217f0a7496458bc11b67a317fb0efede0870e748bbae2f64c399d12a430cc99b

Analysis

max time kernel
120s
max time network
15s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03/10/2024, 20:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

217f0a7496458bc11b67a317fb0efede0870e748bbae2f64c399d12a430cc99bN.exe
Size

468KB
MD5

7bb6a8eeb978184503dfc7b488b69970
SHA1

4693f0e7d071ce4714e7875806b6eb377bcf286b
SHA256

217f0a7496458bc11b67a317fb0efede0870e748bbae2f64c399d12a430cc99b
SHA512

a9551cfba6837fd3bb0ec3c0dcc6fad0782ad9a7b39f4d29d2af26187288fe29129de222dd37fa3df2c38554994e05b27fdc46856d0bd9a8d6ab214cd0e56e6b
SSDEEP

3072:3HoHoEXvt05RLbYcH5uwvf8/uCy8P0pknLHewVx3i0re5b6jJIly:3HMoQ8RLPHQwvf2Ylii0yR6jJ

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2480	Unicorn-5227.exe
2844	Unicorn-37947.exe
2932	Unicorn-9913.exe
2972	Unicorn-11641.exe
2988	Unicorn-10318.exe
2632	Unicorn-21292.exe
1456	Unicorn-30198.exe
2556	Unicorn-2709.exe
2872	Unicorn-19146.exe
2400	Unicorn-4755.exe
2040	Unicorn-46343.exe
552	Unicorn-8839.exe
2880	Unicorn-21402.exe
2464	Unicorn-25542.exe
2172	Unicorn-9114.exe
2240	Unicorn-7360.exe
2216	Unicorn-9306.exe
2160	Unicorn-3176.exe
2208	Unicorn-22934.exe
2220	Unicorn-40033.exe
528	Unicorn-3852.exe
1492	Unicorn-10629.exe
1044	Unicorn-49524.exe
2016	Unicorn-54999.exe
2320	Unicorn-35133.exe
1148	Unicorn-25954.exe
1008	Unicorn-44885.exe
960	Unicorn-10074.exe
2196	Unicorn-59830.exe
2120	Unicorn-52487.exe
1568	Unicorn-9389.exe
2716	Unicorn-18880.exe
1600	Unicorn-6436.exe
2312	Unicorn-49400.exe
2836	Unicorn-55522.exe
2780	Unicorn-26842.exe
3028	Unicorn-30163.exe
2664	Unicorn-2145.exe
2648	Unicorn-45124.exe
2644	Unicorn-38994.exe
2800	Unicorn-41040.exe
2128	Unicorn-47625.exe
2532	Unicorn-63141.exe
1700	Unicorn-27226.exe
3008	Unicorn-25088.exe
2616	Unicorn-5222.exe
2416	Unicorn-15336.exe
2876	Unicorn-53676.exe
2860	Unicorn-53676.exe
2984	Unicorn-46692.exe
2348	Unicorn-55622.exe
2424	Unicorn-50168.exe
2276	Unicorn-54807.exe
2528	Unicorn-5606.exe
2388	Unicorn-10120.exe
2212	Unicorn-47838.exe
2168	Unicorn-61413.exe
2328	Unicorn-15742.exe
756	Unicorn-7473.exe
652	Unicorn-53567.exe
2596	Unicorn-23316.exe
2000	Unicorn-6888.exe
1164	Unicorn-31393.exe
1000	Unicorn-566.exe

Loads dropped DLL 64 IoCs

pid	Process
1120	217f0a7496458bc11b67a317fb0efede0870e748bbae2f64c399d12a430cc99bN.exe
1120	217f0a7496458bc11b67a317fb0efede0870e748bbae2f64c399d12a430cc99bN.exe
2480	Unicorn-5227.exe
1120	217f0a7496458bc11b67a317fb0efede0870e748bbae2f64c399d12a430cc99bN.exe
2480	Unicorn-5227.exe
1120	217f0a7496458bc11b67a317fb0efede0870e748bbae2f64c399d12a430cc99bN.exe
2480	Unicorn-5227.exe
2480	Unicorn-5227.exe
2844	Unicorn-37947.exe
2844	Unicorn-37947.exe
1120	217f0a7496458bc11b67a317fb0efede0870e748bbae2f64c399d12a430cc99bN.exe
1120	217f0a7496458bc11b67a317fb0efede0870e748bbae2f64c399d12a430cc99bN.exe
2932	Unicorn-9913.exe
2932	Unicorn-9913.exe
2972	Unicorn-11641.exe
2972	Unicorn-11641.exe
2480	Unicorn-5227.exe
2632	Unicorn-21292.exe
2480	Unicorn-5227.exe
2632	Unicorn-21292.exe
2988	Unicorn-10318.exe
2844	Unicorn-37947.exe
2844	Unicorn-37947.exe
2988	Unicorn-10318.exe
1120	217f0a7496458bc11b67a317fb0efede0870e748bbae2f64c399d12a430cc99bN.exe
1120	217f0a7496458bc11b67a317fb0efede0870e748bbae2f64c399d12a430cc99bN.exe
1456	Unicorn-30198.exe
2932	Unicorn-9913.exe
2932	Unicorn-9913.exe
1456	Unicorn-30198.exe
2040	Unicorn-46343.exe
2040	Unicorn-46343.exe
2880	Unicorn-21402.exe
2880	Unicorn-21402.exe
2844	Unicorn-37947.exe
2844	Unicorn-37947.exe
552	Unicorn-8839.exe
1120	217f0a7496458bc11b67a317fb0efede0870e748bbae2f64c399d12a430cc99bN.exe
552	Unicorn-8839.exe
1120	217f0a7496458bc11b67a317fb0efede0870e748bbae2f64c399d12a430cc99bN.exe
2400	Unicorn-4755.exe
2988	Unicorn-10318.exe
2972	Unicorn-11641.exe
2400	Unicorn-4755.exe
2556	Unicorn-2709.exe
2988	Unicorn-10318.exe
2972	Unicorn-11641.exe
2632	Unicorn-21292.exe
2556	Unicorn-2709.exe
2632	Unicorn-21292.exe
2480	Unicorn-5227.exe
2480	Unicorn-5227.exe
2172	Unicorn-9114.exe
2172	Unicorn-9114.exe
2464	Unicorn-25542.exe
2464	Unicorn-25542.exe
1456	Unicorn-30198.exe
1456	Unicorn-30198.exe
2932	Unicorn-9913.exe
2932	Unicorn-9913.exe
2240	Unicorn-7360.exe
2240	Unicorn-7360.exe
2872	Unicorn-19146.exe
2872	Unicorn-19146.exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9576.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3711.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48483.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41476.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50837.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37266.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57131.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52690.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17803.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54395.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7682.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29194.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56880.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27226.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13940.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13634.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34192.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40634.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41696.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37102.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44025.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1441.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48530.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39519.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31289.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49912.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26153.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59238.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45730.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20457.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59830.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5606.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11936.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12761.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37947.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61024.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59877.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6747.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6888.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60809.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8588.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38237.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17152.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38989.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31393.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62347.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55378.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58087.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28352.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61854.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8075.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11412.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30198.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9114.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25954.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-566.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40730.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3711.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-911.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59638.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9306.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20459.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15444.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8075.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1120	217f0a7496458bc11b67a317fb0efede0870e748bbae2f64c399d12a430cc99bN.exe
2480	Unicorn-5227.exe
2844	Unicorn-37947.exe
2932	Unicorn-9913.exe
2988	Unicorn-10318.exe
2972	Unicorn-11641.exe
2632	Unicorn-21292.exe
1456	Unicorn-30198.exe
2872	Unicorn-19146.exe
2400	Unicorn-4755.exe
2040	Unicorn-46343.exe
552	Unicorn-8839.exe
2880	Unicorn-21402.exe
2556	Unicorn-2709.exe
2464	Unicorn-25542.exe
2172	Unicorn-9114.exe
2240	Unicorn-7360.exe
2220	Unicorn-40033.exe
2016	Unicorn-54999.exe
2320	Unicorn-35133.exe
1492	Unicorn-10629.exe
2160	Unicorn-3176.exe
2216	Unicorn-9306.exe
2208	Unicorn-22934.exe
1148	Unicorn-25954.exe
1044	Unicorn-49524.exe
528	Unicorn-3852.exe
960	Unicorn-10074.exe
1008	Unicorn-44885.exe
2196	Unicorn-59830.exe
2120	Unicorn-52487.exe
1568	Unicorn-9389.exe
2716	Unicorn-18880.exe
1600	Unicorn-6436.exe
2836	Unicorn-55522.exe
2312	Unicorn-49400.exe
2780	Unicorn-26842.exe
2664	Unicorn-2145.exe
3028	Unicorn-30163.exe
2648	Unicorn-45124.exe
2644	Unicorn-38994.exe
2800	Unicorn-41040.exe
2128	Unicorn-47625.exe
2532	Unicorn-63141.exe
1700	Unicorn-27226.exe
3008	Unicorn-25088.exe
2616	Unicorn-5222.exe
2860	Unicorn-53676.exe
2348	Unicorn-55622.exe
2424	Unicorn-50168.exe
2876	Unicorn-53676.exe
2416	Unicorn-15336.exe
2984	Unicorn-46692.exe
2276	Unicorn-54807.exe
2388	Unicorn-10120.exe
2528	Unicorn-5606.exe
2328	Unicorn-15742.exe
2168	Unicorn-61413.exe
2212	Unicorn-47838.exe
756	Unicorn-7473.exe
652	Unicorn-53567.exe
2596	Unicorn-23316.exe
2000	Unicorn-6888.exe
2096	Unicorn-566.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1120 wrote to memory of 2480	1120	217f0a7496458bc11b67a317fb0efede0870e748bbae2f64c399d12a430cc99bN.exe	29
PID 1120 wrote to memory of 2480	1120	217f0a7496458bc11b67a317fb0efede0870e748bbae2f64c399d12a430cc99bN.exe	29
PID 1120 wrote to memory of 2480	1120	217f0a7496458bc11b67a317fb0efede0870e748bbae2f64c399d12a430cc99bN.exe	29
PID 1120 wrote to memory of 2480	1120	217f0a7496458bc11b67a317fb0efede0870e748bbae2f64c399d12a430cc99bN.exe	29
PID 2480 wrote to memory of 2844	2480	Unicorn-5227.exe	30
PID 2480 wrote to memory of 2844	2480	Unicorn-5227.exe	30
PID 2480 wrote to memory of 2844	2480	Unicorn-5227.exe	30
PID 2480 wrote to memory of 2844	2480	Unicorn-5227.exe	30
PID 1120 wrote to memory of 2932	1120	217f0a7496458bc11b67a317fb0efede0870e748bbae2f64c399d12a430cc99bN.exe	31
PID 1120 wrote to memory of 2932	1120	217f0a7496458bc11b67a317fb0efede0870e748bbae2f64c399d12a430cc99bN.exe	31
PID 1120 wrote to memory of 2932	1120	217f0a7496458bc11b67a317fb0efede0870e748bbae2f64c399d12a430cc99bN.exe	31
PID 1120 wrote to memory of 2932	1120	217f0a7496458bc11b67a317fb0efede0870e748bbae2f64c399d12a430cc99bN.exe	31
PID 2480 wrote to memory of 2972	2480	Unicorn-5227.exe	32
PID 2480 wrote to memory of 2972	2480	Unicorn-5227.exe	32
PID 2480 wrote to memory of 2972	2480	Unicorn-5227.exe	32
PID 2480 wrote to memory of 2972	2480	Unicorn-5227.exe	32
PID 2844 wrote to memory of 2988	2844	Unicorn-37947.exe	33
PID 2844 wrote to memory of 2988	2844	Unicorn-37947.exe	33
PID 2844 wrote to memory of 2988	2844	Unicorn-37947.exe	33
PID 2844 wrote to memory of 2988	2844	Unicorn-37947.exe	33
PID 1120 wrote to memory of 2632	1120	217f0a7496458bc11b67a317fb0efede0870e748bbae2f64c399d12a430cc99bN.exe	34
PID 1120 wrote to memory of 2632	1120	217f0a7496458bc11b67a317fb0efede0870e748bbae2f64c399d12a430cc99bN.exe	34
PID 1120 wrote to memory of 2632	1120	217f0a7496458bc11b67a317fb0efede0870e748bbae2f64c399d12a430cc99bN.exe	34
PID 1120 wrote to memory of 2632	1120	217f0a7496458bc11b67a317fb0efede0870e748bbae2f64c399d12a430cc99bN.exe	34
PID 2932 wrote to memory of 1456	2932	Unicorn-9913.exe	35
PID 2932 wrote to memory of 1456	2932	Unicorn-9913.exe	35
PID 2932 wrote to memory of 1456	2932	Unicorn-9913.exe	35
PID 2932 wrote to memory of 1456	2932	Unicorn-9913.exe	35
PID 2972 wrote to memory of 2872	2972	Unicorn-11641.exe	36
PID 2972 wrote to memory of 2872	2972	Unicorn-11641.exe	36
PID 2972 wrote to memory of 2872	2972	Unicorn-11641.exe	36
PID 2972 wrote to memory of 2872	2972	Unicorn-11641.exe	36
PID 2480 wrote to memory of 2556	2480	Unicorn-5227.exe	37
PID 2480 wrote to memory of 2556	2480	Unicorn-5227.exe	37
PID 2480 wrote to memory of 2556	2480	Unicorn-5227.exe	37
PID 2480 wrote to memory of 2556	2480	Unicorn-5227.exe	37
PID 2632 wrote to memory of 2400	2632	Unicorn-21292.exe	38
PID 2632 wrote to memory of 2400	2632	Unicorn-21292.exe	38
PID 2632 wrote to memory of 2400	2632	Unicorn-21292.exe	38
PID 2632 wrote to memory of 2400	2632	Unicorn-21292.exe	38
PID 2844 wrote to memory of 2040	2844	Unicorn-37947.exe	40
PID 2844 wrote to memory of 2040	2844	Unicorn-37947.exe	40
PID 2844 wrote to memory of 2040	2844	Unicorn-37947.exe	40
PID 2844 wrote to memory of 2040	2844	Unicorn-37947.exe	40
PID 2988 wrote to memory of 552	2988	Unicorn-10318.exe	39
PID 2988 wrote to memory of 552	2988	Unicorn-10318.exe	39
PID 2988 wrote to memory of 552	2988	Unicorn-10318.exe	39
PID 2988 wrote to memory of 552	2988	Unicorn-10318.exe	39
PID 1120 wrote to memory of 2880	1120	217f0a7496458bc11b67a317fb0efede0870e748bbae2f64c399d12a430cc99bN.exe	41
PID 1120 wrote to memory of 2880	1120	217f0a7496458bc11b67a317fb0efede0870e748bbae2f64c399d12a430cc99bN.exe	41
PID 1120 wrote to memory of 2880	1120	217f0a7496458bc11b67a317fb0efede0870e748bbae2f64c399d12a430cc99bN.exe	41
PID 1120 wrote to memory of 2880	1120	217f0a7496458bc11b67a317fb0efede0870e748bbae2f64c399d12a430cc99bN.exe	41
PID 2932 wrote to memory of 2464	2932	Unicorn-9913.exe	43
PID 2932 wrote to memory of 2464	2932	Unicorn-9913.exe	43
PID 2932 wrote to memory of 2464	2932	Unicorn-9913.exe	43
PID 2932 wrote to memory of 2464	2932	Unicorn-9913.exe	43
PID 1456 wrote to memory of 2172	1456	Unicorn-30198.exe	42
PID 1456 wrote to memory of 2172	1456	Unicorn-30198.exe	42
PID 1456 wrote to memory of 2172	1456	Unicorn-30198.exe	42
PID 1456 wrote to memory of 2172	1456	Unicorn-30198.exe	42
PID 2040 wrote to memory of 2240	2040	Unicorn-46343.exe	44
PID 2040 wrote to memory of 2240	2040	Unicorn-46343.exe	44
PID 2040 wrote to memory of 2240	2040	Unicorn-46343.exe	44
PID 2040 wrote to memory of 2240	2040	Unicorn-46343.exe	44

C:\Users\Admin\AppData\Local\Temp\217f0a7496458bc11b67a317fb0efede0870e748bbae2f64c399d12a430cc99bN.exe
"C:\Users\Admin\AppData\Local\Temp\217f0a7496458bc11b67a317fb0efede0870e748bbae2f64c399d12a430cc99bN.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1120
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5227.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5227.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37947.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37947.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10318.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8839.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40033.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53676.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63162.exe
        8⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64563.exe
        8⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39036.exe
        8⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61987.exe
        8⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30073.exe
        8⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62347.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42118.exe
        7⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8144.exe
        7⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45647.exe
        7⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36096.exe
        7⤵
        
        PID:4020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54807.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15004.exe
        7⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59877.exe
        7⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6747.exe
        7⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54395.exe
        7⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46869.exe
        7⤵
        
        PID:4344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17390.exe
        6⤵
        
        PID:1688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55291.exe
        6⤵
        
        PID:3616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64023.exe
        6⤵
        
        PID:4072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20987.exe
        6⤵
        
        PID:4244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38237.exe
        6⤵
        
        PID:4672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10629.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2145.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20459.exe
        7⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40634.exe
        7⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41476.exe
        7⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56880.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61854.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54370.exe
        6⤵
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16282.exe
        6⤵
        
        PID:3560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8408.exe
        6⤵
        
        PID:4596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38994.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26022.exe
        6⤵
        
        PID:2140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29861.exe
        6⤵
        
        PID:916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3711.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58087.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38989.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50837.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40797.exe
        5⤵
        
        PID:1800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49912.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49952.exe
        5⤵
        
        PID:3488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56882.exe
        5⤵
        
        PID:4888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46343.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7360.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9389.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20293.exe
        7⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16676.exe
        8⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63193.exe
        8⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41558.exe
        8⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42689.exe
        8⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21314.exe
        7⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11391.exe
        7⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13634.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44085.exe
        7⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21706.exe
        7⤵
        
        PID:4300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20354.exe
        6⤵
        
        PID:2676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17256.exe
        6⤵
        
        PID:2888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26074.exe
        6⤵
        
        PID:4044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14277.exe
        6⤵
        
        PID:3896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47770.exe
        6⤵
        
        PID:4620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6436.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6888.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49255.exe
        7⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15954.exe
        7⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48530.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63405.exe
        7⤵
        
        PID:4340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28818.exe
        6⤵
        
        PID:2692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46825.exe
        6⤵
        
        PID:3296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55399.exe
        6⤵
        
        PID:3952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26153.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-566.exe
        5⤵
        Executes dropped EXE
        
        PID:1000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48155.exe
        6⤵
        
        PID:572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41867.exe
        6⤵
        
        PID:4652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48419.exe
        5⤵
        
        PID:2808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44025.exe
        5⤵
        
        PID:3248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30198.exe
        5⤵
        
        PID:3716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52414.exe
        5⤵
        
        PID:4608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3176.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41040.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28352.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61164.exe
        6⤵
        
        PID:2768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11469.exe
        6⤵
        
        PID:4088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39478.exe
        6⤵
        
        PID:1556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12429.exe
        6⤵
        
        PID:4644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43873.exe
        5⤵
        
        PID:1736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12761.exe
        5⤵
        
        PID:1792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48985.exe
        5⤵
        
        PID:2136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11412.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36096.exe
        5⤵
        
        PID:3464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63141.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63141.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13686.exe
        5⤵
        
        PID:2500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20459.exe
        6⤵
        
        PID:2824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5824.exe
        6⤵
        
        PID:1080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49422.exe
        6⤵
        
        PID:3640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22453.exe
        6⤵
        
        PID:5004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-593.exe
        5⤵
        
        PID:1552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19559.exe
        5⤵
        
        PID:1572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13982.exe
        5⤵
        
        PID:3432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59352.exe
        5⤵
        
        PID:3980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39988.exe
        5⤵
        
        PID:4388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31289.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16967.exe
        5⤵
        
        PID:3652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12062.exe
        5⤵
        
        PID:3308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17803.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63405.exe
        5⤵
        
        PID:4896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24261.exe
      4⤵
      PID:2336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1441.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1441.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28421.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28421.exe
      4⤵
      PID:3468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51547.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51547.exe
      4⤵
      PID:4956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11641.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11641.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19146.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19146.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18880.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15742.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36136.exe
        7⤵
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12761.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34740.exe
        7⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30812.exe
        7⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30704.exe
        7⤵
        
        PID:4592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31236.exe
        6⤵
        
        PID:1144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43597.exe
        6⤵
        
        PID:1996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9576.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49422.exe
        6⤵
        
        PID:3612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61348.exe
        6⤵
        
        PID:4940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7473.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12937.exe
        6⤵
        
        PID:4432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31424.exe
        5⤵
        
        PID:628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53563.exe
        5⤵
        
        PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65009.exe
        5⤵
        
        PID:3900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46260.exe
        5⤵
        
        PID:4164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44459.exe
        5⤵
        
        PID:4580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49524.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49524.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53567.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55378.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40634.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61054.exe
        6⤵
        
        PID:3080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62480.exe
        6⤵
        
        PID:3444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62398.exe
        6⤵
        
        PID:4968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8870.exe
        5⤵
        
        PID:2148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42768.exe
        5⤵
        
        PID:2284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46734.exe
        5⤵
        
        PID:3932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3922.exe
        5⤵
        
        PID:4220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59768.exe
        5⤵
        
        PID:4772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23316.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23316.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48419.exe
      4⤵
      PID:896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44025.exe
      4⤵
      PID:3288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30198.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30198.exe
      4⤵
      PID:3724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20987.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20987.exe
      4⤵
      PID:4264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38237.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38237.exe
      4⤵
      PID:4720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2709.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2709.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54999.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54999.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55622.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20459.exe
        6⤵
        
        PID:1364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40634.exe
        6⤵
        
        PID:2828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8117.exe
        6⤵
        
        PID:3428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2480.exe
        6⤵
        
        PID:3376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56524.exe
        6⤵
        
        PID:4404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62046.exe
        5⤵
        
        PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54370.exe
        5⤵
        
        PID:2636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13982.exe
        5⤵
        
        PID:3368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59352.exe
        5⤵
        
        PID:4016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9262.exe
        5⤵
        
        PID:4392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5606.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24121.exe
        5⤵
        
        PID:5056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11936.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13027.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13027.exe
      4⤵
      PID:576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34192.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17988.exe
      4⤵
      PID:5028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25954.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25954.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26842.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21471.exe
        5⤵
        
        PID:1464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10036.exe
        6⤵
        
        PID:3844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41696.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28818.exe
        5⤵
        
        PID:2868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57131.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24673.exe
        5⤵
        
        PID:3812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45730.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48924.exe
        5⤵
        
        PID:4664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26109.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26109.exe
      4⤵
      PID:1608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39743.exe
        5⤵
        
        PID:3104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36304.exe
        5⤵
        
        PID:4628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42554.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42554.exe
      4⤵
      PID:1560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52690.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52690.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59638.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17152.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30163.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30163.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14449.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14449.exe
      4⤵
      PID:1460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39887.exe
      4⤵
      PID:3416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49534.exe
      4⤵
      PID:3864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29123.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29123.exe
      4⤵
      PID:4228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59238.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59238.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42631.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42631.exe
    3⤵
    PID:2708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33330.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33330.exe
    3⤵
    PID:3200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54037.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54037.exe
    3⤵
    PID:2144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11867.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11867.exe
    3⤵
    PID:4728
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9913.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9913.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30198.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30198.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9114.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9114.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44885.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25088.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10365.exe
        7⤵
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3711.exe
        7⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58087.exe
        7⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12346.exe
        7⤵
        
        PID:4948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60676.exe
        6⤵
        
        PID:2180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8075.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16282.exe
        6⤵
        
        PID:3580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43219.exe
        6⤵
        
        PID:4508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15336.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20459.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40634.exe
        6⤵
        
        PID:2308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41476.exe
        6⤵
        
        PID:3528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20457.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42702.exe
        6⤵
        
        PID:4868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39601.exe
        5⤵
        
        PID:2056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13940.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3947.exe
        5⤵
        
        PID:3568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29194.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-453.exe
        5⤵
        
        PID:4788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59830.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59830.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38274.exe
        5⤵
        
        PID:2752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29861.exe
        5⤵
        
        PID:1540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3711.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58087.exe
        5⤵
        
        PID:3676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27196.exe
        5⤵
        
        PID:4776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64816.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64816.exe
      4⤵
      PID:2112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49462.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49462.exe
      4⤵
      PID:2012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-911.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-911.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32886.exe
      4⤵
      PID:3636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39519.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25542.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25542.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10074.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10074.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27226.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3619.exe
        6⤵
        
        PID:3936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38486.exe
        6⤵
        
        PID:3492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15146.exe
        6⤵
        
        PID:4932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60676.exe
        5⤵
        
        PID:2680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8075.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12612.exe
        5⤵
        
        PID:3600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45730.exe
        5⤵
        
        PID:4148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48924.exe
        5⤵
        
        PID:4568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5222.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5222.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8874.exe
      4⤵
      PID:2028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13940.exe
      4⤵
      PID:2536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3947.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3947.exe
      4⤵
      PID:3556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43219.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43219.exe
      4⤵
      PID:4500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52487.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52487.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53676.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53676.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37963.exe
        5⤵
        
        PID:3736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24314.exe
        5⤵
        
        PID:3400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23257.exe
        5⤵
        
        PID:4100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8588.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7391.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7391.exe
      4⤵
      PID:2700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8075.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8075.exe
      4⤵
      PID:1548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32886.exe
      4⤵
      PID:3584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12876.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12876.exe
      4⤵
      PID:4904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46692.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46692.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20459.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20459.exe
      4⤵
      PID:1936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40634.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40634.exe
      4⤵
      PID:2740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41476.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45730.exe
      4⤵
      PID:4156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48924.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48924.exe
      4⤵
      PID:4436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20265.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20265.exe
    3⤵
    PID:2384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5805.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5805.exe
    3⤵
    PID:2236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48483.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48483.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59658.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59658.exe
    3⤵
    PID:4208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37102.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37102.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4680
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21292.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21292.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4755.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4755.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3852.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3852.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47838.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61024.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41973.exe
        5⤵
        
        PID:2164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55399.exe
        5⤵
        
        PID:3964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26153.exe
        5⤵
        
        PID:4544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61413.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61413.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51206.exe
        5⤵
        
        PID:1312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60308.exe
        5⤵
        
        PID:3476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19301.exe
        5⤵
        
        PID:2564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61739.exe
        5⤵
        
        PID:4744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9222.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9222.exe
      4⤵
      PID:2152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58720.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58720.exe
      4⤵
      PID:1956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59638.exe
      4⤵
      PID:4028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23374.exe
      4⤵
      PID:4808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35133.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35133.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49400.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49400.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60038.exe
        5⤵
        
        PID:2020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40634.exe
        5⤵
        
        PID:1704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38844.exe
        5⤵
        
        PID:3452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7878.exe
        5⤵
        
        PID:4572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15444.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14288.exe
      4⤵
      PID:2652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59638.exe
      4⤵
      PID:3680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13836.exe
      4⤵
      PID:4324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55522.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55522.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31689.exe
      4⤵
      PID:2492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18507.exe
      4⤵
      PID:3044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49534.exe
      4⤵
      PID:3924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3794.exe
      4⤵
      PID:4448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15917.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15917.exe
    3⤵
    PID:2940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51570.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51570.exe
    3⤵
    PID:2820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54319.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54319.exe
    3⤵
    PID:3380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20987.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20987.exe
    3⤵
    PID:3088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44459.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44459.exe
    3⤵
    PID:4480
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21402.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21402.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9306.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9306.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45124.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45124.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21471.exe
        5⤵
        
        PID:556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28818.exe
        5⤵
        
        PID:2344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46825.exe
        5⤵
        
        PID:3268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10636.exe
        5⤵
        
        PID:3776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6309.exe
        5⤵
        
        PID:4796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59358.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59358.exe
      4⤵
      PID:2724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15004.exe
        5⤵
        
        PID:816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59877.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6747.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54395.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65460.exe
        5⤵
        
        PID:4460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21474.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21474.exe
      4⤵
      PID:2352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47838.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47838.exe
      4⤵
      PID:1168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59638.exe
      4⤵
      PID:4064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6270.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6270.exe
      4⤵
      PID:4708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47625.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47625.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31393.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31393.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:1164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31450.exe
        5⤵
        
        PID:1208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36903.exe
        5⤵
        
        PID:856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55399.exe
        5⤵
        
        PID:3968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26153.exe
        5⤵
        
        PID:4528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23836.exe
      4⤵
      PID:1964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54370.exe
      4⤵
      PID:2784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13982.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13982.exe
      4⤵
      PID:3396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59352.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59352.exe
      4⤵
      PID:3992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9262.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9262.exe
      4⤵
      PID:4364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-566.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-566.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53941.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53941.exe
      4⤵
      PID:3140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60809.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60809.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48419.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48419.exe
    3⤵
    PID:364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44025.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44025.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30198.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30198.exe
    3⤵
    PID:3744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20987.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20987.exe
    3⤵
    PID:4256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38237.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38237.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4704
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22934.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22934.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50168.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50168.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14153.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14153.exe
      4⤵
      PID:2852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51922.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51922.exe
      4⤵
      PID:2496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21747.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21747.exe
      4⤵
      PID:3908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7682.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7682.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37266.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37266.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18626.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18626.exe
    3⤵
    PID:2092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3900.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3900.exe
    3⤵
    PID:4000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17972.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17972.exe
    3⤵
    PID:4056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58273.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58273.exe
    3⤵
    PID:3648
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10120.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10120.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2388
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6952.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6952.exe
  2⤵
  PID:2372
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40730.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40730.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2224
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20398.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20398.exe
  2⤵
  PID:3888
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23594.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23594.exe
  2⤵
  PID:4116
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15589.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15589.exe
  2⤵
  PID:4668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10318.exe

Filesize
468KB

MD5
7d24890c1057547a969e4c10547f994d

SHA1
050ae065eeb53baf3ae72041f93c9b0bb56837b6

SHA256
94f433e039d38a795e0a954c362e248a0defa9c4c0a93990d5c6d8cf75c118de

SHA512
bd6c05a227204f3ea262947ad53d012c91f762d40f4725a5f80dee3c4f8e24e9dd3acb2e97d56fc011ca2d3bbf2c8e657f59af08ad46619a27091978ba0d8197

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11641.exe

Filesize
468KB

MD5
6c71e61397696e1761fca0b8476c0606

SHA1
31b7deb5520d3524ee6abb0e8830263793c95417

SHA256
7c4a18382338c083a14b3d455b22bf8bf37c51e6dda6f26faef9bcb35bb7ec72

SHA512
469f3e94a4ca4047e65fd0eb1afd1cc732c097dc6809b77411e2faf690e177fdb9ba1949dcd8c3253c087347c0fdc49e0c9cb63f82a52c5e92ed74f66d5d3921

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21402.exe

Filesize
468KB

MD5
e82eed28384fc02290ca1bdd33050d53

SHA1
04947b9dd279e9959d21cac878a71a456845d84e

SHA256
61d0a452d2dd35f7b193c5978cc07127ce0260b2f52c1f9c9a44c0cbfc422e15

SHA512
3c166f1174b0fa6f0ee921b4bbbce7063c6489d44227bcb9e89858ed3f80d610beeffc37c3cdb666000adc13637eb6c65b026eee682d5cb1c5117889d3536aca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23374.exe

Filesize
468KB

MD5
9a058f15040ab85887be502a0f64a279

SHA1
984974db4fbcb358f729307aa903b2480062922e

SHA256
9f266d63d6c6a4a850614800bb89b8cfbb474f9344821b47844d6f6af14b66e0

SHA512
530fd1b43f12a6631a33ce75233689a44908e12ce5609c05fc3d6f2ac874d084f466fea1147f263168e8b121e0507cb197a12d3730b32995001db9973d770b1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2709.exe

Filesize
468KB

MD5
27464925a89c3fb4bd82b7a96f768c13

SHA1
1e8346369f01d630c1a96eca80a0d8d6396a5727

SHA256
230fd2696ce2e2fe3de77b44811234cee18ac903410924bb50edc1308ff691ac

SHA512
7ba25120e86e28c62599cda5d75b38862a96bad0407b4c926a561b5c3266f2c18aa5de013a8c80bb093522a268b61140c34128af9538de16496ee435eae0f542

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43873.exe

Filesize
468KB

MD5
7be6c9678b6d51e0a3b0a9e4c0511114

SHA1
11259a953abd3eaa398f922ea1d5b8c383178fbb

SHA256
d859c5b7c979fa1320044446ccdf9a29c415e3243f3f90da5fe8e37844def4b6

SHA512
fbe0723cc6e08d7c9bb81e52a47318dac61e9456d9ac473e0f4732c3416d272b07f8124b6001968b5cbb64b1f91b7de22b077447e958796d86f4ff21ac7b23f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46343.exe

Filesize
468KB

MD5
1ca2ead728db0bafab378b9225bff935

SHA1
dc450df9ea446601e85a153aa804be0ee2ab9599

SHA256
189c18070b53bfa7d2ad56cd11bce48fee5beee1709152ed2a6a255c7e9d486e

SHA512
b8c23cece6768bc715dcf905f20eaafffb9717f24ad4a809e6152b28c1de4d8a3e7e01c7e1f9c53d798a7c7f4322f4787f1aebdcd6a5e370547b26811be1ecce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4755.exe

Filesize
468KB

MD5
a501927923171acf1199a0f7ff989762

SHA1
1d1c8b69ca5326d7519b620817308bb1fe05fbf4

SHA256
468c6d3add93beae3178a553b6fad39a90a4c0d97e844b244a6ac86ecaca7bb0

SHA512
e42a6e19d0994becc893140af3f6f040f2a4ccac4e1dc00d2c06a208690f39d464ba11a6668a5b1cef02bfa93277fbcbfc0f4a2c44e5535a459fd70206dd6fa4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47770.exe

Filesize
468KB

MD5
310125060aa7e2e1e6f0db2a3d726bd0

SHA1
43b924bd3697aa6430022b5e1286fd5e8b89f873

SHA256
d965fe02f96e728e7889d2b8970b853350bc7b94d536560d8019e86f605093c8

SHA512
8b6fc20fdbe88d0e9fc374580701c74a03d2de2b1e958191de0f30336bd3c29b10a20049f0d154707e8f8c22144343125a3a0c533bba82342233d3828b829e33

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61054.exe

Filesize
468KB

MD5
0c2c7d4123b78c1e3ae69e3d233d0e6a

SHA1
80da73cffd52e85d81befbae68ef0dcdeb78e48e

SHA256
15064b5b2e79c4f32cfbcfacfbfe5e2881b951b12f109c717fdcb7f8232fbbdd

SHA512
0bfa81907edd5d7c2511f626d2001c640c46b53a0db1925d23d9cebeeb0d6d0e57a30f133370d2af910a9ac3faf8f8d1e5e48547437dcd301c12b46871283975

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8839.exe

Filesize
468KB

MD5
804f69b7a97cc47b36362bb3a65acccf

SHA1
22f600bd444c6f830393ebc2283be9233f9f4ae2

SHA256
dd91926d2d9c7ffe6e3fdaa707f0ee64e93e08d315f3f263343200db66c9a443

SHA512
aa68c2b0635968c2955993ba79c2b859c6dbcc135b8f1af57bd57cf0971e3178396b0212960cda6729cc89086bd8f9fca79739f585b55a0beacddac421dfae6f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19146.exe

Filesize
468KB

MD5
8962b9fd7f1b0f987d7eda384e5df4e1

SHA1
0683810b27ccf500ef9224dda73dc3035d9d238f

SHA256
d6168915a94b6211233e8c9ce3f87a32d910ca2a87c3b65a20cdf302a8dc1505

SHA512
6120ab4449f0991216ed9ad115690aaaa5f5b3b82f7874a5c12a2b769e7c7dc899c3736e2baa07e77d760e97d153398c187e0a6d4af528f929b38f483f03bc50

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21292.exe

Filesize
468KB

MD5
81739a305b3665ab2373be8f08b8ede7

SHA1
5a2ebdc92b1ea4ab7394dc533d65d7cb3cdfd5de

SHA256
78f5880901f36cf63a1a87c2672772fd56374098c87c2a88b07507acaaa0dcc9

SHA512
7ea59ebaf56f25acb6b1a4ba4b463fa84e01c17fced04c0f5d562a2c8a5876d2707797bfbaf9a2eaf3846bbec1d13848a21da0a6b3d3f9c64c617ab91e1594da

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25542.exe

Filesize
468KB

MD5
e9ee804e22ebaeff1fcf1b6a34a58e3e

SHA1
d3ea907cbc419ecc6684b2a73391790183e1b414

SHA256
5848092e23efbb9ac182b711cf53a01f6c6c1f19e007c09c564f78689a0b8991

SHA512
5f82e03a2b6bbfe4bc3642cad0ea4c86aa173b9bd13cf64e50000003916940363175a16ed85658bcbbb767032be8690e4ac4170e21ab62ffbb3dac519ba1d84d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30198.exe

Filesize
468KB

MD5
d4fc25f46e02ae5e38860b79c2c43343

SHA1
5b0fd1b4bc04e9de97cf24d884915df266d730d3

SHA256
a1f9ddb7638edff31c8cf23edda7d712584b77ae90bdfd8debac2edbc4941725

SHA512
eb73d2853c9b9f016b48b31ac859f1f8ed87f6f74c93426c2e8dc44f17af773bd45364820d2237df9ae19811e5c33811f32dceec62e86bff3bd9c343517a2175

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3176.exe

Filesize
468KB

MD5
ab1592d890778801affd0c444a090f4f

SHA1
4a20e37d3e99bc84b9218b6b9250ad9901dc89ae

SHA256
f33994fc4bcdaee925719d13b6701b25432879d2784311192a9f6e2e0a842e61

SHA512
bbf54a4c8e1055a0ef10835bbabdeeca4254e254dc1cfc3b8d3c3f928ccd4980754dc79182f5e7d097a0e6d8d623db613dcb71e79fc25f847492943b8004629f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37947.exe

Filesize
468KB

MD5
60aeab7fb9d972ec4a626fe9e0145035

SHA1
456ff1de227ee75858de8a329c74e324d78d1419

SHA256
dab52cfecf3115a26bc3e290cd0d289417ae7fd45d5b3e445289401a721ba5c5

SHA512
432a6bc4730bdfb2346d3381a5c6340e08bbab699089737c5fd7010a44277de3ae45115b4898f742a1d0f26955c194e9d1c1c26e3ed898325aea71f79edc4903

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5227.exe

Filesize
468KB

MD5
f27ed68e1bdf9b6e476a731d3cd63308

SHA1
86b4bda98a94dd3d65e45fbd4f566216e5c4a227

SHA256
b31b7beef9ea4631b6e0fcc8645f0b730033fc29a0c158e6fc258447bd2dd706

SHA512
9521a99595a888f8131bf38328634c2e6c6eb61d4b48cfcef0465a03fb0238dd705b9f092213a9eb3af66407cbaee66cfad0dc560f0bdfa78be21514e3d581bc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7360.exe

Filesize
468KB

MD5
0680dedc40da397b9e86a03913051f1f

SHA1
da29e131f128cb1c400b415beeb964999d8c8769

SHA256
f10cd87c9e03620a6fcb21b25bd265796a13951e9e2243d94b85b7605073d48e

SHA512
5d26e0101e7184ff0071990c0118f42bd159e4a461f132659bc200d531b7b8707666e5ded45db537c47b7f19575b63b0651f5f439adf828d2500a6e97843ec50

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9114.exe

Filesize
468KB

MD5
837e77ceaa3d3a045249fd993148234f

SHA1
ce8142a63683df87e88936eb8912777e690de0c6

SHA256
461b969c8f210d9f55f6d550fc3833ebf7bc13784c023524e00f8f1a1804480e

SHA512
0ee5a99226dffa909595f4ad033dabfa4236726f841bdb21bd453cddf619048616c9a1cae8036ead01b33d00079e61689affc3f6cf3f4924b00c6fa93bdd797a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9306.exe

Filesize
468KB

MD5
3a021327e8ccef06c590133dab70ef4d

SHA1
e59e9c2308e33342b7226303796204f7fa54b35a

SHA256
ea2ddcf44c353a1a82f0b046b3dc04c13855ec3c9254643298f8fba835e36b91

SHA512
f74660c3bbd7e439cfbc31ebc27c9dd8f7d7cdf9e5a6e258049e1279454e598f64ee07999ce7626fa54710a771a618ff9ef6d1b91b1c2ffc7166135479fdf87e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9913.exe

Filesize
468KB

MD5
1a5fecf0abbcd28f63d982089eeb59ed

SHA1
bf226daf47c699e3c9d7c90c50053e50c7baef0c

SHA256
305c62a4799b5de6ca4ac8df85cd9198e53dd2734b7ad2ce1214a722986a3783

SHA512
edebbb5c4650131c42a3e753ab6a9c35424b7ace8ec8f8466be90c32f510a8647a43c8ff6890e6ccefa602fbb4976e25305e0c0c2fa0d5b848687cbbd53cce36

Download Submit