861713412c87c91ab7483ffe7c26f2b527a859e5bc33a5c7637c8bdb72ad2a12

Analysis

max time kernel
120s
max time network
18s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05/10/2024, 22:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

861713412c87c91ab7483ffe7c26f2b527a859e5bc33a5c7637c8bdb72ad2a12N.exe
Size

468KB
MD5

ae617767c716b6a8b19795225ea85af0
SHA1

5d6e078ee7cd46b8afa5639d4fa681a011dec2e7
SHA256

861713412c87c91ab7483ffe7c26f2b527a859e5bc33a5c7637c8bdb72ad2a12
SHA512

a722e32d333c33a2e70775a5e2c2681b823d9aa4bf86fe296750eb00f57d88e0f789807eddb4a06148af66b12c94ca84e87b7f3143767f22c0657c38e1c3d283
SSDEEP

3072:WuISogd2Ic5AHbY6zfjcff8wAaJBHpnLfEHCgdSC11zL7wHDPof/:Wuxoq0AHVzrcffnBje11XkHDP

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2740	Unicorn-6555.exe
2644	Unicorn-27936.exe
2780	Unicorn-3986.exe
2680	Unicorn-20487.exe
1412	Unicorn-28655.exe
2912	Unicorn-36723.exe
2632	Unicorn-57990.exe
1300	Unicorn-14347.exe
2848	Unicorn-31238.exe
3048	Unicorn-6079.exe
3008	Unicorn-51104.exe
2808	Unicorn-50839.exe
2020	Unicorn-32630.exe
1324	Unicorn-9256.exe
316	Unicorn-16054.exe
2300	Unicorn-48748.exe
3044	Unicorn-29759.exe
2820	Unicorn-43979.exe
1696	Unicorn-39795.exe
2140	Unicorn-60050.exe
1368	Unicorn-41841.exe
952	Unicorn-43787.exe
1520	Unicorn-43787.exe
956	Unicorn-35619.exe
1352	Unicorn-13152.exe
1928	Unicorn-10352.exe
2032	Unicorn-9531.exe
1516	Unicorn-25313.exe
2468	Unicorn-42971.exe
1092	Unicorn-52339.exe
2596	Unicorn-61175.exe
1628	Unicorn-26273.exe
1964	Unicorn-12437.exe
2888	Unicorn-32879.exe
1608	Unicorn-47169.exe
2768	Unicorn-33263.exe
2616	Unicorn-3968.exe
2824	Unicorn-50476.exe
2716	Unicorn-60325.exe
2624	Unicorn-56506.exe
2584	Unicorn-36086.exe
436	Unicorn-44922.exe
2720	Unicorn-18188.exe
912	Unicorn-40481.exe
1104	Unicorn-63112.exe
1784	Unicorn-7881.exe
2228	Unicorn-47331.exe
560	Unicorn-50009.exe
1820	Unicorn-64207.exe
1296	Unicorn-14451.exe
2340	Unicorn-55484.exe
692	Unicorn-12868.exe
528	Unicorn-61414.exe
2312	Unicorn-8805.exe
2196	Unicorn-58945.exe
3036	Unicorn-13273.exe
3024	Unicorn-39916.exe
2172	Unicorn-13008.exe
1620	Unicorn-26901.exe
1848	Unicorn-56252.exe
1864	Unicorn-18541.exe
944	Unicorn-10943.exe
1256	Unicorn-58260.exe
1580	Unicorn-14534.exe

Loads dropped DLL 64 IoCs

pid	Process
3028	861713412c87c91ab7483ffe7c26f2b527a859e5bc33a5c7637c8bdb72ad2a12N.exe
3028	861713412c87c91ab7483ffe7c26f2b527a859e5bc33a5c7637c8bdb72ad2a12N.exe
2740	Unicorn-6555.exe
2740	Unicorn-6555.exe
3028	861713412c87c91ab7483ffe7c26f2b527a859e5bc33a5c7637c8bdb72ad2a12N.exe
3028	861713412c87c91ab7483ffe7c26f2b527a859e5bc33a5c7637c8bdb72ad2a12N.exe
2780	Unicorn-3986.exe
2644	Unicorn-27936.exe
2780	Unicorn-3986.exe
2644	Unicorn-27936.exe
2740	Unicorn-6555.exe
2740	Unicorn-6555.exe
3028	861713412c87c91ab7483ffe7c26f2b527a859e5bc33a5c7637c8bdb72ad2a12N.exe
3028	861713412c87c91ab7483ffe7c26f2b527a859e5bc33a5c7637c8bdb72ad2a12N.exe
2912	Unicorn-36723.exe
2912	Unicorn-36723.exe
2780	Unicorn-3986.exe
2632	Unicorn-57990.exe
2740	Unicorn-6555.exe
3028	861713412c87c91ab7483ffe7c26f2b527a859e5bc33a5c7637c8bdb72ad2a12N.exe
2780	Unicorn-3986.exe
2740	Unicorn-6555.exe
2632	Unicorn-57990.exe
3028	861713412c87c91ab7483ffe7c26f2b527a859e5bc33a5c7637c8bdb72ad2a12N.exe
1412	Unicorn-28655.exe
2644	Unicorn-27936.exe
1412	Unicorn-28655.exe
2644	Unicorn-27936.exe
2680	Unicorn-20487.exe
2680	Unicorn-20487.exe
1300	Unicorn-14347.exe
1300	Unicorn-14347.exe
2912	Unicorn-36723.exe
2912	Unicorn-36723.exe
2848	Unicorn-31238.exe
2848	Unicorn-31238.exe
2780	Unicorn-3986.exe
2780	Unicorn-3986.exe
2740	Unicorn-6555.exe
3048	Unicorn-6079.exe
3048	Unicorn-6079.exe
2740	Unicorn-6555.exe
2808	Unicorn-50839.exe
1324	Unicorn-9256.exe
2808	Unicorn-50839.exe
1324	Unicorn-9256.exe
2020	Unicorn-32630.exe
2020	Unicorn-32630.exe
2644	Unicorn-27936.exe
2644	Unicorn-27936.exe
3028	861713412c87c91ab7483ffe7c26f2b527a859e5bc33a5c7637c8bdb72ad2a12N.exe
3028	861713412c87c91ab7483ffe7c26f2b527a859e5bc33a5c7637c8bdb72ad2a12N.exe
1412	Unicorn-28655.exe
1412	Unicorn-28655.exe
3008	Unicorn-51104.exe
3008	Unicorn-51104.exe
2632	Unicorn-57990.exe
2632	Unicorn-57990.exe
316	Unicorn-16054.exe
316	Unicorn-16054.exe
2680	Unicorn-20487.exe
2680	Unicorn-20487.exe
2300	Unicorn-48748.exe
2300	Unicorn-48748.exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19060.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42117.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10154.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8923.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37743.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64079.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19121.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2702.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6924.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48094.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63845.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40373.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22038.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32152.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7207.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25229.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12437.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61503.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64079.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64832.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41639.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44074.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64079.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7240.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11749.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39610.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23122.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44649.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60201.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64079.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63592.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32215.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50772.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55125.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-190.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6638.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61503.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61503.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47543.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	861713412c87c91ab7483ffe7c26f2b527a859e5bc33a5c7637c8bdb72ad2a12N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64079.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50035.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22167.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39560.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32879.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54887.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18871.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35126.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47845.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65048.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7207.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64079.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28655.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38000.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60554.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60938.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20642.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32973.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27974.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34004.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61654.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36709.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-712.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2338.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3028	861713412c87c91ab7483ffe7c26f2b527a859e5bc33a5c7637c8bdb72ad2a12N.exe
2740	Unicorn-6555.exe
2644	Unicorn-27936.exe
2780	Unicorn-3986.exe
2912	Unicorn-36723.exe
2680	Unicorn-20487.exe
2632	Unicorn-57990.exe
1412	Unicorn-28655.exe
1300	Unicorn-14347.exe
2848	Unicorn-31238.exe
3048	Unicorn-6079.exe
3008	Unicorn-51104.exe
2020	Unicorn-32630.exe
2808	Unicorn-50839.exe
1324	Unicorn-9256.exe
316	Unicorn-16054.exe
2300	Unicorn-48748.exe
3044	Unicorn-29759.exe
2820	Unicorn-43979.exe
2140	Unicorn-60050.exe
1696	Unicorn-39795.exe
1368	Unicorn-41841.exe
952	Unicorn-43787.exe
1520	Unicorn-43787.exe
956	Unicorn-35619.exe
1352	Unicorn-13152.exe
1928	Unicorn-10352.exe
2032	Unicorn-9531.exe
1516	Unicorn-25313.exe
2468	Unicorn-42971.exe
2596	Unicorn-61175.exe
1092	Unicorn-52339.exe
1628	Unicorn-26273.exe
1964	Unicorn-12437.exe
2888	Unicorn-32879.exe
1608	Unicorn-47169.exe
2768	Unicorn-33263.exe
2616	Unicorn-3968.exe
2824	Unicorn-50476.exe
2716	Unicorn-60325.exe
2624	Unicorn-56506.exe
2584	Unicorn-36086.exe
436	Unicorn-44922.exe
912	Unicorn-40481.exe
2720	Unicorn-18188.exe
1104	Unicorn-63112.exe
1784	Unicorn-7881.exe
1296	Unicorn-14451.exe
560	Unicorn-50009.exe
1820	Unicorn-64207.exe
2340	Unicorn-55484.exe
2228	Unicorn-47331.exe
692	Unicorn-12868.exe
528	Unicorn-61414.exe
2312	Unicorn-8805.exe
3036	Unicorn-13273.exe
2172	Unicorn-13008.exe
3024	Unicorn-39916.exe
2196	Unicorn-58945.exe
1620	Unicorn-26901.exe
1848	Unicorn-56252.exe
1864	Unicorn-18541.exe
944	Unicorn-10943.exe
1256	Unicorn-58260.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 2740	3028	861713412c87c91ab7483ffe7c26f2b527a859e5bc33a5c7637c8bdb72ad2a12N.exe	30
PID 3028 wrote to memory of 2740	3028	861713412c87c91ab7483ffe7c26f2b527a859e5bc33a5c7637c8bdb72ad2a12N.exe	30
PID 3028 wrote to memory of 2740	3028	861713412c87c91ab7483ffe7c26f2b527a859e5bc33a5c7637c8bdb72ad2a12N.exe	30
PID 3028 wrote to memory of 2740	3028	861713412c87c91ab7483ffe7c26f2b527a859e5bc33a5c7637c8bdb72ad2a12N.exe	30
PID 2740 wrote to memory of 2644	2740	Unicorn-6555.exe	31
PID 2740 wrote to memory of 2644	2740	Unicorn-6555.exe	31
PID 2740 wrote to memory of 2644	2740	Unicorn-6555.exe	31
PID 2740 wrote to memory of 2644	2740	Unicorn-6555.exe	31
PID 3028 wrote to memory of 2780	3028	861713412c87c91ab7483ffe7c26f2b527a859e5bc33a5c7637c8bdb72ad2a12N.exe	32
PID 3028 wrote to memory of 2780	3028	861713412c87c91ab7483ffe7c26f2b527a859e5bc33a5c7637c8bdb72ad2a12N.exe	32
PID 3028 wrote to memory of 2780	3028	861713412c87c91ab7483ffe7c26f2b527a859e5bc33a5c7637c8bdb72ad2a12N.exe	32
PID 3028 wrote to memory of 2780	3028	861713412c87c91ab7483ffe7c26f2b527a859e5bc33a5c7637c8bdb72ad2a12N.exe	32
PID 2780 wrote to memory of 2680	2780	Unicorn-3986.exe	33
PID 2780 wrote to memory of 2680	2780	Unicorn-3986.exe	33
PID 2780 wrote to memory of 2680	2780	Unicorn-3986.exe	33
PID 2780 wrote to memory of 2680	2780	Unicorn-3986.exe	33
PID 2644 wrote to memory of 1412	2644	Unicorn-27936.exe	34
PID 2644 wrote to memory of 1412	2644	Unicorn-27936.exe	34
PID 2644 wrote to memory of 1412	2644	Unicorn-27936.exe	34
PID 2644 wrote to memory of 1412	2644	Unicorn-27936.exe	34
PID 2740 wrote to memory of 2632	2740	Unicorn-6555.exe	35
PID 2740 wrote to memory of 2632	2740	Unicorn-6555.exe	35
PID 2740 wrote to memory of 2632	2740	Unicorn-6555.exe	35
PID 2740 wrote to memory of 2632	2740	Unicorn-6555.exe	35
PID 3028 wrote to memory of 2912	3028	861713412c87c91ab7483ffe7c26f2b527a859e5bc33a5c7637c8bdb72ad2a12N.exe	36
PID 3028 wrote to memory of 2912	3028	861713412c87c91ab7483ffe7c26f2b527a859e5bc33a5c7637c8bdb72ad2a12N.exe	36
PID 3028 wrote to memory of 2912	3028	861713412c87c91ab7483ffe7c26f2b527a859e5bc33a5c7637c8bdb72ad2a12N.exe	36
PID 3028 wrote to memory of 2912	3028	861713412c87c91ab7483ffe7c26f2b527a859e5bc33a5c7637c8bdb72ad2a12N.exe	36
PID 2912 wrote to memory of 1300	2912	Unicorn-36723.exe	37
PID 2912 wrote to memory of 1300	2912	Unicorn-36723.exe	37
PID 2912 wrote to memory of 1300	2912	Unicorn-36723.exe	37
PID 2912 wrote to memory of 1300	2912	Unicorn-36723.exe	37
PID 2780 wrote to memory of 2848	2780	Unicorn-3986.exe	38
PID 2780 wrote to memory of 2848	2780	Unicorn-3986.exe	38
PID 2780 wrote to memory of 2848	2780	Unicorn-3986.exe	38
PID 2780 wrote to memory of 2848	2780	Unicorn-3986.exe	38
PID 2740 wrote to memory of 3048	2740	Unicorn-6555.exe	40
PID 2740 wrote to memory of 3048	2740	Unicorn-6555.exe	40
PID 2740 wrote to memory of 3048	2740	Unicorn-6555.exe	40
PID 2740 wrote to memory of 3048	2740	Unicorn-6555.exe	40
PID 2632 wrote to memory of 3008	2632	Unicorn-57990.exe	39
PID 2632 wrote to memory of 3008	2632	Unicorn-57990.exe	39
PID 2632 wrote to memory of 3008	2632	Unicorn-57990.exe	39
PID 2632 wrote to memory of 3008	2632	Unicorn-57990.exe	39
PID 3028 wrote to memory of 2808	3028	861713412c87c91ab7483ffe7c26f2b527a859e5bc33a5c7637c8bdb72ad2a12N.exe	41
PID 3028 wrote to memory of 2808	3028	861713412c87c91ab7483ffe7c26f2b527a859e5bc33a5c7637c8bdb72ad2a12N.exe	41
PID 3028 wrote to memory of 2808	3028	861713412c87c91ab7483ffe7c26f2b527a859e5bc33a5c7637c8bdb72ad2a12N.exe	41
PID 3028 wrote to memory of 2808	3028	861713412c87c91ab7483ffe7c26f2b527a859e5bc33a5c7637c8bdb72ad2a12N.exe	41
PID 1412 wrote to memory of 2020	1412	Unicorn-28655.exe	42
PID 1412 wrote to memory of 2020	1412	Unicorn-28655.exe	42
PID 1412 wrote to memory of 2020	1412	Unicorn-28655.exe	42
PID 1412 wrote to memory of 2020	1412	Unicorn-28655.exe	42
PID 2644 wrote to memory of 1324	2644	Unicorn-27936.exe	43
PID 2644 wrote to memory of 1324	2644	Unicorn-27936.exe	43
PID 2644 wrote to memory of 1324	2644	Unicorn-27936.exe	43
PID 2644 wrote to memory of 1324	2644	Unicorn-27936.exe	43
PID 2680 wrote to memory of 316	2680	Unicorn-20487.exe	44
PID 2680 wrote to memory of 316	2680	Unicorn-20487.exe	44
PID 2680 wrote to memory of 316	2680	Unicorn-20487.exe	44
PID 2680 wrote to memory of 316	2680	Unicorn-20487.exe	44
PID 1300 wrote to memory of 2300	1300	Unicorn-14347.exe	45
PID 1300 wrote to memory of 2300	1300	Unicorn-14347.exe	45
PID 1300 wrote to memory of 2300	1300	Unicorn-14347.exe	45
PID 1300 wrote to memory of 2300	1300	Unicorn-14347.exe	45

C:\Users\Admin\AppData\Local\Temp\861713412c87c91ab7483ffe7c26f2b527a859e5bc33a5c7637c8bdb72ad2a12N.exe
"C:\Users\Admin\AppData\Local\Temp\861713412c87c91ab7483ffe7c26f2b527a859e5bc33a5c7637c8bdb72ad2a12N.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6555.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6555.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27936.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27936.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28655.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28655.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32630.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35619.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18188.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39610.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65048.exe
        8⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35774.exe
        8⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8195.exe
        8⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29811.exe
        7⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8923.exe
        7⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22942.exe
        7⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19230.exe
        7⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6348.exe
        7⤵
        
        PID:4292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47331.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22101.exe
        7⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27118.exe
        7⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2338.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41639.exe
        7⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
        7⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3190.exe
        7⤵
        
        PID:4932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13531.exe
        6⤵
        
        PID:524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54887.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34156.exe
        6⤵
        
        PID:3840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16438.exe
        6⤵
        
        PID:3648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14656.exe
        6⤵
        
        PID:5076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1589.exe
        6⤵
        
        PID:5032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9531.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14451.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19060.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60725.exe
        7⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18861.exe
        7⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7207.exe
        7⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25229.exe
        7⤵
        
        PID:4608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33319.exe
        6⤵
        
        PID:2488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64949.exe
        6⤵
        
        PID:1336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5486.exe
        6⤵
        
        PID:3832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21475.exe
        6⤵
        
        PID:4160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61414.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15770.exe
        6⤵
        
        PID:1244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27698.exe
        6⤵
        
        PID:2060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51369.exe
        6⤵
        
        PID:3796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3190.exe
        6⤵
        
        PID:5000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52261.exe
        5⤵
        
        PID:1768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26076.exe
        5⤵
        
        PID:2160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-190.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64609.exe
        5⤵
        
        PID:4144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15429.exe
        5⤵
        
        PID:4328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9256.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9256.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43787.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63112.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39610.exe
        7⤵
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65048.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35774.exe
        7⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42018.exe
        7⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42476.exe
        7⤵
        
        PID:4172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48094.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12815.exe
        6⤵
        
        PID:2580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39279.exe
        6⤵
        
        PID:3824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19230.exe
        6⤵
        
        PID:4864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42295.exe
        6⤵
        
        PID:4700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50009.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57378.exe
        6⤵
        
        PID:1704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9111.exe
        6⤵
        
        PID:964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14777.exe
        6⤵
        
        PID:3732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7207.exe
        6⤵
        
        PID:4236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25229.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51248.exe
        5⤵
        
        PID:2164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35126.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22167.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36296.exe
        5⤵
        
        PID:4856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20764.exe
        5⤵
        
        PID:4356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13152.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36086.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6942.exe
        6⤵
        
        PID:2068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
        6⤵
        
        PID:2184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59624.exe
        6⤵
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41639.exe
        6⤵
        
        PID:3296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19121.exe
        6⤵
        
        PID:5040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28455.exe
        6⤵
        
        PID:4836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60974.exe
        5⤵
        
        PID:1972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17719.exe
        5⤵
        
        PID:1644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34078.exe
        5⤵
        
        PID:3264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32973.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36187.exe
        5⤵
        
        PID:1660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6924.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40481.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57757.exe
        5⤵
        
        PID:2760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32152.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9511.exe
        5⤵
        
        PID:5060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23840.exe
        5⤵
        
        PID:4100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42117.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55125.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55125.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47318.exe
      4⤵
      PID:3700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43078.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43078.exe
      4⤵
      PID:4184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50950.exe
      4⤵
      PID:3512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57990.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57990.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51104.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51104.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:3008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25313.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8805.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57378.exe
        7⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51710.exe
        7⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51369.exe
        7⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
        7⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3190.exe
        7⤵
        
        PID:4940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64046.exe
        6⤵
        
        PID:2764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8923.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51369.exe
        6⤵
        
        PID:3784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3190.exe
        6⤵
        
        PID:4992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58945.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2013.exe
        6⤵
        
        PID:4668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1108.exe
        5⤵
        
        PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52697.exe
        5⤵
        
        PID:2856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61503.exe
        5⤵
        
        PID:3868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46358.exe
        5⤵
        
        PID:4628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42971.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42971.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56506.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10943.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8177.exe
        7⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15141.exe
        7⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50252.exe
        7⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7207.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25229.exe
        7⤵
        
        PID:4772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2702.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29260.exe
        6⤵
        
        PID:2188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35033.exe
        6⤵
        
        PID:3560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
        6⤵
        
        PID:4520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3190.exe
        6⤵
        
        PID:4988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58260.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26652.exe
        6⤵
        
        PID:1444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15141.exe
        6⤵
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19525.exe
        6⤵
        
        PID:3188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35656.exe
        6⤵
        
        PID:3508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11389.exe
        6⤵
        
        PID:4580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51248.exe
        5⤵
        
        PID:1992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28712.exe
        5⤵
        
        PID:2540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26367.exe
        5⤵
        
        PID:3540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7531.exe
        5⤵
        
        PID:4272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44922.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44922.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14534.exe
        5⤵
        Executes dropped EXE
        
        PID:1580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60554.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19516.exe
        6⤵
        
        PID:1872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9511.exe
        6⤵
        
        PID:5092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59516.exe
        5⤵
        
        PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46832.exe
        5⤵
        
        PID:1508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41639.exe
        5⤵
        
        PID:3260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
        5⤵
        
        PID:4528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3190.exe
        5⤵
        
        PID:4944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49656.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49656.exe
      4⤵
      PID:1736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32402.exe
        5⤵
        
        PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10777.exe
        5⤵
        
        PID:3484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35774.exe
        5⤵
        
        PID:3400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11996.exe
        5⤵
        
        PID:4224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30295.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30295.exe
      4⤵
      PID:2532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40288.exe
      4⤵
      PID:3020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33504.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33504.exe
      4⤵
      PID:3628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40047.exe
      4⤵
      PID:3924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36515.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36515.exe
      4⤵
      PID:5104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6079.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6079.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:3048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41841.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33263.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52007.exe
        6⤵
        
        PID:1680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44965.exe
        6⤵
        
        PID:848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31113.exe
        6⤵
        
        PID:1824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7207.exe
        6⤵
        
        PID:4244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11749.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27974.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32402.exe
        6⤵
        
        PID:1940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39279.exe
        6⤵
        
        PID:3744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19230.exe
        6⤵
        
        PID:4884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6348.exe
        6⤵
        
        PID:2352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24408.exe
        5⤵
        
        PID:836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60201.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
        5⤵
        
        PID:4444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2139.exe
        5⤵
        
        PID:4828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3968.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50772.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56091.exe
        5⤵
        
        PID:2460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54336.exe
        5⤵
        
        PID:3144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11996.exe
        5⤵
        
        PID:4304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9639.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9639.exe
      4⤵
      PID:1828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34742.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34742.exe
      4⤵
      PID:2392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63269.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63269.exe
      4⤵
      PID:3404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36187.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36187.exe
      4⤵
      PID:3124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6924.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6924.exe
      4⤵
      PID:4760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60050.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60050.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39916.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52910.exe
      4⤵
      PID:2456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46832.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46832.exe
      4⤵
      PID:972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41639.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41639.exe
      4⤵
      PID:3252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3190.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3190.exe
      4⤵
      PID:4984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26901.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26901.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-679.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-679.exe
      4⤵
      PID:3908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5780.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5780.exe
      4⤵
      PID:4732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17922.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17922.exe
      4⤵
      PID:4384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47309.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47309.exe
    3⤵
    PID:1748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44562.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44562.exe
    3⤵
    PID:1292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11973.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11973.exe
    3⤵
    PID:3632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37743.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37743.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20340.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20340.exe
    3⤵
    PID:1088
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3986.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3986.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20487.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20487.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16054.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16054.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52339.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60694.exe
        6⤵
        
        PID:1780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31398.exe
        6⤵
        
        PID:2412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65027.exe
        6⤵
        
        PID:3496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
        6⤵
        
        PID:4544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3190.exe
        6⤵
        
        PID:4980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9910.exe
        5⤵
        
        PID:1228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18871.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36709.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61503.exe
        5⤵
        
        PID:3656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34106.exe
        5⤵
        
        PID:4676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61175.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61175.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13273.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44649.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22038.exe
        6⤵
        
        PID:3352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59258.exe
        6⤵
        
        PID:4312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52910.exe
        5⤵
        
        PID:2420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30378.exe
        5⤵
        
        PID:3448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61503.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58802.exe
        5⤵
        
        PID:4968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13008.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52397.exe
        5⤵
        
        PID:1648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31540.exe
        5⤵
        
        PID:3928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63845.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63845.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27496.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27496.exe
      4⤵
      PID:1688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57037.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57037.exe
      4⤵
      PID:3444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7240.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7240.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31238.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31238.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43979.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43979.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7881.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60938.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40512.exe
        6⤵
        
        PID:3916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9511.exe
        6⤵
        
        PID:5084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5115.exe
        5⤵
        
        PID:672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39458.exe
        5⤵
        
        PID:2356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20642.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38000.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64207.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64207.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22672.exe
        5⤵
        
        PID:2116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25551.exe
        5⤵
        
        PID:3688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35774.exe
        5⤵
        
        PID:3396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7207.exe
        5⤵
        
        PID:4216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25229.exe
        5⤵
        
        PID:4368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-760.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-760.exe
      4⤵
      PID:2192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47845.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47845.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46788.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46788.exe
      4⤵
      PID:3684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36187.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36187.exe
      4⤵
      PID:1616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6924.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6924.exe
      4⤵
      PID:4852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39795.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39795.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50476.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54768.exe
        5⤵
        
        PID:1552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26921.exe
        5⤵
        
        PID:3568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35774.exe
        5⤵
        
        PID:3388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7207.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25229.exe
        5⤵
        
        PID:4584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34004.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34004.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8923.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8923.exe
      4⤵
      PID:764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39279.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39279.exe
      4⤵
      PID:3864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5844.exe
      4⤵
      PID:4116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25398.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25398.exe
      4⤵
      PID:4396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60325.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60325.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56252.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56252.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54955.exe
        5⤵
        
        PID:3544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26122.exe
        5⤵
        
        PID:3120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9511.exe
        5⤵
        
        PID:5068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61654.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30378.exe
      4⤵
      PID:3436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61503.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61503.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64832.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64832.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18541.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18541.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32023.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32023.exe
      4⤵
      PID:2348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10590.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10590.exe
      4⤵
      PID:2084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23936.exe
      4⤵
      PID:3372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41639.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41639.exe
      4⤵
      PID:3256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
      4⤵
      PID:4428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49202.exe
      4⤵
      PID:4756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4419.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4419.exe
    3⤵
    PID:2672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3389.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3389.exe
    3⤵
    PID:2016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-712.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-712.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6638.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6638.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41943.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41943.exe
    3⤵
    PID:4128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58141.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58141.exe
    3⤵
    PID:2024
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36723.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36723.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14347.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14347.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48748.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48748.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26273.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59049.exe
        6⤵
        
        PID:2604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2806.exe
        6⤵
        
        PID:2544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16728.exe
        6⤵
        
        PID:3660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41639.exe
        6⤵
        
        PID:2424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3190.exe
        6⤵
        
        PID:4916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49298.exe
        5⤵
        
        PID:3000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40373.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22038.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1342.exe
        6⤵
        
        PID:4196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51141.exe
        6⤵
        
        PID:4124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40854.exe
        5⤵
        
        PID:1564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8203.exe
        5⤵
        
        PID:3748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61503.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3379.exe
        5⤵
        
        PID:4636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12437.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12437.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32215.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20128.exe
        5⤵
        
        PID:1504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58939.exe
        5⤵
        
        PID:3276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41639.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
        5⤵
        
        PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63592.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54673.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54673.exe
      4⤵
      PID:868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50035.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50035.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21136.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21136.exe
      4⤵
      PID:3356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13031.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13031.exe
      4⤵
      PID:3816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12575.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12575.exe
      4⤵
      PID:4696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29759.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29759.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32879.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32879.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36190.exe
        5⤵
        
        PID:1664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52697.exe
        5⤵
        
        PID:2472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61503.exe
        5⤵
        
        PID:3872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34106.exe
        5⤵
        
        PID:4688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23122.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23122.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28876.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28876.exe
      4⤵
      PID:1404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56117.exe
      4⤵
      PID:3308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19121.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19121.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28455.exe
      4⤵
      PID:5016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47169.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47169.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56527.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56527.exe
      4⤵
      PID:2612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57461.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57461.exe
      4⤵
      PID:708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24512.exe
      4⤵
      PID:3456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41639.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41639.exe
      4⤵
      PID:3228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3190.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3190.exe
      4⤵
      PID:4928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58976.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58976.exe
    3⤵
    PID:276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58090.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58090.exe
    3⤵
    PID:748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52048.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52048.exe
    3⤵
    PID:3608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57037.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57037.exe
    3⤵
    PID:3516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12694.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12694.exe
    3⤵
    PID:4376
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50839.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50839.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43787.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43787.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55484.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55484.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32983.exe
        5⤵
        
        PID:1144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35286.exe
        5⤵
        
        PID:1752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36957.exe
        5⤵
        
        PID:3888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41639.exe
        5⤵
        
        PID:2256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
        5⤵
        
        PID:4496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2139.exe
        5⤵
        
        PID:4840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19147.exe
      4⤵
      PID:472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49022.exe
      4⤵
      PID:3052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42822.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42822.exe
      4⤵
      PID:3852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61503.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61503.exe
      4⤵
      PID:3668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39560.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12868.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12868.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29776.exe
      4⤵
      PID:2112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5136.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5136.exe
      4⤵
      PID:940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55453.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55453.exe
      4⤵
      PID:3704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
      4⤵
      PID:4436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49202.exe
      4⤵
      PID:4844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44642.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44642.exe
    3⤵
    PID:3040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10154.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10154.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51536.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51536.exe
    3⤵
    PID:3136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47543.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47543.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12279.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12279.exe
    3⤵
    PID:5112
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10352.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10352.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59241.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59241.exe
    3⤵
    PID:2480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47155.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47155.exe
    3⤵
    PID:1216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40657.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40657.exe
    3⤵
    PID:3576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41639.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41639.exe
    3⤵
    PID:2272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
    3⤵
    PID:4536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3190.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3190.exe
    3⤵
    PID:2536
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33583.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33583.exe
  2⤵
  PID:2180
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24385.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24385.exe
  2⤵
  PID:2508
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44074.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44074.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3736
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55902.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55902.exe
  2⤵
  PID:3720
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10346.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10346.exe
  2⤵
  PID:4908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14347.exe

Filesize
468KB

MD5
e9ffe3e922e11bea7f1e274612e8b3b7

SHA1
b776a1fb6febaf384f852e944a9c8d93ade98d79

SHA256
1bbf6564aafc42ee90a50401f79a98d98b6b23a09784547d93854436473f4e57

SHA512
93cfbdaa5f6b411baff79e73941918e745d1f213b0861a79d4ee779e003538d71268a4c55d69212265851a91ce479c13dfd49277b9cf604d8f234d9dc3c05a7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20487.exe

Filesize
468KB

MD5
866712543e248917cab253c9686b4a86

SHA1
55d5b56e36550c05cadc223a77e4079feafca272

SHA256
4f2217414c5f8b923d8694b9c5d7836b8b11a41cea1c3def2e8492639d8f9a67

SHA512
5d8b77ac6fbca7a56d1bedd575476088c7252b3cc8b09238111cc094d1670dd7371413771f4141663de5414f7f7050e3f8042d7090e9c0b51cb8f16528eed2bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51104.exe

Filesize
468KB

MD5
ca3e3743eb2d383547c4ee9dc6326f1a

SHA1
9470f2ab7b71824d6e60d1336e0a58bf65a7bcba

SHA256
fc09a84c55fff46765548f1dd683c1020ab50b09ed2fffb226a94e4daeb1f28e

SHA512
d2cac4bda3ede6026aeab47853a03b743b4ebb43e7394384808c9a137ea5410a64636e2e55d3198053fa528ff3d1628fabfced0dec1dddefd12d8bdde7fe0644

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16054.exe

Filesize
468KB

MD5
8baf898dd4285a24df56de5ab5e380e2

SHA1
ab843a7dde8dc63e45678817c796ce8e86b0f1f2

SHA256
8d91300918f23556e913bbd10a809836f8adf60f3c1fb4ab9fd2e35e0ef3b4ee

SHA512
6d222f9266390902a7bc9149903380a181cbccd3223f63fceb067a8d2bb780d841c5d5fe269119a65eaca0ff1ae6d717f10e712e0042dae156b1cd32ba811d45

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27936.exe

Filesize
468KB

MD5
c4a6e4936572b3e948fc5aea78eec642

SHA1
9f4c35ec2db31b6542d972b24e7c3fef1684b592

SHA256
772071614a883f661c0e4667afea291c1daab53a8af2a4ea61de4490b536f7b8

SHA512
21a11c5dfa51b73add9b091eb2510c5b9951025a698c7868e26c2cf420dd92af833f53fca89135c00ae4241d54ceeb8ba0121f2152aaab1530c5a2ce4e6d4f39

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28655.exe

Filesize
468KB

MD5
715ee0dc60d8cf450ebdf8735212c464

SHA1
1ce8a11a7d29951dbbbb9aa2daef21c3df51d927

SHA256
21f58a6d45151dcaf78fef0b1bde12e6b428f402729ab5511d98ae60e3c80d6e

SHA512
2337715c387cc64da8439f5b08d1d1889d3a6ef69966cecc30aca0853841ac78dbca99d3a4c83082f24d8a3a09b7f0b6421f049439cacd729333ab4d8e77b1e6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29759.exe

Filesize
468KB

MD5
ec302887325e4495c0e91c2cd832e464

SHA1
1c77ac99690a6ac2932a87a65a53519c03498b80

SHA256
3c9a3814344a6e338eb3d5ba86fcf02dac3e2622ea3d0633d3f34c6678da27b2

SHA512
db8ee2edcee513eab247d73a228b94625134ef450113dd879db8bf2c408689100f56f181b3cf0f98c95326cf56711a21335fcf185f93ab042686b9473197f1fe

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31238.exe

Filesize
468KB

MD5
6c24c168af02a16f3c1fc4add7409056

SHA1
090b59fc9a93a5b8e7c0884696cff1a6f7428594

SHA256
3c0d86c9197b1080aca5beefe538bfe4d6eff6bf1e2c4a83bcc1b5441ba542ec

SHA512
feacf07bd73c44192988332fdc2082332016195eb649ca8940c36050f813c49304f6a96a4936d8285bd46b10a4f4d61027f19a10d7273727aff36c48bc33c36e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32630.exe

Filesize
468KB

MD5
6f62109585b76555a50725e3947f7f24

SHA1
8273fc9f69d87b904c892dec72b88bebde49e4b8

SHA256
fa3253155e4acc9a20448a368567e3f9365bac74a12123cf075131200aba45a3

SHA512
53f793c249e38b7e2c4783a67f063c6b3dab6b709bde7aa801bcf36d86dc3274346f4fd57f422a5ab562208abe9286fe5ae3d86d0f8f5906660c52d99a6e0fdf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36723.exe

Filesize
468KB

MD5
c3f064819628938b0eaaa77b4428b8dd

SHA1
33da57fa2968292c5fa3ca2e6f920d01734ee88e

SHA256
45be833af5ce4271a5dfbf76737a94e8b42f92890a42391e0b697f70141b4ab4

SHA512
7db932d7e782ded733db9aaf6b5246ce3e1cb5cb1b2720bbd78e4e89de7ee29019b479b0e16411784ca96db9120e45b0439e07db9041ac0aac01c266a5d5aaad

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3986.exe

Filesize
468KB

MD5
03fc67aeee264928a5d68021d5c5cf3b

SHA1
d84debcf84c83202a253774153b57269ddfd46de

SHA256
82f3ef7323c049b37134476c6d579ab68e07cf51e1e4350217ad6cf212c573ab

SHA512
5cf168700a64f0806209fe6b7f5eaa75af2da6f75ee08c9baf168222ee633b9fabcb433bfbaa635f77ee947bec3e2add867afa378c20a051a6d03abb9248dfc3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43979.exe

Filesize
468KB

MD5
57cca6574b4b76228ca927fe29aa174b

SHA1
ea12261cf6bd2e7969ebc6354e25436cf4cc501b

SHA256
c754a2ad07e5909fb1dd8bcfad54d37a27f4f3762ccc08d97cf6f8d06f687453

SHA512
94fdd63f13a0ee3c6128d051e58490ef0578765ce9382911a58ed62f7b4b6dc79a7b6c8d1df1038acb1c0f700db1cc10b2042ac4862ee1fd80035b231f860b1c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48748.exe

Filesize
468KB

MD5
338a69f7669d71fa099c324f4f3d8007

SHA1
2c793fc27457a08c117b740444f2c04b16418231

SHA256
46e335cfaaaddb168f4cd5b1f667f03e8b2bfb62617c527700547d081dc84f24

SHA512
5a766215860538f3c54b6a0aa9ef1255002eb16940a1c6940ee56b09cc7aca02c6a23998ab5297e604ea2c37215ed62c1d1b3bf84d7b5337991a7bd4f1e191c3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50839.exe

Filesize
468KB

MD5
fe10165afaa31a299d7287ed9dee7ca5

SHA1
e07398b0a2690e8f2fd660a296edc8f26edbdc79

SHA256
1ac77c2f79ff8e7df9a102daa911c2767ce9aab6236308b7497c1ea6cf52ca61

SHA512
f984f59b8122cd24f085ba45b1b774057b4a75a9b3ea5c390244c4b65abb08bc9627832667a38afaf0deaa6e85985d76d1c32564e0c9c34579f630fb15718dfc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57990.exe

Filesize
468KB

MD5
7c274aa2f742632242a5e6d7924d0412

SHA1
ab0fe4b59200ac79841cdfa8f5737dbbced99e78

SHA256
58f1dc575ec6343ee9afd9727cc2419e912d7658106682144bce48cefffb3618

SHA512
645075d0dfacea663b055151cd8133526c791cf75a75f5c73f9cbdd83aefc8138bedb96e52d592e6c96d5d41892ce0c2d5edabf00f5732053da1c7b2ab2ef059

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6079.exe

Filesize
468KB

MD5
33396f956d55bae22cf34f496ac8f49b

SHA1
e4b3e5fa98c4611ce501de3d755de3e81bfe00f6

SHA256
415c82a64e4d910bc9c1dd195db5b4bd57e5edfea9ce8fdfb68bc75d7c2660e1

SHA512
9d287bab607c07effabc9a56e3b995073dbb770eb17adf083fafd6e6c87efd62b53a1550ba3f48f33e065f192d2ab314ca2e8c6a571e6ab27c744ab4bb1b9b42

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6555.exe

Filesize
468KB

MD5
1c6609033e79e458d719cad94bdbbf84

SHA1
4abb7b6e705fb1b8eed926133f73cc528874dfc3

SHA256
7bd04cd7e67ae403816b9932884a61659c789312d4d513b35d1192e66502aec8

SHA512
7dcc9d2a93b4cd67835fbde1324d8a0cb8cc770e9f3ffed364de04f5a1b490d24bb4011fd68f91b40cf1e7c9d4deeec5fe1c68f25a9be2c785ad933b1c896a39

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9256.exe

Filesize
468KB

MD5
32d0e5923f0145ce8f90d3e063d5158a

SHA1
4893a957477a92629b872174e5fbb3e8ae06deae

SHA256
14207c5175c62e2a6a9c0aec1272113959573dfe7aa588932e1a11c69751c390

SHA512
e3f46e7ff356f278a079a4ab2b3818a3ba6da01810382850b18c6ffa949bc74ce5f20a247589bbeff2d1b065390d9130a2cce8031010db39cc438ecc15da6d83

Download Submit