854f8042c06b903e317a25d06395131b440b2036e0c7a9ce35187743c91a18ae

Analysis

max time kernel
120s
max time network
18s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03/10/2024, 11:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

854f8042c06b903e317a25d06395131b440b2036e0c7a9ce35187743c91a18aeN.exe
Size

468KB
MD5

8ae2a5c58b0e94731c6d1e6d4380a170
SHA1

187aebe747b241b7dfb977e9bb9541e55bfd2025
SHA256

854f8042c06b903e317a25d06395131b440b2036e0c7a9ce35187743c91a18ae
SHA512

6a5d10437e600bf8e3eb09850adbe8dcd306d41ca8294b09960270c04ef4c9fc9ebaf59bb94443fa3704bd2bd32438aa365243c8b5175088ba78645629cf1b48
SSDEEP

3072:OQoHogIKI05QtbYJHzcOcfr/GChzqop9nLHeaVPd1wup1Xjg/OlK:OQIoD8QtOH4OcfQUQw1wytjg/

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2712	Unicorn-56143.exe
3028	Unicorn-10123.exe
2880	Unicorn-19038.exe
2516	Unicorn-32018.exe
2696	Unicorn-44270.exe
2504	Unicorn-38140.exe
1616	Unicorn-32764.exe
1924	Unicorn-36159.exe
2148	Unicorn-35884.exe
2908	Unicorn-35884.exe
564	Unicorn-57326.exe
2480	Unicorn-57326.exe
1628	Unicorn-11654.exe
2392	Unicorn-11389.exe
1204	Unicorn-40034.exe
2092	Unicorn-24805.exe
3004	Unicorn-45396.exe
2984	Unicorn-1068.exe
2876	Unicorn-33933.exe
2328	Unicorn-25002.exe
1636	Unicorn-91.exe
1132	Unicorn-18282.exe
1180	Unicorn-10668.exe
892	Unicorn-42786.exe
548	Unicorn-1945.exe
816	Unicorn-5764.exe
1776	Unicorn-1753.exe
2676	Unicorn-61160.exe
1492	Unicorn-43148.exe
2292	Unicorn-56766.exe
972	Unicorn-3844.exe
2368	Unicorn-20503.exe
2308	Unicorn-56749.exe
2444	Unicorn-5318.exe
1580	Unicorn-1597.exe
3032	Unicorn-34077.exe
3016	Unicorn-53943.exe
2528	Unicorn-15140.exe
2852	Unicorn-5125.exe
2492	Unicorn-51011.exe
2628	Unicorn-46735.exe
2564	Unicorn-10533.exe
2512	Unicorn-62806.exe
904	Unicorn-43205.exe
920	Unicorn-7923.exe
2224	Unicorn-7923.exe
2208	Unicorn-46718.exe
1744	Unicorn-37066.exe
844	Unicorn-28344.exe
2896	Unicorn-24260.exe
2040	Unicorn-28514.exe
1932	Unicorn-36682.exe
2076	Unicorn-23876.exe
264	Unicorn-4498.exe
1748	Unicorn-25184.exe
1716	Unicorn-20908.exe
2312	Unicorn-14777.exe
2108	Unicorn-14585.exe
1556	Unicorn-4187.exe
1208	Unicorn-5454.exe
940	Unicorn-47249.exe
1592	Unicorn-6771.exe
1648	Unicorn-65239.exe
1792	Unicorn-26445.exe

Loads dropped DLL 64 IoCs

pid	Process
2724	854f8042c06b903e317a25d06395131b440b2036e0c7a9ce35187743c91a18aeN.exe
2724	854f8042c06b903e317a25d06395131b440b2036e0c7a9ce35187743c91a18aeN.exe
2712	Unicorn-56143.exe
2712	Unicorn-56143.exe
2724	854f8042c06b903e317a25d06395131b440b2036e0c7a9ce35187743c91a18aeN.exe
2724	854f8042c06b903e317a25d06395131b440b2036e0c7a9ce35187743c91a18aeN.exe
2880	Unicorn-19038.exe
2880	Unicorn-19038.exe
3028	Unicorn-10123.exe
2724	854f8042c06b903e317a25d06395131b440b2036e0c7a9ce35187743c91a18aeN.exe
2724	854f8042c06b903e317a25d06395131b440b2036e0c7a9ce35187743c91a18aeN.exe
2712	Unicorn-56143.exe
3028	Unicorn-10123.exe
2712	Unicorn-56143.exe
2696	Unicorn-44270.exe
2696	Unicorn-44270.exe
2516	Unicorn-32018.exe
2504	Unicorn-38140.exe
2516	Unicorn-32018.exe
2504	Unicorn-38140.exe
3028	Unicorn-10123.exe
1616	Unicorn-32764.exe
3028	Unicorn-10123.exe
1616	Unicorn-32764.exe
2880	Unicorn-19038.exe
2880	Unicorn-19038.exe
2724	854f8042c06b903e317a25d06395131b440b2036e0c7a9ce35187743c91a18aeN.exe
2724	854f8042c06b903e317a25d06395131b440b2036e0c7a9ce35187743c91a18aeN.exe
2712	Unicorn-56143.exe
2712	Unicorn-56143.exe
1924	Unicorn-36159.exe
1924	Unicorn-36159.exe
2696	Unicorn-44270.exe
2696	Unicorn-44270.exe
2392	Unicorn-11389.exe
2392	Unicorn-11389.exe
2724	854f8042c06b903e317a25d06395131b440b2036e0c7a9ce35187743c91a18aeN.exe
2724	854f8042c06b903e317a25d06395131b440b2036e0c7a9ce35187743c91a18aeN.exe
2480	Unicorn-57326.exe
2480	Unicorn-57326.exe
2880	Unicorn-19038.exe
2880	Unicorn-19038.exe
2148	Unicorn-35884.exe
2148	Unicorn-35884.exe
2504	Unicorn-38140.exe
2504	Unicorn-38140.exe
1204	Unicorn-40034.exe
1204	Unicorn-40034.exe
564	Unicorn-57326.exe
564	Unicorn-57326.exe
2712	Unicorn-56143.exe
2712	Unicorn-56143.exe
1628	Unicorn-11654.exe
1628	Unicorn-11654.exe
3028	Unicorn-10123.exe
3028	Unicorn-10123.exe
2516	Unicorn-32018.exe
2516	Unicorn-32018.exe
2092	Unicorn-24805.exe
2092	Unicorn-24805.exe
1924	Unicorn-36159.exe
1924	Unicorn-36159.exe
3004	Unicorn-45396.exe
3004	Unicorn-45396.exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57326.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46020.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63091.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23579.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14777.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63091.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58701.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29214.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17124.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55682.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47249.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2364.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51385.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22059.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59775.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32032.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62174.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45396.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4764.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31519.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41660.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65068.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23127.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36565.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10668.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43205.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4187.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11994.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46517.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16778.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52884.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61058.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56749.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30345.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1829.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23370.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36682.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28915.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16666.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19855.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13978.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20717.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17261.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28758.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28514.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23127.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42165.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63749.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19495.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65068.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60881.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39780.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59733.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21479.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22277.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39485.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60291.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38139.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39527.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55152.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13694.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49278.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39485.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50567.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2724	854f8042c06b903e317a25d06395131b440b2036e0c7a9ce35187743c91a18aeN.exe
2712	Unicorn-56143.exe
3028	Unicorn-10123.exe
2880	Unicorn-19038.exe
2516	Unicorn-32018.exe
2696	Unicorn-44270.exe
2504	Unicorn-38140.exe
1616	Unicorn-32764.exe
1924	Unicorn-36159.exe
2148	Unicorn-35884.exe
2480	Unicorn-57326.exe
564	Unicorn-57326.exe
2392	Unicorn-11389.exe
2908	Unicorn-35884.exe
1628	Unicorn-11654.exe
1204	Unicorn-40034.exe
2092	Unicorn-24805.exe
3004	Unicorn-45396.exe
2984	Unicorn-1068.exe
2328	Unicorn-25002.exe
2876	Unicorn-33933.exe
1636	Unicorn-91.exe
1180	Unicorn-10668.exe
548	Unicorn-1945.exe
1132	Unicorn-18282.exe
892	Unicorn-42786.exe
2676	Unicorn-61160.exe
1776	Unicorn-1753.exe
816	Unicorn-5764.exe
1492	Unicorn-43148.exe
972	Unicorn-3844.exe
2292	Unicorn-56766.exe
2368	Unicorn-20503.exe
2444	Unicorn-5318.exe
2308	Unicorn-56749.exe
1580	Unicorn-1597.exe
3032	Unicorn-34077.exe
3016	Unicorn-53943.exe
2528	Unicorn-15140.exe
2852	Unicorn-5125.exe
2492	Unicorn-51011.exe
2628	Unicorn-46735.exe
2564	Unicorn-10533.exe
904	Unicorn-43205.exe
2208	Unicorn-46718.exe
2512	Unicorn-62806.exe
2224	Unicorn-7923.exe
844	Unicorn-28344.exe
920	Unicorn-7923.exe
2896	Unicorn-24260.exe
1744	Unicorn-37066.exe
2040	Unicorn-28514.exe
1932	Unicorn-36682.exe
2076	Unicorn-23876.exe
1748	Unicorn-25184.exe
264	Unicorn-4498.exe
1716	Unicorn-20908.exe
2312	Unicorn-14777.exe
1556	Unicorn-4187.exe
2108	Unicorn-14585.exe
1648	Unicorn-65239.exe
1592	Unicorn-6771.exe
1792	Unicorn-26445.exe
1208	Unicorn-5454.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2724 wrote to memory of 2712	2724	854f8042c06b903e317a25d06395131b440b2036e0c7a9ce35187743c91a18aeN.exe	30
PID 2724 wrote to memory of 2712	2724	854f8042c06b903e317a25d06395131b440b2036e0c7a9ce35187743c91a18aeN.exe	30
PID 2724 wrote to memory of 2712	2724	854f8042c06b903e317a25d06395131b440b2036e0c7a9ce35187743c91a18aeN.exe	30
PID 2724 wrote to memory of 2712	2724	854f8042c06b903e317a25d06395131b440b2036e0c7a9ce35187743c91a18aeN.exe	30
PID 2712 wrote to memory of 3028	2712	Unicorn-56143.exe	31
PID 2712 wrote to memory of 3028	2712	Unicorn-56143.exe	31
PID 2712 wrote to memory of 3028	2712	Unicorn-56143.exe	31
PID 2712 wrote to memory of 3028	2712	Unicorn-56143.exe	31
PID 2724 wrote to memory of 2880	2724	854f8042c06b903e317a25d06395131b440b2036e0c7a9ce35187743c91a18aeN.exe	32
PID 2724 wrote to memory of 2880	2724	854f8042c06b903e317a25d06395131b440b2036e0c7a9ce35187743c91a18aeN.exe	32
PID 2724 wrote to memory of 2880	2724	854f8042c06b903e317a25d06395131b440b2036e0c7a9ce35187743c91a18aeN.exe	32
PID 2724 wrote to memory of 2880	2724	854f8042c06b903e317a25d06395131b440b2036e0c7a9ce35187743c91a18aeN.exe	32
PID 2880 wrote to memory of 2516	2880	Unicorn-19038.exe	33
PID 2880 wrote to memory of 2516	2880	Unicorn-19038.exe	33
PID 2880 wrote to memory of 2516	2880	Unicorn-19038.exe	33
PID 2880 wrote to memory of 2516	2880	Unicorn-19038.exe	33
PID 2724 wrote to memory of 2504	2724	854f8042c06b903e317a25d06395131b440b2036e0c7a9ce35187743c91a18aeN.exe	35
PID 2724 wrote to memory of 2504	2724	854f8042c06b903e317a25d06395131b440b2036e0c7a9ce35187743c91a18aeN.exe	35
PID 2724 wrote to memory of 2504	2724	854f8042c06b903e317a25d06395131b440b2036e0c7a9ce35187743c91a18aeN.exe	35
PID 2724 wrote to memory of 2504	2724	854f8042c06b903e317a25d06395131b440b2036e0c7a9ce35187743c91a18aeN.exe	35
PID 3028 wrote to memory of 2696	3028	Unicorn-10123.exe	34
PID 3028 wrote to memory of 2696	3028	Unicorn-10123.exe	34
PID 3028 wrote to memory of 2696	3028	Unicorn-10123.exe	34
PID 3028 wrote to memory of 2696	3028	Unicorn-10123.exe	34
PID 2712 wrote to memory of 1616	2712	Unicorn-56143.exe	36
PID 2712 wrote to memory of 1616	2712	Unicorn-56143.exe	36
PID 2712 wrote to memory of 1616	2712	Unicorn-56143.exe	36
PID 2712 wrote to memory of 1616	2712	Unicorn-56143.exe	36
PID 2696 wrote to memory of 1924	2696	Unicorn-44270.exe	37
PID 2696 wrote to memory of 1924	2696	Unicorn-44270.exe	37
PID 2696 wrote to memory of 1924	2696	Unicorn-44270.exe	37
PID 2696 wrote to memory of 1924	2696	Unicorn-44270.exe	37
PID 2516 wrote to memory of 2908	2516	Unicorn-32018.exe	38
PID 2516 wrote to memory of 2908	2516	Unicorn-32018.exe	38
PID 2516 wrote to memory of 2908	2516	Unicorn-32018.exe	38
PID 2516 wrote to memory of 2908	2516	Unicorn-32018.exe	38
PID 2504 wrote to memory of 2148	2504	Unicorn-38140.exe	39
PID 2504 wrote to memory of 2148	2504	Unicorn-38140.exe	39
PID 2504 wrote to memory of 2148	2504	Unicorn-38140.exe	39
PID 2504 wrote to memory of 2148	2504	Unicorn-38140.exe	39
PID 3028 wrote to memory of 564	3028	Unicorn-10123.exe	41
PID 3028 wrote to memory of 564	3028	Unicorn-10123.exe	41
PID 3028 wrote to memory of 564	3028	Unicorn-10123.exe	41
PID 3028 wrote to memory of 564	3028	Unicorn-10123.exe	41
PID 1616 wrote to memory of 1628	1616	Unicorn-32764.exe	40
PID 1616 wrote to memory of 1628	1616	Unicorn-32764.exe	40
PID 1616 wrote to memory of 1628	1616	Unicorn-32764.exe	40
PID 1616 wrote to memory of 1628	1616	Unicorn-32764.exe	40
PID 2880 wrote to memory of 2480	2880	Unicorn-19038.exe	42
PID 2880 wrote to memory of 2480	2880	Unicorn-19038.exe	42
PID 2880 wrote to memory of 2480	2880	Unicorn-19038.exe	42
PID 2880 wrote to memory of 2480	2880	Unicorn-19038.exe	42
PID 2724 wrote to memory of 2392	2724	854f8042c06b903e317a25d06395131b440b2036e0c7a9ce35187743c91a18aeN.exe	43
PID 2724 wrote to memory of 2392	2724	854f8042c06b903e317a25d06395131b440b2036e0c7a9ce35187743c91a18aeN.exe	43
PID 2724 wrote to memory of 2392	2724	854f8042c06b903e317a25d06395131b440b2036e0c7a9ce35187743c91a18aeN.exe	43
PID 2724 wrote to memory of 2392	2724	854f8042c06b903e317a25d06395131b440b2036e0c7a9ce35187743c91a18aeN.exe	43
PID 2712 wrote to memory of 1204	2712	Unicorn-56143.exe	44
PID 2712 wrote to memory of 1204	2712	Unicorn-56143.exe	44
PID 2712 wrote to memory of 1204	2712	Unicorn-56143.exe	44
PID 2712 wrote to memory of 1204	2712	Unicorn-56143.exe	44
PID 1924 wrote to memory of 2092	1924	Unicorn-36159.exe	45
PID 1924 wrote to memory of 2092	1924	Unicorn-36159.exe	45
PID 1924 wrote to memory of 2092	1924	Unicorn-36159.exe	45
PID 1924 wrote to memory of 2092	1924	Unicorn-36159.exe	45

C:\Users\Admin\AppData\Local\Temp\854f8042c06b903e317a25d06395131b440b2036e0c7a9ce35187743c91a18aeN.exe
"C:\Users\Admin\AppData\Local\Temp\854f8042c06b903e317a25d06395131b440b2036e0c7a9ce35187743c91a18aeN.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2724
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56143.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56143.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10123.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10123.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44270.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44270.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36159.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24805.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56766.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47633.exe
        8⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49714.exe
        8⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2331.exe
        8⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1829.exe
        8⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51068.exe
        8⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4223.exe
        7⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21479.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51224.exe
        8⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16778.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40698.exe
        8⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55152.exe
        8⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25929.exe
        7⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5287.exe
        7⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13978.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61281.exe
        7⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14691.exe
        7⤵
        
        PID:4932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3844.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25184.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64741.exe
        8⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38976.exe
        7⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63091.exe
        7⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23127.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51260.exe
        7⤵
        
        PID:4260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14777.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10574.exe
        7⤵
        
        PID:2916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10492.exe
        6⤵
        
        PID:2212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60291.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63463.exe
        6⤵
        
        PID:3352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61058.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61089.exe
        6⤵
        
        PID:5088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45396.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20503.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11639.exe
        7⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63091.exe
        7⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20548.exe
        7⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42700.exe
        7⤵
        
        PID:4716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11810.exe
        6⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25594.exe
        7⤵
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49356.exe
        7⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29214.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59236.exe
        7⤵
        
        PID:4688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19463.exe
        6⤵
        
        PID:1008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65068.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42165.exe
        6⤵
        
        PID:3108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55682.exe
        6⤵
        
        PID:4320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56749.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47633.exe
        6⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50643.exe
        7⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15043.exe
        7⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-442.exe
        7⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40698.exe
        7⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51068.exe
        7⤵
        
        PID:4500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34669.exe
        6⤵
        
        PID:1316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24502.exe
        6⤵
        
        PID:3024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22644.exe
        6⤵
        
        PID:3384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32032.exe
        6⤵
        
        PID:792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38616.exe
        6⤵
        
        PID:4364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44628.exe
        5⤵
        
        PID:676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60649.exe
        5⤵
        
        PID:2200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48532.exe
        5⤵
        
        PID:3592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59231.exe
        5⤵
        
        PID:3736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34151.exe
        5⤵
        
        PID:4468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57326.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1945.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46735.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45571.exe
        7⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38331.exe
        7⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42083.exe
        7⤵
        
        PID:4132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31519.exe
        6⤵
        
        PID:2028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63091.exe
        6⤵
        
        PID:3052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10682.exe
        6⤵
        
        PID:3328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64612.exe
        6⤵
        
        PID:1972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12270.exe
        6⤵
        
        PID:2868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43205.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39485.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50567.exe
        6⤵
        
        PID:3512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63749.exe
        6⤵
        
        PID:3968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63320.exe
        6⤵
        
        PID:4604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8306.exe
        5⤵
        
        PID:520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65068.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42165.exe
        5⤵
        
        PID:4084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55682.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61160.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61160.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23876.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1871.exe
        6⤵
        
        PID:3936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39857.exe
        6⤵
        
        PID:4572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5728.exe
        5⤵
        
        PID:2888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63091.exe
        5⤵
        
        PID:2992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51331.exe
        5⤵
        
        PID:876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19495.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18.exe
        5⤵
        
        PID:5112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4498.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4498.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46020.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46020.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43755.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43755.exe
      4⤵
      PID:2020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47280.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47280.exe
      4⤵
      PID:3420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39527.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39527.exe
      4⤵
      PID:1888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55754.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55754.exe
      4⤵
      PID:5080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32764.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32764.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11654.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1753.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28344.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63557.exe
        7⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43681.exe
        7⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53868.exe
        7⤵
        
        PID:4580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5728.exe
        6⤵
        
        PID:1404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63091.exe
        6⤵
        
        PID:1088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23127.exe
        6⤵
        
        PID:3056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15411.exe
        6⤵
        
        PID:3380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12270.exe
        6⤵
        
        PID:4176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28514.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35696.exe
        6⤵
        
        PID:3812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17823.exe
        6⤵
        
        PID:4300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15379.exe
        5⤵
        
        PID:1976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65068.exe
        5⤵
        
        PID:3568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42165.exe
        5⤵
        
        PID:3164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63850.exe
        5⤵
        
        PID:4612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15140.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1644.exe
        5⤵
        
        PID:1908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63091.exe
        5⤵
        
        PID:3088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23127.exe
        5⤵
        
        PID:1416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23579.exe
        5⤵
        
        PID:4136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62174.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51120.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51120.exe
      4⤵
      PID:1156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10156.exe
      4⤵
      PID:2316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5588.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5588.exe
      4⤵
      PID:3112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39527.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39527.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46517.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46517.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40034.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40034.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42786.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42786.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24260.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9397.exe
        6⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40036.exe
        7⤵
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63091.exe
        7⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23127.exe
        7⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23579.exe
        7⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18.exe
        7⤵
        
        PID:4116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44675.exe
        6⤵
        
        PID:2648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53221.exe
        6⤵
        
        PID:1912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56432.exe
        6⤵
        
        PID:3460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55084.exe
        6⤵
        
        PID:4028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34532.exe
        6⤵
        
        PID:4636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22204.exe
        5⤵
        
        PID:2608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51385.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6307.exe
        6⤵
        
        PID:3264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32032.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38616.exe
        6⤵
        
        PID:4372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16666.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3419.exe
        5⤵
        
        PID:2928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14461.exe
        5⤵
        
        PID:3304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43992.exe
        5⤵
        
        PID:3784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17083.exe
        5⤵
        
        PID:4172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36682.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36682.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28915.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22059.exe
        5⤵
        
        PID:1844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20203.exe
        5⤵
        
        PID:3880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1829.exe
        5⤵
        
        PID:4024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51068.exe
        5⤵
        
        PID:4456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2364.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41660.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41660.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36633.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36633.exe
      4⤵
      PID:3816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17124.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17124.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10114.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10114.exe
      4⤵
      PID:5044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5764.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5764.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4187.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4187.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20171.exe
        5⤵
        
        PID:2968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22059.exe
        5⤵
        
        PID:1968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7650.exe
        5⤵
        
        PID:4076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1829.exe
        5⤵
        
        PID:4052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55152.exe
        5⤵
        
        PID:4396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42489.exe
      4⤵
      PID:1252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57823.exe
        5⤵
        
        PID:3988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38139.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46359.exe
        5⤵
        
        PID:4964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35795.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35795.exe
      4⤵
      PID:2472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26069.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26069.exe
      4⤵
      PID:3868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58701.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58701.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29289.exe
      4⤵
      PID:4352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5454.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5454.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24077.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24077.exe
    3⤵
    PID:932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57505.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57505.exe
    3⤵
    PID:3236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58997.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58997.exe
    3⤵
    PID:3284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34192.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34192.exe
    3⤵
    PID:3748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6670.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6670.exe
    3⤵
    PID:1120
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19038.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19038.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32018.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32018.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35884.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35884.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1597.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26445.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35795.exe
        6⤵
        
        PID:2688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17791.exe
        6⤵
        
        PID:4000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1639.exe
        6⤵
        
        PID:3608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14805.exe
        6⤵
        
        PID:4676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41503.exe
        5⤵
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4239.exe
        6⤵
        
        PID:2692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63091.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11341.exe
        6⤵
        
        PID:3332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55152.exe
        6⤵
        
        PID:4404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31987.exe
        5⤵
        
        PID:632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47489.exe
        5⤵
        
        PID:2536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1382.exe
        5⤵
        
        PID:3708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54073.exe
        5⤵
        
        PID:3952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18282.exe
        5⤵
        
        PID:4104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43148.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7923.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65095.exe
        6⤵
        
        PID:2912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22059.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24479.exe
        6⤵
        
        PID:3804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1829.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55152.exe
        6⤵
        
        PID:4440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38021.exe
        5⤵
        
        PID:2340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35795.exe
        5⤵
        
        PID:568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30345.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32456.exe
        5⤵
        
        PID:3288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6097.exe
        5⤵
        
        PID:4880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46718.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46718.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38370.exe
        5⤵
        
        PID:2748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22277.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2331.exe
        5⤵
        
        PID:3584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22644.exe
        5⤵
        
        PID:3372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32032.exe
        5⤵
        
        PID:3456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38616.exe
        5⤵
        
        PID:4344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50357.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50357.exe
      4⤵
      PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8494.exe
        5⤵
        
        PID:2116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22059.exe
        5⤵
        
        PID:2828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24479.exe
        5⤵
        
        PID:3768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1829.exe
        5⤵
        
        PID:4012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52884.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54569.exe
        5⤵
        
        PID:4868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4764.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4764.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9443.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9443.exe
      4⤵
      PID:2360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63709.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63709.exe
      4⤵
      PID:3224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11032.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11032.exe
      4⤵
      PID:3728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36984.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36984.exe
      4⤵
      PID:4588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57326.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57326.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33933.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33933.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51011.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16492.exe
        6⤵
        
        PID:1688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39485.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50567.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63749.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55152.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31519.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63091.exe
        5⤵
        
        PID:3080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51331.exe
        5⤵
        
        PID:3440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2967.exe
        5⤵
        
        PID:3188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62174.exe
        5⤵
        
        PID:4268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10533.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20363.exe
        5⤵
        
        PID:2568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22059.exe
        5⤵
        
        PID:2580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61834.exe
        5⤵
        
        PID:3920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16594.exe
        5⤵
        
        PID:3324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14579.exe
        5⤵
        
        PID:5060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30184.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30184.exe
      4⤵
      PID:1900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41660.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41660.exe
      4⤵
      PID:1324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21679.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21679.exe
      4⤵
      PID:3788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42165.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42165.exe
      4⤵
      PID:4060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7758.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7758.exe
      4⤵
      PID:4496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-91.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-91.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6771.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40420.exe
        5⤵
        
        PID:572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7581.exe
        5⤵
        
        PID:1236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20717.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62208.exe
        5⤵
        
        PID:3980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55619.exe
        5⤵
        
        PID:4180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45255.exe
      4⤵
      PID:1892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52454.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52454.exe
      4⤵
      PID:2520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53169.exe
      4⤵
      PID:3908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59.exe
      4⤵
      PID:3196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53025.exe
      4⤵
      PID:4208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62806.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62806.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19855.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42233.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42233.exe
      4⤵
      PID:3860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19394.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19394.exe
      4⤵
      PID:3404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39780.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39780.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1422.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1422.exe
    3⤵
    PID:708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61.exe
    3⤵
    PID:3600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37700.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37700.exe
    3⤵
    PID:3916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28816.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28816.exe
    3⤵
    PID:4356
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38140.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38140.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35884.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35884.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18282.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7923.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63803.exe
        6⤵
        
        PID:2540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50124.exe
        6⤵
        
        PID:3212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17261.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7740.exe
        6⤵
        
        PID:3864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28805.exe
        6⤵
        
        PID:4228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54929.exe
        5⤵
        
        PID:1136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63091.exe
        5⤵
        
        PID:2976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23127.exe
        5⤵
        
        PID:2780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23579.exe
        5⤵
        
        PID:4152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18.exe
        5⤵
        
        PID:1436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37066.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13694.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21867.exe
        5⤵
        
        PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37775.exe
        5⤵
        
        PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40698.exe
        5⤵
        
        PID:3700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12223.exe
        5⤵
        
        PID:4288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7372.exe
      4⤵
      PID:2400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57737.exe
        5⤵
        
        PID:3272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23370.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19913.exe
        5⤵
        
        PID:4212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32261.exe
        5⤵
        
        PID:4740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38728.exe
      4⤵
      PID:928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63179.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63179.exe
      4⤵
      PID:3180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15497.exe
      4⤵
      PID:3632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7758.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7758.exe
      4⤵
      PID:4464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10668.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10668.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20908.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20908.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43077.exe
        5⤵
        
        PID:2240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52244.exe
        5⤵
        
        PID:3232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34832.exe
        5⤵
        
        PID:3724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59733.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43252.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43252.exe
      4⤵
      PID:2296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63091.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63091.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23127.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23127.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23579.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12270.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12270.exe
      4⤵
      PID:4204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14585.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14585.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41925.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41925.exe
      4⤵
      PID:2348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10744.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10744.exe
      4⤵
      PID:3836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61501.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61501.exe
      4⤵
      PID:3896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28758.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28758.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49278.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49278.exe
    3⤵
    PID:2464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65068.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65068.exe
    3⤵
    PID:3544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42165.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42165.exe
    3⤵
    PID:4032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51598.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51598.exe
    3⤵
    PID:4664
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11389.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11389.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1068.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1068.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5318.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52651.exe
        5⤵
        
        PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22059.exe
        5⤵
        
        PID:2460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37775.exe
        5⤵
        
        PID:3172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40698.exe
        5⤵
        
        PID:3588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51068.exe
        5⤵
        
        PID:4508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29661.exe
      4⤵
      PID:1036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59086.exe
      4⤵
      PID:2140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47767.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47767.exe
      4⤵
      PID:2104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38548.exe
      4⤵
      PID:3144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7758.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7758.exe
      4⤵
      PID:4524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34077.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34077.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47249.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29677.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29677.exe
      4⤵
      PID:2988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59775.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59775.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23127.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23127.exe
      4⤵
      PID:3640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18388.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18388.exe
      4⤵
      PID:4276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65239.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65239.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49278.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49278.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65068.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65068.exe
    3⤵
    PID:3560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42165.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42165.exe
    3⤵
    PID:3192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7758.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7758.exe
    3⤵
    PID:4488
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25002.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25002.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53943.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53943.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65500.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65500.exe
      4⤵
      PID:2176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39485.exe
      4⤵
      PID:2764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50567.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50567.exe
      4⤵
      PID:3508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63749.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63749.exe
      4⤵
      PID:3976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51068.exe
      4⤵
      PID:4480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52712.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52712.exe
    3⤵
    PID:2180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65068.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65068.exe
    3⤵
    PID:3576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42165.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42165.exe
    3⤵
    PID:4068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55682.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55682.exe
    3⤵
    PID:4304
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5125.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5125.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15209.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15209.exe
    3⤵
    PID:2660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65068.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65068.exe
    3⤵
    PID:3552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42165.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42165.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55682.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55682.exe
    3⤵
    PID:4336
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7878.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7878.exe
  2⤵
  PID:1588
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11994.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11994.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2556
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60881.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60881.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3820
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36565.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36565.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3892
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1196.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1196.exe
  2⤵
  PID:4596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11654.exe

Filesize
468KB

MD5
7c776936310ad76411ac82944802e0b7

SHA1
986e40f99340516f0895d7e699f7e0636753e554

SHA256
fc1e5558302f5cb0bbc23439456a2c026d2205de475bebe95ed9386887237a84

SHA512
3897a5ccaeb22a1fd0bb244b301098a60dff7cf5155330d8aff93fe80815627792b369f55a3c9e4932818c820f5e6a3c73d062ebefdd849e432069714fc411f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35884.exe

Filesize
468KB

MD5
71aaabfe3915059148f71642da8ef205

SHA1
e167a192081d87549f02b47ecafeea4574d5a9d6

SHA256
2ceb9bbd8c141a41ffe6538fe10d8d553b7d169ebae330909ce7f75e23a0e9eb

SHA512
956a9d041329f768a8ee08966260f72b69db2d1fd806eac5f617f3a107c7200d498f7b214b20a7df6d60a35175563828b1b176ad898380e27bd9365593149e00

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57326.exe

Filesize
468KB

MD5
4d5f956ab5202c2f935af94affd7f651

SHA1
6d8d821b61681005bb00e5a1bee535af0e3ce0aa

SHA256
5d64e1703b7bc3c6f3afbe63b20ac27819074aaaf9789130e42c77b01286fd35

SHA512
13480f8f45d87a063ca82bd22d761569fb748cdaf71a02fe8eab8e682b62893d5500c13a7b25519b67d465d782e9672c9ec39c38fe9d13d6ad28235d4a6b9a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9443.exe

Filesize
468KB

MD5
5811f05d6ee22d6d2799b775cbde2eb3

SHA1
da48c852b5e9d8200eeb7bfe5251d77790a2ebb8

SHA256
bcf93567c364e061dca072c73cc18b774274a4096251939e7cf3e9720ec47297

SHA512
8299df7a78169fd2426a9920621e0996e2d8e63534d09ec6038f3e51ccc00da6318b7fb773c2e367ba7e81f226bf73c28578da637a3c18d1d0e5c2d1e722bd40

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10123.exe

Filesize
468KB

MD5
c67ebd7931a393f4861a322168aa5d35

SHA1
471e9e09381651bea31de72f3ae50279bf7f9c2e

SHA256
412dbf8fc11cbc81cb310c1a1ef089e6a0da44fd81d41fb8f3e040f9a4c337fb

SHA512
5aebf14898c63380529993e70d97bf8e689987d3d37fef34a2d8c0fe810a745876611d636f2efdae4555fbec45e0e2332e49889aeedcacc898dc150ee531f3c2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1068.exe

Filesize
468KB

MD5
a3e795d925ec4c4e885909f46a7829a9

SHA1
11ae9750d44467bd58a10081fe6c6bab63e3195d

SHA256
003bf86d06544a58597b4939089969eab8be3c5df7d26abf4099f045d16bcf39

SHA512
629b3429b8365b12aeea9a100dcad8775653d3b8d08b4bff65d8832fec955029e55bbd1aafa12df5e499863da4536656e88b0ee94de1a8f5667d043eae43436a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11389.exe

Filesize
468KB

MD5
ff3d831f452396e5d92be62ac6c8bf6c

SHA1
feca6604d02df8a3500a4e21776014081d0e25fe

SHA256
9a36623b6f92487703dd83cc58a1c685572f97b89dbdebfca525c514db5f7e7a

SHA512
8c397c6302fc1590a39fec4c9e677f8d46eaffaecdef658f1e475d9f51c25b2f38290d77d886837e04fd910b33351fa48224ae1bc0fd686a2aa04f55c0a1eb7a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19038.exe

Filesize
468KB

MD5
4fcd0256dcb10871a0baacee72a28132

SHA1
feaae89cf4ae0e36073eaf7ac77ad7e1903152f3

SHA256
78db8a5fb2c166a5598223a530a210856fa15003952dcf0b1eb8f2e57c38901e

SHA512
bb6f1a8ec3f6ea35dfe2c1d4d7264485c29c97f7da5de377eb2389a718baa38da235c4cbc1f7b070dae16ab050003c62e583d357541b1af149469087ed967364

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24805.exe

Filesize
468KB

MD5
f01b4319ff18b243f88a1d32d0dd9824

SHA1
d5eddd68ca69d0e47019b551ea417ce675b18d51

SHA256
348b388c54b5068a6916e69481ba48296eceea83d99dde4c44f6a3ffece727cf

SHA512
419875aca0ba45f66b208c09199c70b18151fe4204a788a7b34dc5841fe220ecc38cacd5887bc92b6f2e512989d8fd506b17df3c4000e31fbd5c8add8cae34f1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32018.exe

Filesize
468KB

MD5
66faa90c78e02cab70e7be4755dbd6a5

SHA1
c46f3ddddef760d99084048e936107961c9df11d

SHA256
8fdda162a2123c0ccd8a71dde26e32793cced6a93369a7fbda3b2a89834fa643

SHA512
0f941b8756636df7f2155585e3c32c3f770896b19c756c71c5eeddef00361548b2021b430e1e78b4e952f016efb4676ba8207dd0e3629db6f530ebaa93f5d8fd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32764.exe

Filesize
468KB

MD5
b0cd709fb20ef111930d892769ced70c

SHA1
cc655f49747a6c26dbac0f182d86eeec9c525401

SHA256
186369093d3b78f40a0fa02ef7d4897c587b14f2e4c99c696031d7e08149dfbc

SHA512
a36642fe7ae74a3b4dba71a37696edb0992b745935d755d421cad51045cdbbb9777af3f5bc775c0b27ec62c1d56c8d0715fa6c2e25384fbc4f9625faa5c0da5e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36159.exe

Filesize
468KB

MD5
b22313907bd6cd70f66eea17413540b6

SHA1
cd4b8b43a32e2d5a30c73da6b34772e5390279bc

SHA256
1eb5cfa2cc9faed2ac2a92302041784127ca48c56d104fc4c6ffd66ce22c3afb

SHA512
2d029d5353a7fb533fad5149a0a37ae4a927b123a892f5293c026627c4fc9890d36796565fd1707c00af48d4b6e9c99150a15cd6e9d1c5ac4f7026dfdece12d8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38140.exe

Filesize
468KB

MD5
fd46a45b5a76d66d41ec19eeca79fea8

SHA1
200520c53af920e16ade48b534f82a7c1cdd2309

SHA256
0712d34383067e54fcc09dea3640c52cac344b13f309e863cbdeb5cdff2ce073

SHA512
4dec6359f7326605c10fe886e02e80d5b6e622660780f181e9e24f5812af9f393b924dfa2e83bd1bc32c38b4ecf5802ddeff1e5edfb418e25f2b0aaf06cd31bd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40034.exe

Filesize
468KB

MD5
a5a0b2b77aa6fdcdbe9cf11f54cd9bb1

SHA1
e33f62cad892e467c2a7abe243a16b0dacd52aee

SHA256
309158d13567cb21dabddba9d74d4c84534767cd43728c0eb2c35aa85b74be47

SHA512
29b2e46937f1cb7bf2b57fb78c7faa0ac812e1392886e9d36bba4975711e2f2f1698dd48960e4fc7445008a6f7eae287e50bd14c1566bb53c3b97f9898d12d13

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44270.exe

Filesize
468KB

MD5
1e52e2c0b2d3a679d8db2b867df2c2d5

SHA1
fc6c5d3832aa7f83ae0acdd8fdccd4219c5d1ecb

SHA256
ba507712797f035b94f2d71e5ca5b2ea4f15728ed1fc08ed71e2a94206a72d8e

SHA512
2eb1117fd8492bc07cbb1332b86d5603098580eb09b0c73fa94262bc8d644a8f3455a30a79d418083ab61767326d2b861f365b6e0ac8c8e220442e3e14d09658

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45396.exe

Filesize
468KB

MD5
80a6bbd96ab0a7526c2db2ef156cc51e

SHA1
faa036fde9ad52f6830398da7dd6192803cbe10a

SHA256
204a69f8da4898c98d989a071e4a27399249c103b17f1f73056fd9bb14e0aa14

SHA512
7bf4c56aa85262c9fde453e487c3b9a268e22fc58ca4942f36126b8a855cee2744e62fb814e8526f887baae9f563e368699b665ad639afa47a8e66299a63f0f2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56143.exe

Filesize
468KB

MD5
0583c64d78405bc69e30c95f0308ec63

SHA1
e46c995d8b8f8438080d0b15550b423353984cab

SHA256
c867532e4c56dff0bacb1207f6a608a003e1696cba8891dfdd190e2ca9bb8d81

SHA512
d0f45221430bd5aef662bf1719d534aa7bf311521809559192a73a5a871923f902dde3ee87c47208c905af64effa2937f24b0b9f019881f29d01ca1988f9fe2a

Download Submit