-40287.exe
1924	Unicorn-56645.exe
1036	Unicorn-9482.exe
2996	Unicorn-26281.exe
1088	Unicorn-48840.exe
2256	Unicorn-46723.exe

Loads dropped DLL 64 IoCs

pid	Process
2876	a7765f4ccb8822d10df03376e018075b459b3a4f2f6080792d03868b42d04179N.exe
2876	a7765f4ccb8822d10df03376e018075b459b3a4f2f6080792d03868b42d04179N.exe
2648	Unicorn-46780.exe
2648	Unicorn-46780.exe
2876	a7765f4ccb8822d10df03376e018075b459b3a4f2f6080792d03868b42d04179N.exe
2876	a7765f4ccb8822d10df03376e018075b459b3a4f2f6080792d03868b42d04179N.exe
2696	Unicorn-16691.exe
2696	Unicorn-16691.exe
2876	a7765f4ccb8822d10df03376e018075b459b3a4f2f6080792d03868b42d04179N.exe
2648	Unicorn-46780.exe
2876	a7765f4ccb8822d10df03376e018075b459b3a4f2f6080792d03868b42d04179N.exe
2780	Unicorn-40641.exe
2648	Unicorn-46780.exe
2780	Unicorn-40641.exe
1248	WerFault.exe
1248	WerFault.exe
1248	WerFault.exe
1248	WerFault.exe
1248	WerFault.exe
1248	WerFault.exe
1248	WerFault.exe
1248	WerFault.exe
1248	WerFault.exe
2576	Unicorn-6489.exe
2576	Unicorn-6489.exe
2780	Unicorn-40641.exe
2780	Unicorn-40641.exe
1452	Unicorn-52161.exe
1452	Unicorn-52161.exe
2648	Unicorn-46780.exe
2592	Unicorn-61144.exe
2648	Unicorn-46780.exe
2592	Unicorn-61144.exe
2696	Unicorn-16691.exe
2696	Unicorn-16691.exe
2876	a7765f4ccb8822d10df03376e018075b459b3a4f2f6080792d03868b42d04179N.exe
2876	a7765f4ccb8822d10df03376e018075b459b3a4f2f6080792d03868b42d04179N.exe
2156	Unicorn-1974.exe
2156	Unicorn-1974.exe
2780	Unicorn-40641.exe
2780	Unicorn-40641.exe
548	Unicorn-36038.exe
548	Unicorn-36038.exe
2076	Unicorn-59727.exe
2592	Unicorn-61144.exe
2076	Unicorn-59727.exe
2592	Unicorn-61144.exe
2112	Unicorn-64818.exe
556	Unicorn-29907.exe
2696	Unicorn-16691.exe
2576	Unicorn-6489.exe
2112	Unicorn-64818.exe
556	Unicorn-29907.exe
2696	Unicorn-16691.exe
2576	Unicorn-6489.exe
2144	Unicorn-9395.exe
2144	Unicorn-9395.exe
1452	Unicorn-52161.exe
1452	Unicorn-52161.exe
2648	Unicorn-46780.exe
2648	Unicorn-46780.exe
1756	Unicorn-29598.exe
1756	Unicorn-29598.exe
2876	a7765f4ccb8822d10df03376e018075b459b3a4f2f6080792d03868b42d04179N.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1248	2720	WerFault.exe	34

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a7765f4ccb8822d10df03376e018075b459b3a4f2f6080792d03868b42d04179N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22832.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34513.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19483.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22302.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55052.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53216.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8861.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27719.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49423.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33143.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24477.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49423.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20718.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5970.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58088.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31279.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-542.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58261.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59795.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36307.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50946.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41321.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45467.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54315.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2977.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20652.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38271.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10596.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62672.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9324.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12065.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40641.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39842.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41207.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22832.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27145.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9482.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41760.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36307.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42745.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20308.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36326.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-542.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32831.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16691.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2793.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59639.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55908.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56173.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23068.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61956.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56811.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36326.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46846.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24719.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11367.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33205.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26070.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50880.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34036.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37252.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23314.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23039.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2876	a7765f4ccb8822d10df03376e018075b459b3a4f2f6080792d03868b42d04179N.exe
2648	Unicorn-46780.exe
2780	Unicorn-40641.exe
2696	Unicorn-16691.exe
2720	Unicorn-46846.exe
1452	Unicorn-52161.exe
2576	Unicorn-6489.exe
2592	Unicorn-61144.exe
2156	Unicorn-1974.exe
548	Unicorn-36038.exe
2144	Unicorn-9395.exe
2112	Unicorn-64818.exe
556	Unicorn-29907.exe
2076	Unicorn-59727.exe
1756	Unicorn-29598.exe
2140	Unicorn-8072.exe
1688	Unicorn-9918.exe
2184	Unicorn-17371.exe
2920	Unicorn-41321.exe
1372	Unicorn-61165.exe
1188	Unicorn-4372.exe
880	Unicorn-59795.exe
996	Unicorn-31015.exe
2440	Unicorn-18854.exe
1276	Unicorn-9011.exe
1968	Unicorn-45960.exe
2224	Unicorn-16167.exe
2204	Unicorn-38991.exe
1760	Unicorn-13724.exe
1716	Unicorn-28576.exe
2400	Unicorn-45467.exe
2324	Unicorn-2509.exe
2172	Unicorn-20718.exe
1712	Unicorn-6977.exe
2764	Unicorn-21267.exe
2760	Unicorn-23314.exe
2772	Unicorn-36120.exe
2664	Unicorn-2793.exe
2628	Unicorn-16905.exe
2860	Unicorn-4647.exe
2728	Unicorn-64730.exe
2644	Unicorn-5970.exe
1136	Unicorn-50075.exe
1836	Unicorn-23698.exe
2420	Unicorn-39842.exe
2836	Unicorn-11345.exe
360	Unicorn-39842.exe
1592	Unicorn-39842.exe
2736	Unicorn-39842.exe
1672	Unicorn-59639.exe
2216	Unicorn-19483.exe
1656	Unicorn-56240.exe
788	Unicorn-18543.exe
568	Unicorn-21429.exe
2176	Unicorn-23397.exe
2136	Unicorn-44564.exe
3036	Unicorn-49277.exe
2360	Unicorn-58207.exe
1740	Unicorn-40287.exe
1924	Unicorn-56645.exe
1036	Unicorn-9482.exe
1088	Unicorn-48840.exe
2996	Unicorn-26281.exe
2256	Unicorn-46723.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2876 wrote to memory of 2648	2876	a7765f4ccb8822d10df03376e018075b459b3a4f2f6080792d03868b42d04179N.exe	30
PID 2876 wrote to memory of 2648	2876	a7765f4ccb8822d10df03376e018075b459b3a4f2f6080792d03868b42d04179N.exe	30
PID 2876 wrote to memory of 2648	2876	a7765f4ccb8822d10df03376e018075b459b3a4f2f6080792d03868b42d04179N.exe	30
PID 2876 wrote to memory of 2648	2876	a7765f4ccb8822d10df03376e018075b459b3a4f2f6080792d03868b42d04179N.exe	30
PID 2648 wrote to memory of 2780	2648	Unicorn-46780.exe	31
PID 2648 wrote to memory of 2780	2648	Unicorn-46780.exe	31
PID 2648 wrote to memory of 2780	2648	Unicorn-46780.exe	31
PID 2648 wrote to memory of 2780	2648	Unicorn-46780.exe	31
PID 2876 wrote to memory of 2696	2876	a7765f4ccb8822d10df03376e018075b459b3a4f2f6080792d03868b42d04179N.exe	32
PID 2876 wrote to memory of 2696	2876	a7765f4ccb8822d10df03376e018075b459b3a4f2f6080792d03868b42d04179N.exe	32
PID 2876 wrote to memory of 2696	2876	a7765f4ccb8822d10df03376e018075b459b3a4f2f6080792d03868b42d04179N.exe	32
PID 2876 wrote to memory of 2696	2876	a7765f4ccb8822d10df03376e018075b459b3a4f2f6080792d03868b42d04179N.exe	32
PID 2696 wrote to memory of 2592	2696	Unicorn-16691.exe	33
PID 2696 wrote to memory of 2592	2696	Unicorn-16691.exe	33
PID 2696 wrote to memory of 2592	2696	Unicorn-16691.exe	33
PID 2696 wrote to memory of 2592	2696	Unicorn-16691.exe	33
PID 2876 wrote to memory of 2720	2876	a7765f4ccb8822d10df03376e018075b459b3a4f2f6080792d03868b42d04179N.exe	34
PID 2876 wrote to memory of 2720	2876	a7765f4ccb8822d10df03376e018075b459b3a4f2f6080792d03868b42d04179N.exe	34
PID 2876 wrote to memory of 2720	2876	a7765f4ccb8822d10df03376e018075b459b3a4f2f6080792d03868b42d04179N.exe	34
PID 2876 wrote to memory of 2720	2876	a7765f4ccb8822d10df03376e018075b459b3a4f2f6080792d03868b42d04179N.exe	34
PID 2648 wrote to memory of 1452	2648	Unicorn-46780.exe	35
PID 2648 wrote to memory of 1452	2648	Unicorn-46780.exe	35
PID 2648 wrote to memory of 1452	2648	Unicorn-46780.exe	35
PID 2648 wrote to memory of 1452	2648	Unicorn-46780.exe	35
PID 2780 wrote to memory of 2576	2780	Unicorn-40641.exe	36
PID 2780 wrote to memory of 2576	2780	Unicorn-40641.exe	36
PID 2780 wrote to memory of 2576	2780	Unicorn-40641.exe	36
PID 2780 wrote to memory of 2576	2780	Unicorn-40641.exe	36
PID 2720 wrote to memory of 1248	2720	Unicorn-46846.exe	37
PID 2720 wrote to memory of 1248	2720	Unicorn-46846.exe	37
PID 2720 wrote to memory of 1248	2720	Unicorn-46846.exe	37
PID 2720 wrote to memory of 1248	2720	Unicorn-46846.exe	37
PID 2576 wrote to memory of 2112	2576	Unicorn-6489.exe	38
PID 2576 wrote to memory of 2112	2576	Unicorn-6489.exe	38
PID 2576 wrote to memory of 2112	2576	Unicorn-6489.exe	38
PID 2576 wrote to memory of 2112	2576	Unicorn-6489.exe	38
PID 2780 wrote to memory of 2156	2780	Unicorn-40641.exe	39
PID 2780 wrote to memory of 2156	2780	Unicorn-40641.exe	39
PID 2780 wrote to memory of 2156	2780	Unicorn-40641.exe	39
PID 2780 wrote to memory of 2156	2780	Unicorn-40641.exe	39
PID 1452 wrote to memory of 2144	1452	Unicorn-52161.exe	40
PID 1452 wrote to memory of 2144	1452	Unicorn-52161.exe	40
PID 1452 wrote to memory of 2144	1452	Unicorn-52161.exe	40
PID 1452 wrote to memory of 2144	1452	Unicorn-52161.exe	40
PID 2648 wrote to memory of 556	2648	Unicorn-46780.exe	41
PID 2648 wrote to memory of 556	2648	Unicorn-46780.exe	41
PID 2648 wrote to memory of 556	2648	Unicorn-46780.exe	41
PID 2648 wrote to memory of 556	2648	Unicorn-46780.exe	41
PID 2592 wrote to memory of 548	2592	Unicorn-61144.exe	42
PID 2592 wrote to memory of 548	2592	Unicorn-61144.exe	42
PID 2592 wrote to memory of 548	2592	Unicorn-61144.exe	42
PID 2592 wrote to memory of 548	2592	Unicorn-61144.exe	42
PID 2696 wrote to memory of 2076	2696	Unicorn-16691.exe	43
PID 2696 wrote to memory of 2076	2696	Unicorn-16691.exe	43
PID 2696 wrote to memory of 2076	2696	Unicorn-16691.exe	43
PID 2696 wrote to memory of 2076	2696	Unicorn-16691.exe	43
PID 2876 wrote to memory of 1756	2876	a7765f4ccb8822d10df03376e018075b459b3a4f2f6080792d03868b42d04179N.exe	44
PID 2876 wrote to memory of 1756	2876	a7765f4ccb8822d10df03376e018075b459b3a4f2f6080792d03868b42d04179N.exe	44
PID 2876 wrote to memory of 1756	2876	a7765f4ccb8822d10df03376e018075b459b3a4f2f6080792d03868b42d04179N.exe	44
PID 2876 wrote to memory of 1756	2876	a7765f4ccb8822d10df03376e018075b459b3a4f2f6080792d03868b42d04179N.exe	44
PID 2156 wrote to memory of 2140	2156	Unicorn-1974.exe	45
PID 2156 wrote to memory of 2140	2156	Unicorn-1974.exe	45
PID 2156 wrote to memory of 2140	2156	Unicorn-1974.exe	45
PID 2156 wrote to memory of 2140	2156	Unicorn-1974.exe	45

C:\Users\Admin\AppData\Local\Temp\a7765f4ccb8822d10df03376e018075b459b3a4f2f6080792d03868b42d04179N.exe
"C:\Users\Admin\AppData\Local\Temp\a7765f4ccb8822d10df03376e018075b459b3a4f2f6080792d03868b42d04179N.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2876
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46780.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46780.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40641.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40641.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6489.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64818.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59795.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39842.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62862.exe
        8⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23147.exe
        8⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27339.exe
        8⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50880.exe
        8⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60959.exe
        8⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59333.exe
        7⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56811.exe
        7⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32887.exe
        7⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36326.exe
        7⤵
        
        PID:4860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21429.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25102.exe
        6⤵
        
        PID:1932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56811.exe
        6⤵
        
        PID:3144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32887.exe
        6⤵
        
        PID:3108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36326.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45960.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23698.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51430.exe
        7⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58820.exe
        8⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37252.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38741.exe
        7⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3883.exe
        7⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21886.exe
        7⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37035.exe
        7⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-734.exe
        7⤵
        
        PID:4404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58783.exe
        6⤵
        
        PID:2180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17173.exe
        6⤵
        
        PID:1736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40605.exe
        6⤵
        
        PID:3620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49423.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19260.exe
        6⤵
        
        PID:4772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11345.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62758.exe
        6⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50673.exe
        7⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21264.exe
        7⤵
        
        PID:3324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11367.exe
        6⤵
        
        PID:1216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50946.exe
        6⤵
        
        PID:3248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49423.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19260.exe
        6⤵
        
        PID:4788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1424.exe
        5⤵
        
        PID:2560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56350.exe
        6⤵
        
        PID:4700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22302.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31610.exe
        5⤵
        
        PID:3272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28422.exe
        5⤵
        
        PID:3356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64179.exe
        5⤵
        
        PID:4568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1974.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8072.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28576.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56645.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11367.exe
        7⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50946.exe
        7⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21886.exe
        7⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37035.exe
        7⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43712.exe
        7⤵
        
        PID:4276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48840.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25102.exe
        6⤵
        
        PID:2392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56811.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13221.exe
        6⤵
        
        PID:3732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50158.exe
        6⤵
        
        PID:4348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12309.exe
        6⤵
        
        PID:4552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45467.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58207.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51934.exe
        7⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11342.exe
        7⤵
        
        PID:4524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17173.exe
        6⤵
        
        PID:1312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60039.exe
        6⤵
        
        PID:3900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42215.exe
        6⤵
        
        PID:3876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-542.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9482.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54850.exe
        6⤵
        
        PID:3052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31279.exe
        6⤵
        
        PID:3800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63759.exe
        6⤵
        
        PID:4204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30968.exe
        5⤵
        
        PID:1684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48146.exe
        5⤵
        
        PID:3192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62223.exe
        5⤵
        
        PID:3460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37566.exe
        5⤵
        
        PID:4104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39247.exe
        5⤵
        
        PID:4284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9918.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9918.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2509.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15888.exe
        6⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56173.exe
        7⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55052.exe
        7⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27339.exe
        7⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50880.exe
        7⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24477.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20355.exe
        6⤵
        
        PID:1660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36883.exe
        6⤵
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33205.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42215.exe
        6⤵
        
        PID:3776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44423.exe
        6⤵
        
        PID:4160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36862.exe
        5⤵
        
        PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25102.exe
        5⤵
        
        PID:2652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26085.exe
        5⤵
        
        PID:3096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35779.exe
        5⤵
        
        PID:3652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27599.exe
        5⤵
        
        PID:4248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55288.exe
        5⤵
        
        PID:4576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20718.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20718.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23397.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3168.exe
        6⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56173.exe
        7⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55052.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27339.exe
        7⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50880.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60959.exe
        7⤵
        
        PID:4220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50043.exe
        6⤵
        
        PID:2940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9115.exe
        6⤵
        
        PID:2164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6525.exe
        6⤵
        
        PID:3924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62672.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58261.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61559.exe
        5⤵
        
        PID:2276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34513.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57621.exe
        6⤵
        
        PID:3980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9187.exe
        6⤵
        
        PID:4632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23039.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10066.exe
        5⤵
        
        PID:3480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32887.exe
        5⤵
        
        PID:3992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36326.exe
        5⤵
        
        PID:4876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49277.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49277.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50003.exe
        5⤵
        
        PID:2768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20594.exe
        5⤵
        
        PID:3492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45015.exe
        5⤵
        
        PID:3736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33143.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5767.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5767.exe
      4⤵
      PID:2192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48676.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48676.exe
      4⤵
      PID:3280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57757.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57757.exe
      4⤵
      PID:3696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40357.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40357.exe
      4⤵
      PID:4336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20370.exe
      4⤵
      PID:4724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52161.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52161.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9395.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31015.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39842.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55929.exe
        7⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55685.exe
        7⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26070.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57361.exe
        7⤵
        
        PID:4988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59333.exe
        6⤵
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57879.exe
        6⤵
        
        PID:2572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33205.exe
        6⤵
        
        PID:4008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42215.exe
        6⤵
        
        PID:3848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7942.exe
        6⤵
        
        PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59639.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30278.exe
        6⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40216.exe
        7⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45893.exe
        7⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49291.exe
        7⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17024.exe
        7⤵
        
        PID:4960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11367.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50946.exe
        6⤵
        
        PID:3232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21886.exe
        6⤵
        
        PID:3388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23261.exe
        6⤵
        
        PID:4488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28646.exe
        6⤵
        
        PID:5084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9119.exe
        5⤵
        
        PID:2000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23039.exe
        5⤵
        
        PID:2100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38655.exe
        5⤵
        
        PID:3572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32887.exe
        5⤵
        
        PID:3956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36326.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9011.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9011.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6977.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46723.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8861.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24844.exe
        7⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39836.exe
        7⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34103.exe
        7⤵
        
        PID:4312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11367.exe
        6⤵
        
        PID:1080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50946.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21886.exe
        6⤵
        
        PID:3360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9324.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38222.exe
        6⤵
        
        PID:4608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24719.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28338.exe
        6⤵
        
        PID:4156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25102.exe
        5⤵
        
        PID:1996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56811.exe
        5⤵
        
        PID:3184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32887.exe
        5⤵
        
        PID:3948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16113.exe
        5⤵
        
        PID:4652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21267.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21267.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42447.exe
        5⤵
        
        PID:2384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17173.exe
        5⤵
        
        PID:1096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61025.exe
        5⤵
        
        PID:3700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53315.exe
        5⤵
        
        PID:1564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57361.exe
        5⤵
        
        PID:4972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59286.exe
      4⤵
      PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14896.exe
        5⤵
        
        PID:1580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12866.exe
        5⤵
        
        PID:3464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58088.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35795.exe
        5⤵
        
        PID:4664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22302.exe
      4⤵
      PID:2104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10596.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10596.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28422.exe
      4⤵
      PID:4068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9460.exe
      4⤵
      PID:4688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29907.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29907.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4372.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39842.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57725.exe
        6⤵
        
        PID:4392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17180.exe
        6⤵
        
        PID:4180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59333.exe
        5⤵
        
        PID:2828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23068.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33205.exe
        5⤵
        
        PID:4028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42215.exe
        5⤵
        
        PID:3436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13697.exe
        5⤵
        
        PID:4236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56240.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56240.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56173.exe
        5⤵
        
        PID:3044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23452.exe
        5⤵
        
        PID:304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40195.exe
        5⤵
        
        PID:3512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20308.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3601.exe
        5⤵
        
        PID:4920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50043.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50043.exe
      4⤵
      PID:1728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5607.exe
      4⤵
      PID:2600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41114.exe
        5⤵
        
        PID:3408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63319.exe
        5⤵
        
        PID:4828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24539.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24539.exe
      4⤵
      PID:3164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25679.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25679.exe
      4⤵
      PID:3820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36.exe
      4⤵
      PID:4184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16167.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16167.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4647.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4647.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1689.exe
        5⤵
        
        PID:2620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11367.exe
        5⤵
        
        PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50946.exe
        5⤵
        
        PID:3256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21886.exe
        5⤵
        
        PID:2528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23261.exe
        5⤵
        
        PID:4480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32730.exe
        5⤵
        
        PID:3968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44585.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44585.exe
      4⤵
      PID:2016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1742.exe
        5⤵
        
        PID:5004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17173.exe
      4⤵
      PID:2012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19277.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19277.exe
      4⤵
      PID:3440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25679.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25679.exe
      4⤵
      PID:3828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25008.exe
      4⤵
      PID:4412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16905.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16905.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54315.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54315.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42655.exe
        5⤵
        
        PID:1832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27719.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52223.exe
        5⤵
        
        PID:3432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44461.exe
        5⤵
        
        PID:4704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17173.exe
      4⤵
      PID:2188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40605.exe
      4⤵
      PID:3612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49423.exe
      4⤵
      PID:3168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19260.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19260.exe
      4⤵
      PID:4796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41760.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41760.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62499.exe
      4⤵
      PID:2668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55685.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55685.exe
      4⤵
      PID:3208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16021.exe
      4⤵
      PID:3644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52800.exe
      4⤵
      PID:4264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54758.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54758.exe
      4⤵
      PID:4604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22832.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22832.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61956.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61956.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9444.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9444.exe
    3⤵
    PID:3448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14900.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14900.exe
    3⤵
    PID:4120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41103.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41103.exe
    3⤵
    PID:4304
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16691.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16691.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61144.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61144.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36038.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36038.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61165.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40287.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41207.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3438.exe
        7⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16265.exe
        7⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61980.exe
        7⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8359.exe
        7⤵
        
        PID:4940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50043.exe
        6⤵
        
        PID:1260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20652.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14994.exe
        6⤵
        
        PID:3520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42745.exe
        6⤵
        
        PID:3760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4572.exe
        6⤵
        
        PID:5040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5970.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35416.exe
        6⤵
        
        PID:3352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31279.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33032.exe
        6⤵
        
        PID:3420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50043.exe
        5⤵
        
        PID:872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50148.exe
        5⤵
        
        PID:2744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23053.exe
        5⤵
        
        PID:3880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62672.exe
        5⤵
        
        PID:3568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58261.exe
        5⤵
        
        PID:5048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17371.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17371.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23314.exe
        5⤵
        Executes dropped EXE
        
        PID:2768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44564.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56173.exe
        6⤵
        
        PID:1780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57190.exe
        6⤵
        
        PID:2812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27339.exe
        6⤵
        
        PID:3288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13709.exe
        6⤵
        
        PID:3972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52073.exe
        6⤵
        
        PID:4648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50043.exe
        5⤵
        
        PID:2228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42748.exe
        5⤵
        
        PID:2024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13751.exe
        5⤵
        
        PID:3580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16035.exe
        5⤵
        
        PID:4144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21660.exe
        5⤵
        
        PID:4344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2793.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14564.exe
        5⤵
        
        PID:2344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3438.exe
        5⤵
        
        PID:1628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55160.exe
        5⤵
        
        PID:3684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24430.exe
        5⤵
        
        PID:3864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8359.exe
        5⤵
        
        PID:4928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55908.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55908.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-450.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-450.exe
      4⤵
      PID:2676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8004.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8004.exe
      4⤵
      PID:4092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42745.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3477.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3477.exe
      4⤵
      PID:4460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59727.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59727.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41321.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41321.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23314.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56173.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53874.exe
        6⤵
        
        PID:2776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27339.exe
        6⤵
        
        PID:3140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50880.exe
        6⤵
        
        PID:3788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13128.exe
        6⤵
        
        PID:5056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36307.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3250.exe
        5⤵
        
        PID:904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33205.exe
        5⤵
        
        PID:4000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42215.exe
        5⤵
        
        PID:3504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-542.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36120.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36120.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34036.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32831.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50043.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50043.exe
      4⤵
      PID:764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53216.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53216.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6634.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6634.exe
      4⤵
      PID:3764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15843.exe
      4⤵
      PID:2724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42272.exe
      4⤵
      PID:4756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18854.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18854.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64730.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38062.exe
        5⤵
        
        PID:2672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28628.exe
        6⤵
        
        PID:2804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44144.exe
        6⤵
        
        PID:1132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27339.exe
        6⤵
        
        PID:3120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28322.exe
        6⤵
        
        PID:3600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64865.exe
        6⤵
        
        PID:4728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17173.exe
        5⤵
        
        PID:2060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42852.exe
        5⤵
        
        PID:3412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49423.exe
        5⤵
        
        PID:3984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19260.exe
        5⤵
        
        PID:4780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63697.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63697.exe
      4⤵
      PID:1464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23039.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23039.exe
      4⤵
      PID:2616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40793.exe
      4⤵
      PID:3496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32887.exe
      4⤵
      PID:4036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36326.exe
      4⤵
      PID:4848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50075.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50075.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44077.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44077.exe
      4⤵
      PID:3632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38487.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38487.exe
      4⤵
      PID:4048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38596.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38596.exe
      4⤵
      PID:4680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2977.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2977.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17547.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17547.exe
    3⤵
    PID:2984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25070.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25070.exe
    3⤵
    PID:4040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21214.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21214.exe
    3⤵
    PID:3692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12065.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12065.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5108
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46846.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46846.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2720
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 200
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1248
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29598.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29598.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38991.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38991.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39842.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56173.exe
        5⤵
        
        PID:3048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55052.exe
        5⤵
        
        PID:2380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27339.exe
        5⤵
        
        PID:3116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50880.exe
        5⤵
        
        PID:3400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37798.exe
        5⤵
        
        PID:4292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36307.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36307.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3250.exe
      4⤵
      PID:2964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33205.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33205.exe
      4⤵
      PID:4060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42215.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42215.exe
      4⤵
      PID:3844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10272.exe
      4⤵
      PID:4584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19483.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19483.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1555.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1555.exe
      4⤵
      PID:4952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23039.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23039.exe
    3⤵
    PID:2840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38271.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38271.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32887.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32887.exe
    3⤵
    PID:3916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36326.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36326.exe
    3⤵
    PID:4868
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13724.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13724.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26281.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26281.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23039.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23039.exe
    3⤵
    PID:628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40793.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40793.exe
    3⤵
    PID:3536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32887.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32887.exe
    3⤵
    PID:3936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36326.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36326.exe
    3⤵
    PID:4840
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18543.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18543.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32048.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32048.exe
    3⤵
    PID:2244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27994.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27994.exe
    3⤵
    PID:3928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45015.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45015.exe
    3⤵
    PID:3832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7595.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7595.exe
    3⤵
    PID:5028
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22832.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22832.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:264
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27145.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27145.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3216
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52422.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52422.exe
  2⤵
  PID:3668
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52725.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52725.exe
  2⤵
  PID:4224
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31529.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31529.exe
  2⤵
  PID:4676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1974.exe

Filesize
468KB

MD5
248bac3a039a626858a207d59a30d65c

SHA1
056683bb044c2b414a18b59aa069d27d9e0ac75f

SHA256
ed326904a974def254390c2cb420259d83dbe913736e89ed9d1fb8b2b2689c00

SHA512
8b81f4a3ec74ba1ab2c1a0cdbcea992824b0a14bb55fbfc9eb2be85b470c51df160eca2c949881d0b7fc70d2da2fc86b39f6d5576c2858124c780269fe8b5e99

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29598.exe

Filesize
468KB

MD5
b86270969505fc83138bcd56e972a1a0

SHA1
40b885f620f7102058fe77c3f12e42582b869381

SHA256
0dc249d2fd7b1fc86e9c265b01802db0fb2f76bc6ef216180bc9be0a2ce87b67

SHA512
647598f9af1ebf9b499a28683f3b3ec1a7f233cce7ae19a25e6b11d1d07898488b876b06fb22f2c295ee751ba6bb1b1eed6c5b26e685d44904243962a5e2f46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35779.exe

Filesize
468KB

MD5
d67ba6ee4a9f3ab92a5c23e0eb858a42

SHA1
c8a04b46989f7e49cc1496cc40c7b7af06d8b6b0

SHA256
78930e7a7df955a96f795c7cac79effffa1c025d9dd6445e3df474ea8ece614f

SHA512
f95a69841fe7042b5f9fe3a3475615917b7cf659d2e03d786c12d8ab44b1dbd5512174f6307132a075150c523c839062a0f4aec4c3bd0b525c6cad3e8ef65eb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35795.exe

Filesize
468KB

MD5
9a2b450cb3e1e4feb2bbf0615c80f5c4

SHA1
146d2faf043cc6673ab6db6c1d9130e580b7eb8f

SHA256
f1eb8ea2cb8cbd4b7f0adac356a0db4665d860fefdd5fe7e2416f36d6972dd28

SHA512
3f6a7a81d82d7b24d763eb15ab202b6f03dfc172cca80e23adb04fb00420e56bc3acd424bc97a1149cb05020e3ef352e5af6a6a24064aecf4a9d8a7b6800542f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51934.exe

Filesize
468KB

MD5
378a819053b07eb835c812ee6787167b

SHA1
baf5e0deb70ace8f9a672e44539a209960318bd8

SHA256
6c25a3db71c88c1bca4cd1eb5662973758939e5cfd553f4d49530ba5b8bf9574

SHA512
bb11529fb1f3802fb05d240284aecefe085c5d7feb2e661f552e90e7aa3e54196e54770c6d770fb808af02de9038e585f36069ef19f19085eb4126e63483d9d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52161.exe

Filesize
468KB

MD5
3e8f7fc6c1da659dc9ed67575f88e887

SHA1
c2c52fc1cf78a355757009040a0a6a0f89334ba2

SHA256
93a1461a9467978a409717b9515a5651ca8d5c99821566fa3dab68435fabca56

SHA512
295671873f679645465d25338ba52d9cb8b925c0db244ae70f7f7982a1d15d0ab518cf388cf34909dd9a827c82704ab7323e050063f610fe47c3478e9a959578

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64818.exe

Filesize
468KB

MD5
9121d9fd853b2d7e30bc54c066a4cda1

SHA1
d06d668d9909fe8a65275b302792a7f7347c7c2f

SHA256
10b0a52a152b5058903a783f6c7e9962bb77877b61cd24cf7a0457f210757776

SHA512
c94fb9793dea6929ec78e966628725371f94b8c496dd57c77622149983453802c849d7b16a2a712eaaec4d5c69c64173c0aabfbf3e61b4a3ba7ab503e233b9a1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16691.exe

Filesize
468KB

MD5
b6b2ec25275bbdb42aa358b3ba50bba7

SHA1
9ed734e6c7e9abbfc5d6f9a9bfeea6f5a150ec15

SHA256
da7e43a6a0876b5f764dbe6a888b3a63b0df7056cb7dcadab1ea6204685ac5b1

SHA512
c2581f5deb0bf9f003e00d03fa3bdaf016de44f047a22472033060ff8bf0dd253842c9547d27a0f2dba4bcf0fd21e39c0e979f2eca89d27128e7f1b296fdd36f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29907.exe

Filesize
468KB

MD5
11cb9c2b0d45c550fa4e53e5e6996c1d

SHA1
6a2733c5720703c56bd95889084cdd9846041ed7

SHA256
0b859cc4fa3b3418c8ead80c91a8122804b6686cf0ac70cf6c1f1921c06c7a8e

SHA512
b63535e237a8e0651190463e46d7f7c0ebea4aede3f5f6024d7524b3a377d4eccf6bbff3dec655f32d7cccddf1d2c22ba9511c4a13d993c3b80c951fcc20164d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36038.exe

Filesize
468KB

MD5
3181a01978ec9786de56ad9cabf917c9

SHA1
12c873298018e3a1ba6dd76b10fdc54f9be94b36

SHA256
386cf27305a54175d0d1b872b45abac35c252f22c431efa527e4bdf8fb84c96e

SHA512
4261d8cf853182e1aebe7fb5da66fe735ecc6f65aa24502aabc894f78780573d3843c0372627148cf59ae854532c24dcd18ead9fecec7cb784d7659bd8ad4849

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40641.exe

Filesize
468KB

MD5
448f15a22f08471dc44b1b067e3087b6

SHA1
7dda11f64328b6cd30c9b861e4a7b9b956fbe588

SHA256
25a5507d55ae8ae81ca98c82188908297180adc443b37dd7db9b8f90105e3628

SHA512
b291305ce31a57b578b9ea064a051c533f6abebb36639ecb66428f734756547400dd07dfbe60bf5de4c5913d23ef81bb1ac1db5808ae2ecd2922ee04978b7706

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46780.exe

Filesize
468KB

MD5
c6ed6a297583555ff38aa99c6a927842

SHA1
bac162fdfc4bf6b3247c19160c2d86cfbba51ac0

SHA256
726d5a4a58e5f2bbc2d81bb130d47ca93289a4be59806799c134e590faf91748

SHA512
f8681846bdd4c90fc248f124c6bbd53549448eba7847d45f3a09b86d764f6d5b9fd2bbc0295cf9cb266bedca935b5a93bae957c89d160a193bb4cc1d34a3ae0b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46846.exe

Filesize
468KB

MD5
e0f5fdf10c40cb4d27d04fdad6263f59

SHA1
fd9c90a49da9815c3bc2613684b6af8ed674de8d

SHA256
86387108f534115779b2677253e072eb6d548e22fd26ddb68faffd81c9b74ff8

SHA512
a730025cc1bc79ad7698fde1bab20c881c128ae7671cd473b8d85ee70ea53e77fe27f59d8ac5a4bea80bbef24a368d8813026d9c29d8dc27bb92ae6e0f9b71eb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59727.exe

Filesize
468KB

MD5
5c17598e8c9b9e715bbb8492150930be

SHA1
2ed466c8c9aff92027ba56f185021efc3da166e3

SHA256
91522bae14aa29ff0a60b723643709a9cf78eace1fd43d2594175fd276f6b2b4

SHA512
544339371f7920dc2e4280e541907e7f72e4fb249de171cfd2fbcf7b4430d38a22b77d6543b0084dccc1204fc2a9c4c710c32a74dfbcc8a7e0beb95a65d8f2b6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61144.exe

Filesize
468KB

MD5
b87d0882da387e95cf2392f129012cff

SHA1
f640e1c64d9e95de4242565f0958c1ecf0a3b265

SHA256
e791356e255054ce9b481bed3990a9a1f3a3640c71ad651d2600a79e255e83c0

SHA512
c793dcaaa5895424bc2056377579266ca8c4d31b1a96b46b87e7c2a05f5c95f1c6658acc3c4f1bf0c70f1f831bd00611316546584f435e804322bb93d0299332

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6489.exe

Filesize
468KB

MD5
179150ee90cf940d41ec45c475b371bc

SHA1
74f4e97c040a3b1795f6541eb00a622ca716881b

SHA256
0bab83fc7f09ed40a9b1d5c6cc1a3b936ac9a6bffe88541c00ae344381e09476

SHA512
16512036cf1cde81a94c650cedcbefe3a1700de3008f2d537a24004ce78c7d7aca3a2591ad75d2db36e1ae09a56b0fa2dc3656543cc69a4fafd9c11bd44eb6b2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8072.exe

Filesize
468KB

MD5
8927eb5ea6541e78d1020da74b536270

SHA1
04b79e1ecdda2e5da68776b8be00b330f32c3d2d

SHA256
7852423bb04e925ec5e7d977d1dfa23e772727fa50771a86f736a2369f8682ee

SHA512
02e0ee91185514ade55fd22df96973fba3823018cea6d13ff80d8cd3914cf7d506e2d70df45cfd775875b7687abd6b832e9aef7e745b1114846527dc58d6cd23

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9395.exe

Filesize
468KB

MD5
cd665acadaf30a126c1ef249521c24dc

SHA1
0bd9db8eb9fcb6233361300ae0fbc3e6abbc9abc

SHA256
1fb42180a7060185d7c6c772a19ef87925df2c54cd2a08f77cf7d2f0833a7145

SHA512
988efe5a844e2b768497ac0c89c1d495edc9b6e8b2f8629e8aa1ac2495652d22057cca0b43a752fa15368d9b4fa57dfd655e353b4fd3ec9fb8be29b694f1d5b9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9918.exe

Filesize
468KB

MD5
1e784b77fdc3da8cc66049dcd243c6b9

SHA1
46f865e52046c793d157a7c5c891d182b2d8118a

SHA256
54a26fb8b519e764a04c3eeabd8cd7efa313e1fc4ed200567d97cc78fed7d549

SHA512
5b3b98118c0f695d02a3b5c2a5e7902b04ee05806a11e510ef8b6b0ecb7758c03012af5546fbc6f4657764df3d6da6aeda87b651a1f020d2d255c407995b7e2e

Download Submit