1d1f8ff86fb8f37cae4c346a8ff1a5d7c584c98ea9fc2236be73dabcd8ebfaa1

Analysis

max time kernel
118s
max time network
18s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03/10/2024, 14:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1d1f8ff86fb8f37cae4c346a8ff1a5d7c584c98ea9fc2236be73dabcd8ebfaa1N.exe
Size

468KB
MD5

e5e55591c7e41ceaa9d3e469360056e0
SHA1

a8d28afb5019c812f319b6ba76e73dc90c9c5706
SHA256

1d1f8ff86fb8f37cae4c346a8ff1a5d7c584c98ea9fc2236be73dabcd8ebfaa1
SHA512

ef79e6edadd5f1c90acac1da9b51d8fbe9a554f8ae94952f7ce0ef9dc215e1b1e9946c116fb3857b1713cf1e9e93162fcb010688fe798196e44dcf3182413a08
SSDEEP

3072:9Jv/o3ldI03YtbY2PzkjNfTSrChagIpjn1HCOVLD2TwLeSz2Vlle:9JnoMOYtBPAjNfR0g22T6Bz2V

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2272	Unicorn-43008.exe
2100	Unicorn-6910.exe
1092	Unicorn-64834.exe
2772	Unicorn-58462.exe
2788	Unicorn-13215.exe
2576	Unicorn-26950.exe
2040	Unicorn-33081.exe
3036	Unicorn-51612.exe
1784	Unicorn-39168.exe
3048	Unicorn-14663.exe
2356	Unicorn-42868.exe
1740	Unicorn-42603.exe
1380	Unicorn-23002.exe
2444	Unicorn-36738.exe
2904	Unicorn-111.exe
2848	Unicorn-43958.exe
1760	Unicorn-49557.exe
1804	Unicorn-44918.exe
2360	Unicorn-740.exe
2764	Unicorn-20606.exe
1012	Unicorn-40264.exe
2192	Unicorn-15946.exe
1316	Unicorn-3236.exe
2000	Unicorn-46572.exe
928	Unicorn-56786.exe
960	Unicorn-56786.exe
1604	Unicorn-33028.exe
2396	Unicorn-19707.exe
1964	Unicorn-37217.exe
676	Unicorn-4471.exe
2368	Unicorn-16666.exe
1996	Unicorn-45660.exe
2516	Unicorn-45660.exe
2404	Unicorn-6857.exe
2624	Unicorn-9863.exe
876	Unicorn-9863.exe
696	Unicorn-12993.exe
2948	Unicorn-10226.exe
2292	Unicorn-28045.exe
1028	Unicorn-34176.exe
1560	Unicorn-34176.exe
2684	Unicorn-63558.exe
2668	Unicorn-17887.exe
2688	Unicorn-5442.exe
3068	Unicorn-24709.exe
2708	Unicorn-34393.exe
2592	Unicorn-54451.exe
2660	Unicorn-58535.exe
3028	Unicorn-6137.exe
3044	Unicorn-52074.exe
2920	Unicorn-10486.exe
2004	Unicorn-63641.exe
1556	Unicorn-63641.exe
1288	Unicorn-17704.exe
2508	Unicorn-7829.exe
2276	Unicorn-28250.exe
2888	Unicorn-28250.exe
2852	Unicorn-28250.exe
2844	Unicorn-17459.exe
1736	Unicorn-3724.exe
1812	Unicorn-16168.exe
2344	Unicorn-24336.exe
2980	Unicorn-33494.exe
276	Unicorn-8823.exe

Loads dropped DLL 64 IoCs

pid	Process
1568	1d1f8ff86fb8f37cae4c346a8ff1a5d7c584c98ea9fc2236be73dabcd8ebfaa1N.exe
1568	1d1f8ff86fb8f37cae4c346a8ff1a5d7c584c98ea9fc2236be73dabcd8ebfaa1N.exe
2272	Unicorn-43008.exe
2272	Unicorn-43008.exe
1568	1d1f8ff86fb8f37cae4c346a8ff1a5d7c584c98ea9fc2236be73dabcd8ebfaa1N.exe
1568	1d1f8ff86fb8f37cae4c346a8ff1a5d7c584c98ea9fc2236be73dabcd8ebfaa1N.exe
1092	Unicorn-64834.exe
1092	Unicorn-64834.exe
2272	Unicorn-43008.exe
2272	Unicorn-43008.exe
1568	1d1f8ff86fb8f37cae4c346a8ff1a5d7c584c98ea9fc2236be73dabcd8ebfaa1N.exe
1568	1d1f8ff86fb8f37cae4c346a8ff1a5d7c584c98ea9fc2236be73dabcd8ebfaa1N.exe
2100	Unicorn-6910.exe
2100	Unicorn-6910.exe
2788	Unicorn-13215.exe
2576	Unicorn-26950.exe
2772	Unicorn-58462.exe
2788	Unicorn-13215.exe
2576	Unicorn-26950.exe
2772	Unicorn-58462.exe
2040	Unicorn-33081.exe
2040	Unicorn-33081.exe
1092	Unicorn-64834.exe
1092	Unicorn-64834.exe
1568	1d1f8ff86fb8f37cae4c346a8ff1a5d7c584c98ea9fc2236be73dabcd8ebfaa1N.exe
1568	1d1f8ff86fb8f37cae4c346a8ff1a5d7c584c98ea9fc2236be73dabcd8ebfaa1N.exe
2272	Unicorn-43008.exe
2272	Unicorn-43008.exe
2100	Unicorn-6910.exe
2100	Unicorn-6910.exe
3036	Unicorn-51612.exe
3036	Unicorn-51612.exe
2576	Unicorn-26950.exe
3048	Unicorn-14663.exe
2576	Unicorn-26950.exe
3048	Unicorn-14663.exe
2772	Unicorn-58462.exe
1740	Unicorn-42603.exe
2772	Unicorn-58462.exe
1740	Unicorn-42603.exe
1568	1d1f8ff86fb8f37cae4c346a8ff1a5d7c584c98ea9fc2236be73dabcd8ebfaa1N.exe
1568	1d1f8ff86fb8f37cae4c346a8ff1a5d7c584c98ea9fc2236be73dabcd8ebfaa1N.exe
1380	Unicorn-23002.exe
1380	Unicorn-23002.exe
2272	Unicorn-43008.exe
2272	Unicorn-43008.exe
1092	Unicorn-64834.exe
1092	Unicorn-64834.exe
1784	Unicorn-39168.exe
2356	Unicorn-42868.exe
1784	Unicorn-39168.exe
2356	Unicorn-42868.exe
2040	Unicorn-33081.exe
2788	Unicorn-13215.exe
2040	Unicorn-33081.exe
2788	Unicorn-13215.exe
2904	Unicorn-111.exe
2904	Unicorn-111.exe
2100	Unicorn-6910.exe
2100	Unicorn-6910.exe
2444	Unicorn-36738.exe
2444	Unicorn-36738.exe
2396	Unicorn-19707.exe
1760	Unicorn-49557.exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45660.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53364.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21543.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60145.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42347.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57946.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32955.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43958.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47729.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32733.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38774.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11004.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10795.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41277.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35757.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40709.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12110.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24527.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12990.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57198.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54398.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54398.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60271.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18535.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15946.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51345.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64465.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37925.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51260.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50852.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64737.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45964.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4437.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37862.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64737.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2060.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10543.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40709.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33247.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43945.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43932.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5195.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61999.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59534.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26504.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10795.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3509.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2258.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17704.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17852.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51840.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5781.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46794.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56786.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61188.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55013.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53530.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18724.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15743.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10923.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37046.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22097.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16265.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35757.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1568	1d1f8ff86fb8f37cae4c346a8ff1a5d7c584c98ea9fc2236be73dabcd8ebfaa1N.exe
2272	Unicorn-43008.exe
2100	Unicorn-6910.exe
1092	Unicorn-64834.exe
2772	Unicorn-58462.exe
2576	Unicorn-26950.exe
2788	Unicorn-13215.exe
2040	Unicorn-33081.exe
3036	Unicorn-51612.exe
3048	Unicorn-14663.exe
1784	Unicorn-39168.exe
1740	Unicorn-42603.exe
2356	Unicorn-42868.exe
1380	Unicorn-23002.exe
2444	Unicorn-36738.exe
2904	Unicorn-111.exe
1760	Unicorn-49557.exe
2764	Unicorn-20606.exe
2360	Unicorn-740.exe
1012	Unicorn-40264.exe
1804	Unicorn-44918.exe
2848	Unicorn-43958.exe
2192	Unicorn-15946.exe
1316	Unicorn-3236.exe
2000	Unicorn-46572.exe
960	Unicorn-56786.exe
928	Unicorn-56786.exe
2396	Unicorn-19707.exe
1604	Unicorn-33028.exe
1964	Unicorn-37217.exe
676	Unicorn-4471.exe
2368	Unicorn-16666.exe
2516	Unicorn-45660.exe
2624	Unicorn-9863.exe
1996	Unicorn-45660.exe
2404	Unicorn-6857.exe
2684	Unicorn-63558.exe
876	Unicorn-9863.exe
2688	Unicorn-5442.exe
696	Unicorn-12993.exe
1028	Unicorn-34176.exe
2668	Unicorn-17887.exe
1560	Unicorn-34176.exe
2948	Unicorn-10226.exe
2292	Unicorn-28045.exe
3068	Unicorn-24709.exe
2708	Unicorn-34393.exe
2660	Unicorn-58535.exe
2592	Unicorn-54451.exe
3044	Unicorn-52074.exe
2920	Unicorn-10486.exe
3028	Unicorn-6137.exe
1556	Unicorn-63641.exe
2004	Unicorn-63641.exe
1288	Unicorn-17704.exe
2276	Unicorn-28250.exe
2888	Unicorn-28250.exe
2852	Unicorn-28250.exe
2508	Unicorn-7829.exe
2844	Unicorn-17459.exe
1736	Unicorn-3724.exe
1812	Unicorn-16168.exe
2344	Unicorn-24336.exe
2980	Unicorn-33494.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1568 wrote to memory of 2272	1568	1d1f8ff86fb8f37cae4c346a8ff1a5d7c584c98ea9fc2236be73dabcd8ebfaa1N.exe	29
PID 1568 wrote to memory of 2272	1568	1d1f8ff86fb8f37cae4c346a8ff1a5d7c584c98ea9fc2236be73dabcd8ebfaa1N.exe	29
PID 1568 wrote to memory of 2272	1568	1d1f8ff86fb8f37cae4c346a8ff1a5d7c584c98ea9fc2236be73dabcd8ebfaa1N.exe	29
PID 1568 wrote to memory of 2272	1568	1d1f8ff86fb8f37cae4c346a8ff1a5d7c584c98ea9fc2236be73dabcd8ebfaa1N.exe	29
PID 2272 wrote to memory of 2100	2272	Unicorn-43008.exe	30
PID 2272 wrote to memory of 2100	2272	Unicorn-43008.exe	30
PID 2272 wrote to memory of 2100	2272	Unicorn-43008.exe	30
PID 2272 wrote to memory of 2100	2272	Unicorn-43008.exe	30
PID 1568 wrote to memory of 1092	1568	1d1f8ff86fb8f37cae4c346a8ff1a5d7c584c98ea9fc2236be73dabcd8ebfaa1N.exe	31
PID 1568 wrote to memory of 1092	1568	1d1f8ff86fb8f37cae4c346a8ff1a5d7c584c98ea9fc2236be73dabcd8ebfaa1N.exe	31
PID 1568 wrote to memory of 1092	1568	1d1f8ff86fb8f37cae4c346a8ff1a5d7c584c98ea9fc2236be73dabcd8ebfaa1N.exe	31
PID 1568 wrote to memory of 1092	1568	1d1f8ff86fb8f37cae4c346a8ff1a5d7c584c98ea9fc2236be73dabcd8ebfaa1N.exe	31
PID 1092 wrote to memory of 2772	1092	Unicorn-64834.exe	32
PID 1092 wrote to memory of 2772	1092	Unicorn-64834.exe	32
PID 1092 wrote to memory of 2772	1092	Unicorn-64834.exe	32
PID 1092 wrote to memory of 2772	1092	Unicorn-64834.exe	32
PID 2272 wrote to memory of 2788	2272	Unicorn-43008.exe	33
PID 2272 wrote to memory of 2788	2272	Unicorn-43008.exe	33
PID 2272 wrote to memory of 2788	2272	Unicorn-43008.exe	33
PID 2272 wrote to memory of 2788	2272	Unicorn-43008.exe	33
PID 1568 wrote to memory of 2576	1568	1d1f8ff86fb8f37cae4c346a8ff1a5d7c584c98ea9fc2236be73dabcd8ebfaa1N.exe	34
PID 1568 wrote to memory of 2576	1568	1d1f8ff86fb8f37cae4c346a8ff1a5d7c584c98ea9fc2236be73dabcd8ebfaa1N.exe	34
PID 1568 wrote to memory of 2576	1568	1d1f8ff86fb8f37cae4c346a8ff1a5d7c584c98ea9fc2236be73dabcd8ebfaa1N.exe	34
PID 1568 wrote to memory of 2576	1568	1d1f8ff86fb8f37cae4c346a8ff1a5d7c584c98ea9fc2236be73dabcd8ebfaa1N.exe	34
PID 2100 wrote to memory of 2040	2100	Unicorn-6910.exe	35
PID 2100 wrote to memory of 2040	2100	Unicorn-6910.exe	35
PID 2100 wrote to memory of 2040	2100	Unicorn-6910.exe	35
PID 2100 wrote to memory of 2040	2100	Unicorn-6910.exe	35
PID 2788 wrote to memory of 1784	2788	Unicorn-13215.exe	36
PID 2788 wrote to memory of 1784	2788	Unicorn-13215.exe	36
PID 2788 wrote to memory of 1784	2788	Unicorn-13215.exe	36
PID 2788 wrote to memory of 1784	2788	Unicorn-13215.exe	36
PID 2576 wrote to memory of 3036	2576	Unicorn-26950.exe	37
PID 2576 wrote to memory of 3036	2576	Unicorn-26950.exe	37
PID 2576 wrote to memory of 3036	2576	Unicorn-26950.exe	37
PID 2576 wrote to memory of 3036	2576	Unicorn-26950.exe	37
PID 2772 wrote to memory of 3048	2772	Unicorn-58462.exe	38
PID 2772 wrote to memory of 3048	2772	Unicorn-58462.exe	38
PID 2772 wrote to memory of 3048	2772	Unicorn-58462.exe	38
PID 2772 wrote to memory of 3048	2772	Unicorn-58462.exe	38
PID 2040 wrote to memory of 2356	2040	Unicorn-33081.exe	39
PID 2040 wrote to memory of 2356	2040	Unicorn-33081.exe	39
PID 2040 wrote to memory of 2356	2040	Unicorn-33081.exe	39
PID 2040 wrote to memory of 2356	2040	Unicorn-33081.exe	39
PID 1092 wrote to memory of 1380	1092	Unicorn-64834.exe	40
PID 1092 wrote to memory of 1380	1092	Unicorn-64834.exe	40
PID 1092 wrote to memory of 1380	1092	Unicorn-64834.exe	40
PID 1092 wrote to memory of 1380	1092	Unicorn-64834.exe	40
PID 1568 wrote to memory of 1740	1568	1d1f8ff86fb8f37cae4c346a8ff1a5d7c584c98ea9fc2236be73dabcd8ebfaa1N.exe	41
PID 1568 wrote to memory of 1740	1568	1d1f8ff86fb8f37cae4c346a8ff1a5d7c584c98ea9fc2236be73dabcd8ebfaa1N.exe	41
PID 1568 wrote to memory of 1740	1568	1d1f8ff86fb8f37cae4c346a8ff1a5d7c584c98ea9fc2236be73dabcd8ebfaa1N.exe	41
PID 1568 wrote to memory of 1740	1568	1d1f8ff86fb8f37cae4c346a8ff1a5d7c584c98ea9fc2236be73dabcd8ebfaa1N.exe	41
PID 2272 wrote to memory of 2444	2272	Unicorn-43008.exe	42
PID 2272 wrote to memory of 2444	2272	Unicorn-43008.exe	42
PID 2272 wrote to memory of 2444	2272	Unicorn-43008.exe	42
PID 2272 wrote to memory of 2444	2272	Unicorn-43008.exe	42
PID 2100 wrote to memory of 2904	2100	Unicorn-6910.exe	43
PID 2100 wrote to memory of 2904	2100	Unicorn-6910.exe	43
PID 2100 wrote to memory of 2904	2100	Unicorn-6910.exe	43
PID 2100 wrote to memory of 2904	2100	Unicorn-6910.exe	43
PID 3036 wrote to memory of 2848	3036	Unicorn-51612.exe	44
PID 3036 wrote to memory of 2848	3036	Unicorn-51612.exe	44
PID 3036 wrote to memory of 2848	3036	Unicorn-51612.exe	44
PID 3036 wrote to memory of 2848	3036	Unicorn-51612.exe	44

C:\Users\Admin\AppData\Local\Temp\1d1f8ff86fb8f37cae4c346a8ff1a5d7c584c98ea9fc2236be73dabcd8ebfaa1N.exe
"C:\Users\Admin\AppData\Local\Temp\1d1f8ff86fb8f37cae4c346a8ff1a5d7c584c98ea9fc2236be73dabcd8ebfaa1N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1568
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43008.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43008.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6910.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6910.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33081.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42868.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56786.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58535.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2057.exe
        8⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3082.exe
        8⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54716.exe
        8⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40374.exe
        7⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37110.exe
        7⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40709.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17710.exe
        7⤵
        
        PID:4532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52074.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42347.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57614.exe
        7⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35757.exe
        7⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2258.exe
        7⤵
        
        PID:3300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11219.exe
        6⤵
        
        PID:1988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44542.exe
        6⤵
        
        PID:1572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54398.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21708.exe
        6⤵
        
        PID:3704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34776.exe
        6⤵
        
        PID:4564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33028.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28250.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19037.exe
        7⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8154.exe
        7⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5058.exe
        7⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24401.exe
        7⤵
        
        PID:5096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55013.exe
        6⤵
        
        PID:2568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39344.exe
        6⤵
        
        PID:3420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22479.exe
        6⤵
        
        PID:4372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16265.exe
        6⤵
        
        PID:5064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17459.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24813.exe
        6⤵
        
        PID:1104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56860.exe
        6⤵
        
        PID:3372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18535.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26504.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11004.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7754.exe
        5⤵
        
        PID:3228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39545.exe
        5⤵
        
        PID:4276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60271.exe
        5⤵
        
        PID:4864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-111.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-111.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37217.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10486.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34371.exe
        7⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53338.exe
        7⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11060.exe
        7⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1874.exe
        7⤵
        
        PID:4448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22289.exe
        6⤵
        
        PID:1860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51335.exe
        6⤵
        
        PID:3488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36878.exe
        6⤵
        
        PID:3868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51260.exe
        6⤵
        
        PID:3428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16265.exe
        6⤵
        
        PID:5088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63641.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12990.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41277.exe
        6⤵
        
        PID:2128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35757.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2258.exe
        6⤵
        
        PID:3816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60653.exe
        6⤵
        
        PID:1404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31940.exe
        5⤵
        
        PID:2328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23930.exe
        5⤵
        
        PID:536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18724.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2788.exe
        5⤵
        
        PID:3820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60271.exe
        5⤵
        
        PID:5112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4471.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4471.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45964.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10795.exe
        5⤵
        
        PID:112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43161.exe
        5⤵
        
        PID:3516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32955.exe
        5⤵
        
        PID:3684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34930.exe
        5⤵
        
        PID:3392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64737.exe
        5⤵
        
        PID:5040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61621.exe
      4⤵
      PID:2096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5195.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40891.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40891.exe
      4⤵
      PID:3496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3289.exe
      4⤵
      PID:3424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41459.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41459.exe
      4⤵
      PID:4192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55052.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55052.exe
      4⤵
      PID:5032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13215.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13215.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39168.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56786.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34176.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1122.exe
        7⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2627.exe
        7⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54837.exe
        7⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46276.exe
        7⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2258.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60653.exe
        7⤵
        
        PID:3644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22097.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24530.exe
        6⤵
        
        PID:2076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43790.exe
        6⤵
        
        PID:3244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24289.exe
        6⤵
        
        PID:3624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51260.exe
        6⤵
        
        PID:4144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16265.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63558.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13551.exe
        6⤵
        
        PID:3096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47729.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58810.exe
        6⤵
        
        PID:4692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61188.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3509.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54398.exe
        5⤵
        
        PID:4020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33247.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54936.exe
        5⤵
        
        PID:4220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19707.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19707.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45660.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60240.exe
        6⤵
        
        PID:1752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19290.exe
        6⤵
        
        PID:3520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39679.exe
        6⤵
        
        PID:3884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10923.exe
        6⤵
        
        PID:1240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15735.exe
        6⤵
        
        PID:5048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47069.exe
        5⤵
        
        PID:2024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1728.exe
        5⤵
        
        PID:3120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39344.exe
        5⤵
        
        PID:3352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51260.exe
        5⤵
        
        PID:4128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12181.exe
        5⤵
        
        PID:4952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6857.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6857.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57946.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5781.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32955.exe
        5⤵
        
        PID:3648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31690.exe
        5⤵
        
        PID:4972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17084.exe
      4⤵
      PID:1176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64465.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64465.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37862.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38774.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13245.exe
      4⤵
      PID:4552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36738.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36738.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16666.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16666.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7829.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60240.exe
        6⤵
        
        PID:2132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36093.exe
        6⤵
        
        PID:3824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30298.exe
        6⤵
        
        PID:3728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34245.exe
        6⤵
        
        PID:4628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43932.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19347.exe
        5⤵
        
        PID:2728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13804.exe
        5⤵
        
        PID:3988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32955.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10618.exe
        5⤵
        
        PID:4252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64737.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33494.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2060.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51802.exe
        5⤵
        
        PID:3896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31566.exe
        5⤵
        
        PID:3024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43945.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59975.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59975.exe
      4⤵
      PID:2144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30225.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30225.exe
      4⤵
      PID:3548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20343.exe
      4⤵
      PID:3876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2788.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2788.exe
      4⤵
      PID:2420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60271.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60271.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3236.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3236.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34176.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42347.exe
        5⤵
        
        PID:2976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4329.exe
        5⤵
        
        PID:2104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57198.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46909.exe
        5⤵
        
        PID:3396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34245.exe
        5⤵
        
        PID:4620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14204.exe
      4⤵
      PID:2248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18064.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18064.exe
      4⤵
      PID:2732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11454.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11454.exe
      4⤵
      PID:3764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34776.exe
      4⤵
      PID:4576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16224.exe
      4⤵
      PID:3472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12993.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12993.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21543.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41277.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41277.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39841.exe
      4⤵
      PID:3276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2258.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2258.exe
      4⤵
      PID:1388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64737.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64737.exe
      4⤵
      PID:5072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20389.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20389.exe
    3⤵
    PID:900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52743.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52743.exe
    3⤵
    PID:548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33397.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33397.exe
    3⤵
    PID:3936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11908.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11908.exe
    3⤵
    PID:3748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12110.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12110.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4516
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64834.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64834.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58462.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58462.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14663.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14663.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:3048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44918.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17887.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28250.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14417.exe
        8⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53530.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57198.exe
        8⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46909.exe
        8⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34245.exe
        8⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40374.exe
        7⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33025.exe
        7⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45544.exe
        7⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31690.exe
        7⤵
        
        PID:4988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16168.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53364.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10795.exe
        7⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37925.exe
        7⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32955.exe
        7⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31690.exe
        7⤵
        
        PID:4980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64722.exe
        6⤵
        
        PID:1676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30396.exe
        6⤵
        
        PID:2300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40361.exe
        6⤵
        
        PID:3504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21075.exe
        6⤵
        
        PID:3316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2788.exe
        6⤵
        
        PID:3168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60271.exe
        6⤵
        
        PID:4872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34393.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59534.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-245.exe
        6⤵
        
        PID:2748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4746.exe
        6⤵
        
        PID:3736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18395.exe
        6⤵
        
        PID:4184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16265.exe
        6⤵
        
        PID:4912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3819.exe
        5⤵
        
        PID:2596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32098.exe
        5⤵
        
        PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54398.exe
        5⤵
        
        PID:4016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15743.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56711.exe
        5⤵
        
        PID:4488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-740.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-740.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9863.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34179.exe
        6⤵
        
        PID:2988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12497.exe
        6⤵
        
        PID:2264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35757.exe
        6⤵
        
        PID:3292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2258.exe
        6⤵
        
        PID:3432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51345.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38677.exe
        5⤵
        
        PID:2492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15799.exe
        5⤵
        
        PID:3460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4215.exe
        5⤵
        
        PID:4888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28045.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28045.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20646.exe
        5⤵
        
        PID:3448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56860.exe
        5⤵
        
        PID:4044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14451.exe
        5⤵
        
        PID:4884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17852.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17852.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60381.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60381.exe
      4⤵
      PID:2392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27622.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27622.exe
      4⤵
      PID:3268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46794.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50852.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50852.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23002.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23002.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15946.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3724.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8277.exe
        6⤵
        
        PID:4660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20638.exe
        5⤵
        
        PID:2184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19669.exe
        5⤵
        
        PID:4004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24289.exe
        5⤵
        
        PID:3632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51260.exe
        5⤵
        
        PID:4120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12181.exe
        5⤵
        
        PID:5044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63641.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63641.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12990.exe
        5⤵
        
        PID:2828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41277.exe
        5⤵
        
        PID:1648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57198.exe
        5⤵
        
        PID:3952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46909.exe
        5⤵
        
        PID:3784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34245.exe
        5⤵
        
        PID:4612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11904.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11904.exe
      4⤵
      PID:2256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36374.exe
      4⤵
      PID:2900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54398.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54398.exe
      4⤵
      PID:4036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21708.exe
      4⤵
      PID:3708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23992.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23992.exe
      4⤵
      PID:4104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46572.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46572.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54451.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25352.exe
        5⤵
        
        PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10795.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37925.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32955.exe
        5⤵
        
        PID:3572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14702.exe
        5⤵
        
        PID:4384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64737.exe
        5⤵
        
        PID:5076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26098.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26098.exe
      4⤵
      PID:2412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24530.exe
      4⤵
      PID:980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49026.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49026.exe
      4⤵
      PID:3556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37769.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37769.exe
      4⤵
      PID:3852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59137.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59137.exe
      4⤵
      PID:4176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6137.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6137.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22493.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22493.exe
      4⤵
      PID:1748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29425.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29425.exe
      4⤵
      PID:3464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27089.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27089.exe
      4⤵
      PID:3264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10923.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10923.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51310.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51310.exe
    3⤵
    PID:1296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17774.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17774.exe
    3⤵
    PID:3604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37409.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37409.exe
    3⤵
    PID:772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46794.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46794.exe
    3⤵
    PID:1208
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26950.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26950.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51612.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51612.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43958.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43958.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28250.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24527.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55554.exe
        6⤵
        
        PID:3808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30298.exe
        6⤵
        
        PID:3716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32733.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6903.exe
        5⤵
        
        PID:2648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13804.exe
        5⤵
        
        PID:3980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32955.exe
        5⤵
        
        PID:3620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34930.exe
        5⤵
        
        PID:4136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64737.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24336.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21927.exe
        5⤵
        
        PID:2164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4437.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40709.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45523.exe
        5⤵
        
        PID:4160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41152.exe
      4⤵
      PID:1588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7593.exe
      4⤵
      PID:3112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54398.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54398.exe
      4⤵
      PID:4000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21708.exe
      4⤵
      PID:3712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12923.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12923.exe
      4⤵
      PID:4764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49557.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49557.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45660.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45660.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33904.exe
        5⤵
        
        PID:856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10795.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37925.exe
        5⤵
        
        PID:3208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32955.exe
        5⤵
        
        PID:2116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31690.exe
        5⤵
        
        PID:5004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38734.exe
      4⤵
      PID:1980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13430.exe
      4⤵
      PID:1972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11117.exe
      4⤵
      PID:3384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24289.exe
      4⤵
      PID:3588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48756.exe
      4⤵
      PID:5016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17704.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17704.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20391.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20391.exe
      4⤵
      PID:1620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2627.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2627.exe
      4⤵
      PID:2776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58921.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58921.exe
      4⤵
      PID:3160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32955.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32955.exe
      4⤵
      PID:3668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28228.exe
        5⤵
        
        PID:4068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1240.exe
        5⤵
        
        PID:2140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15213.exe
      4⤵
      PID:3800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61177.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61177.exe
      4⤵
      PID:4484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24864.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24864.exe
    3⤵
    PID:2756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5195.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5195.exe
    3⤵
    PID:2616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35655.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35655.exe
    3⤵
    PID:3212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27969.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27969.exe
    3⤵
    PID:3756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12110.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12110.exe
    3⤵
    PID:4496
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42603.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42603.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20606.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20606.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9863.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8823.exe
        5⤵
        Executes dropped EXE
        
        PID:276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24941.exe
        5⤵
        
        PID:1716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35757.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39015.exe
        5⤵
        
        PID:4260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45751.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45751.exe
      4⤵
      PID:832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24530.exe
      4⤵
      PID:932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49026.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49026.exe
      4⤵
      PID:3564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24289.exe
      4⤵
      PID:3152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51260.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51260.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10226.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10226.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37879.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37879.exe
      4⤵
      PID:2736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3779.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3779.exe
      4⤵
      PID:2244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5252.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5252.exe
      4⤵
      PID:3376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32955.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32955.exe
      4⤵
      PID:3004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31690.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31690.exe
      4⤵
      PID:4996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60145.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60145.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60878.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60878.exe
    3⤵
    PID:1252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54398.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54398.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33247.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33247.exe
    3⤵
    PID:3204
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40264.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40264.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5442.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5442.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61999.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61999.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41277.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41277.exe
      4⤵
      PID:2804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35757.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35757.exe
      4⤵
      PID:3336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2258.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2258.exe
      4⤵
      PID:4088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13545.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13545.exe
    3⤵
    PID:2324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55013.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55013.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63063.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63063.exe
    3⤵
    PID:4048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38244.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38244.exe
    3⤵
    PID:3408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17710.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17710.exe
    3⤵
    PID:4524
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24709.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24709.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37122.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37122.exe
    3⤵
    PID:3772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56198.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56198.exe
    3⤵
    PID:3224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37046.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37046.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45890.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45890.exe
    3⤵
    PID:4456
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51840.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51840.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2152
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13309.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13309.exe
  2⤵
  PID:3612
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10543.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10543.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3796
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45659.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45659.exe
  2⤵
  PID:4204
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31401.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31401.exe
  2⤵
  PID:4896

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-23002.exe

Filesize
468KB

MD5
3402b860227e232c934dc36e49a42cb6

SHA1
92b5626f0ca559c8be5a414ec5a6eafb9a010045

SHA256
5cf2c33dbecc2ebf1ea8eb0baefaa2905ccb37beed8e244b9d7bea9a78a9d41f

SHA512
cd09a3d997ffc323a6d533dd9e7059544ce3b71b9af05ab62a731659e076c104d660b956e2986d3a01513f3ec25c2b45ff3e563d64f7b99596b94ba332884c2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26950.exe

Filesize
468KB

MD5
691d8a971c663905290c5bcb8e116513

SHA1
fb1ce43bc65364280a963210efce7553bc2b3320

SHA256
e2fa1a10fb0c0e48aabaaf2764fa762dcffa7de00d93342829dd2b959dbf2212

SHA512
168f31103ce9b775ba754c401abc9950c75b1119940ee5f2cd86b4720146786d7b57afcdfdbc458827279764ea91227419432b3a7667918618b3f70e6b53605f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37862.exe

Filesize
468KB

MD5
fe21d9d8f0328d686e2fee45b08dac2f

SHA1
94cb128bc617e85f443dbfd3fb0c6c3cf3961b0a

SHA256
3b2d049b1d5836f80b72bdfa1e1fdfadc18b2a0de070e5e58f148b7793f45ea6

SHA512
18093ceeb3c5b25fcb7c084e358f71d5100a041fe75710ff642742ffa914ac9565b9cae40a781ff05d20a5fdc246e9223a71e49bd6b1414cd5c6fe5b98cc8def

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3819.exe

Filesize
468KB

MD5
e30e65036467241d6ebb9d46c1513cea

SHA1
dc55c19322f6097c57b6db261921b0f73934227e

SHA256
c1dd056488469c7d19f380a4c9a41a4f27e3c2d86ea8fe590a8877d75e1843c6

SHA512
98b91705914c9e01c5f9edd9e561106c4363548fb1aa9e6a93940b526be274e09018cdc802335a57a3e0d88ee748af92ff37d12d1f2515e073d6fcd914e4b51d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39168.exe

Filesize
468KB

MD5
e2ad3a1e0c9041eb40eb5bb7dae8b02a

SHA1
4fe738f6f94bd8199340d7d0d113281702c63a39

SHA256
866f8c07f1a60af9e934cbe365fe9fec94ace4b58036e76bc1803f55e8fa58dd

SHA512
a10bb4be73a5d4e519c036ca098cfc7a1cfe2e91f5a26c5a104bf4fe033ebc2cc30e91235a6631aa2f34f95ba51d50127823771c0fd1ec74e45670d179c7ffd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42603.exe

Filesize
468KB

MD5
c191ecf9b39a476b9bded725cc6d37b1

SHA1
d9850a5c560da3308457b8eb128d22e78574dfb2

SHA256
c96a154f9ecd0ff8285916632153c93400816f82f5860e5c90ab6d8f2b9212ef

SHA512
8b5cd42c582268941f3960e17a07ef1b0245e1141590b1b47fb8ab8c9a749173dd17adf99194da3e541caccb2277418d6148cc67584cb48797440a47a817ff43

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42868.exe

Filesize
468KB

MD5
c994063f639cb9683e98ab3ff8cb1fc5

SHA1
d8ff028cb5c48cfbc334e0de4f43d67bfefc7932

SHA256
479d254aff7f2df3faf47d534416e57a1da1d5e1b4ac52ded1e80db4384690fe

SHA512
2e43c4e29ce0989e3a81b7847398927dc88c4c0e4f6fd7a232d13e51dcdef47888e38f385cd17be1f7a3173d93a52450f2d0a8feccee05bdda770e2d2ee525cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5442.exe

Filesize
468KB

MD5
df893a0eb1fc53e4db73bfb47aff4b34

SHA1
0d015b57ccb6a9c595212918865d80c27e4674ff

SHA256
dd307ddc71ae61abb394f7adb39b32878d555ca86f0e99a48214ca430748483a

SHA512
5c8c26e3a51c19998aa95c35b775590945b62322339a96a931a3993877a5b57a6fce249ff66d87c75702da1fcbd9b772bf285ecc0b989d6182688c41cffbad7a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-111.exe

Filesize
468KB

MD5
4afee2926b67d8bee6f0ac83d2faba3e

SHA1
1c21c601533e108cb7a718d4cdd8cdd5052df7d5

SHA256
cd308152243422e9a11ea4eed1c37bc939e5b2f08b2561c0f41a82512d41d43f

SHA512
db8e1629e2a372ab7458342040e22208a0c46cd182b48087daa556f526f21ce51b0a95e162eb61f69012e879794b2df812a90be7fc10915aa7a02356d43d2b51

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13215.exe

Filesize
468KB

MD5
95c76f9f8d1f21621b4f976bf2420340

SHA1
d948ac28fcd9a19be759be8a44eb0a3dbc2450f2

SHA256
5949b475d1a54aee2a0883c78fb902287971c60523413d56d6e174db0bced796

SHA512
2183b50b088a18fa1bead1d97e56c4559ac942e2335a392aa53252aabffcc5a21357557f8ac2c430f6569ac7a2bec0b8e44c87e4eb27a66586e1b848f4fb3e14

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14663.exe

Filesize
468KB

MD5
6188dbd8fb5e8d137310d35e11370d5b

SHA1
329d074646ac52a7b96e1860e468cbbbf1b6e2b5

SHA256
56c8d486b5296dd2905b6ca2c9a3878a8f6d6b07530104ecd85a81dc86cb62eb

SHA512
3803202bcc5f5f3729d5d162b1b480933bc2cc5e36b728645f5baa7e9e25ee2fcdc9d5a0e2b763e2e942408617915a39c9320041f9eb94e6cf4a1aebf8b277b1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33081.exe

Filesize
468KB

MD5
265affc976bc5d677e6b5cbcb37d8aac

SHA1
f7cdc36c005f6647759c0cb873dac332249d5832

SHA256
f59c5c48796061bc016097754b373e012c8b88a4f8f6e6989e36d0f8ec15800f

SHA512
c3a786545c0b10613ab8d43136d8a04f48afeb03d2139ee4ec444bc73e596641134abe1cae4e43ee0850b94db537967e4267d1cf1b35c5644df2ce8d4d713e57

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36738.exe

Filesize
468KB

MD5
aeb7c7bf38892838d865bb4ae4da9641

SHA1
2fe6c086ec2a13285934bfc737e78d9c29ae8232

SHA256
e6eba031e6af7d2860b33b4adc10b2661848d7e7ccaf4c992f55d7dd7221042a

SHA512
752888a9ba4fc7dafe8c5838369e1b54841ff613ed48d594d8ad25a38abe373679d2c486f697c5efd44d5570be63d9415e2342a5b57a3370e4375ad3e87c5434

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43008.exe

Filesize
468KB

MD5
fe3b40f6b3984f0fb5c277fd466db20f

SHA1
c2c141e0b5df8aa564fa76db73ba5c8c7717dd67

SHA256
9a6506b409122cefd9446aa647ed2720b6d7d5b9b0bbdef869133a3cd81a9e9e

SHA512
5186d2ba40c8978a50470266fd92c54113a3ea08b5c1b5a365847170dc3acdceca26ea13fb43a11029005e441634a1f73baf0aa096fd77ffeb69e3faa91f53b7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43958.exe

Filesize
468KB

MD5
c6da3f01a13110b66916f939a2b8d27e

SHA1
899fc94309a39c0d2cc519eeb36b24636bb920c7

SHA256
cab2456825c364355ce0081ab055e0494ab0536ac88821576f9826f1a686de83

SHA512
af3e6a617f0e776a9dc8c2962fce639bb11cde7c8f20c48472669409ada0bd6e62efe7dcaa8a5f4f11d0894da9428c513a97ef7120923eebd1071db77e14d9f4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44918.exe

Filesize
468KB

MD5
3181b4ba40d564a19e28e09a61a9f61d

SHA1
6be43de3af20109aa4c5b388eb3260acb3ed4f23

SHA256
6859965d3ca3de6d587dd4a88cb9acdb59327785890842f377b6ec2449c5d883

SHA512
b3cd8344ada31b5e01391bda2a987836df4bb51d4c3596ecd2b4e0528cb4147f51360f4fa921402ad72f1b09189fed37c20b6f0602f79c856dcac3804a69554e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49557.exe

Filesize
468KB

MD5
d901af669dc0e84c9fb2920ab5cf3d8b

SHA1
0efdb6fb17d6be22e8baf3712f979da9fc0ea3fe

SHA256
f96a6267f4479f047cacf05acebc9eabec550a0ec43e6c3c0d30aa72807f687a

SHA512
e38885f274c8017b594aae824be4739198d5c73b75ce2fda7b8e55ce6f78358b21833541250f8f461af1b7186f0bded85be54ec4eb9aa1d6b19ce998e9208d37

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51612.exe

Filesize
468KB

MD5
f413d0372a45c63782c435953750dfc1

SHA1
60ddb48d19ba5b6ee21824bb13b7f5224f375db2

SHA256
addb4316156d9780aa447effe4624cb1b07a40463d735b22a57fa1eddbfb494e

SHA512
fe97ce3bc4b3799a1940b62296986234109659e6746a6f27cb87c9a710f9d2b14ba27f3894cd9532e90fa0f29f11351de8bca6316d8b92acd4c345f0c2c12d8c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58462.exe

Filesize
468KB

MD5
374d2dc8ad33230b202a7f7fadcad190

SHA1
656a1d61be6d50d9ff2aa6360530808e785ab13a

SHA256
e191f098a49f8383c4309cc86493e01fd42d0a1d203f5a59757c8dc708f32b15

SHA512
075d836903c4a853955d9cf64d42009f827a625ed86424fb9b98c75140b2795237488d61da59c47004adddfc4012638ca598fe0838823ba85fb0f83aeae2f36a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64834.exe

Filesize
468KB

MD5
1648782b591b25152037f1e751fb5963

SHA1
48425bf70136b5c54a555b883b484255f59e5a00

SHA256
ff1d9323b81d72e912766dbe8be4170cc66005a5f6beb16334e947889bd7676d

SHA512
7c9c125fb7e4c691453aea3a27631a8bdaef82e5eda2a4b0af998b94093d689fdd1bd16d0cd0d76bd2179423a85b4a7a5fa291f0bd10ad8aeb287dec7e16fceb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6910.exe

Filesize
468KB

MD5
2d15f829aeb7f6f9906a8c151a6a22d4

SHA1
46116311646cf7b58e369bf62211f785f7ec34d6

SHA256
eb110d364cd0425220b8d6f317fb649ce745106bcf0647e702a16dfba43fae70

SHA512
3f2daad9b40e8a0a194e9a108956e53d30aca806ce9d110196d6f695b3bea83f58fb44056aaf4e4ef548d25456d537709fcee88291e463456d2be6f4cf09d4da

Download Submit