37d85cd9ced4af35612dc186cb5e697154363b19288ba9dfd226beb8476c4335

Analysis

max time kernel
118s
max time network
124s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
10/10/2024, 06:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

37d85cd9ced4af35612dc186cb5e697154363b19288ba9dfd226beb8476c4335N.exe
Size

468KB
MD5

46f92d658fb2beeaff8e084e0b978f30
SHA1

11833ddfde5b1913bb10237faf76a273a4b98e2e
SHA256

37d85cd9ced4af35612dc186cb5e697154363b19288ba9dfd226beb8476c4335
SHA512

0a68d8af46f295aa8bd4636682d2d5a70139d1ff3141bb20ccfc2728176c879b2c779b779122616045cff661649770b2472e7e62a0d523e59e00b4b5fa86a674
SSDEEP

3072:vnC6ov2uU35/MbYVPgt5wfP/E5ilLVXFlmHd8SJXrsAwqf4uMolW:vnbooJ/M+PM5wfl1S1rsdg4uM

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2156	Unicorn-18176.exe
3028	Unicorn-22665.exe
2920	Unicorn-35663.exe
2640	Unicorn-36378.exe
2728	Unicorn-17088.exe
2672	Unicorn-53098.exe
2184	Unicorn-49464.exe
392	Unicorn-12719.exe
2400	Unicorn-28563.exe
2960	Unicorn-22240.exe
3004	Unicorn-7353.exe
2396	Unicorn-27219.exe
1272	Unicorn-64914.exe
2416	Unicorn-26954.exe
1256	Unicorn-27219.exe
2220	Unicorn-10000.exe
2344	Unicorn-31743.exe
2196	Unicorn-43140.exe
1936	Unicorn-47587.exe
1980	Unicorn-26420.exe
1524	Unicorn-20364.exe
1216	Unicorn-20364.exe
2584	Unicorn-11433.exe
2244	Unicorn-11738.exe
1016	Unicorn-16834.exe
1824	Unicorn-4411.exe
3060	Unicorn-4411.exe
2404	Unicorn-6257.exe
1148	Unicorn-12387.exe
1316	Unicorn-47670.exe
1284	Unicorn-61405.exe
2716	Unicorn-43498.exe
1652	Unicorn-13840.exe
1656	Unicorn-27575.exe
1480	Unicorn-1308.exe
2268	Unicorn-52163.exe
2760	Unicorn-11204.exe
2860	Unicorn-64167.exe
1752	Unicorn-18496.exe
2748	Unicorn-46871.exe
2652	Unicorn-17536.exe
2612	Unicorn-63015.exe
2632	Unicorn-28008.exe
2736	Unicorn-28008.exe
2100	Unicorn-47255.exe
2964	Unicorn-18697.exe
3008	Unicorn-52326.exe
2528	Unicorn-61256.exe
3036	Unicorn-34531.exe
1312	Unicorn-34531.exe
1700	Unicorn-34531.exe
2052	Unicorn-14665.exe
1696	Unicorn-18387.exe
2956	Unicorn-64058.exe
520	Unicorn-64426.exe
2804	Unicorn-4489.exe
1756	Unicorn-13041.exe
2384	Unicorn-6373.exe
1816	Unicorn-32533.exe
692	Unicorn-32798.exe
2884	Unicorn-32798.exe
2208	Unicorn-26667.exe
2572	Unicorn-52490.exe
1984	Unicorn-38754.exe

Loads dropped DLL 64 IoCs

pid	Process
2132	37d85cd9ced4af35612dc186cb5e697154363b19288ba9dfd226beb8476c4335N.exe
2132	37d85cd9ced4af35612dc186cb5e697154363b19288ba9dfd226beb8476c4335N.exe
2156	Unicorn-18176.exe
2156	Unicorn-18176.exe
2132	37d85cd9ced4af35612dc186cb5e697154363b19288ba9dfd226beb8476c4335N.exe
2132	37d85cd9ced4af35612dc186cb5e697154363b19288ba9dfd226beb8476c4335N.exe
3028	Unicorn-22665.exe
3028	Unicorn-22665.exe
2156	Unicorn-18176.exe
2156	Unicorn-18176.exe
2920	Unicorn-35663.exe
2920	Unicorn-35663.exe
2132	37d85cd9ced4af35612dc186cb5e697154363b19288ba9dfd226beb8476c4335N.exe
2132	37d85cd9ced4af35612dc186cb5e697154363b19288ba9dfd226beb8476c4335N.exe
2728	Unicorn-17088.exe
2728	Unicorn-17088.exe
2640	Unicorn-36378.exe
2640	Unicorn-36378.exe
2156	Unicorn-18176.exe
2156	Unicorn-18176.exe
3028	Unicorn-22665.exe
2132	37d85cd9ced4af35612dc186cb5e697154363b19288ba9dfd226beb8476c4335N.exe
2184	Unicorn-49464.exe
3028	Unicorn-22665.exe
2132	37d85cd9ced4af35612dc186cb5e697154363b19288ba9dfd226beb8476c4335N.exe
2184	Unicorn-49464.exe
2672	Unicorn-53098.exe
2672	Unicorn-53098.exe
2920	Unicorn-35663.exe
2920	Unicorn-35663.exe
392	Unicorn-12719.exe
392	Unicorn-12719.exe
2728	Unicorn-17088.exe
2728	Unicorn-17088.exe
2396	Unicorn-27219.exe
2184	Unicorn-49464.exe
2396	Unicorn-27219.exe
2184	Unicorn-49464.exe
2416	Unicorn-26954.exe
2416	Unicorn-26954.exe
2132	37d85cd9ced4af35612dc186cb5e697154363b19288ba9dfd226beb8476c4335N.exe
2400	Unicorn-28563.exe
2960	Unicorn-22240.exe
2400	Unicorn-28563.exe
2960	Unicorn-22240.exe
2132	37d85cd9ced4af35612dc186cb5e697154363b19288ba9dfd226beb8476c4335N.exe
2156	Unicorn-18176.exe
2156	Unicorn-18176.exe
2640	Unicorn-36378.exe
2640	Unicorn-36378.exe
1272	Unicorn-64914.exe
3004	Unicorn-7353.exe
1272	Unicorn-64914.exe
3004	Unicorn-7353.exe
2920	Unicorn-35663.exe
1256	Unicorn-27219.exe
2920	Unicorn-35663.exe
1256	Unicorn-27219.exe
2672	Unicorn-53098.exe
3028	Unicorn-22665.exe
2672	Unicorn-53098.exe
3028	Unicorn-22665.exe
2344	Unicorn-31743.exe
2344	Unicorn-31743.exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32075.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24445.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42295.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13645.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40474.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26954.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1680.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49318.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38508.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26420.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13102.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49372.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35306.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47239.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53369.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35582.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43895.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7767.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4411.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34531.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47239.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5532.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55857.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63315.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25112.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26667.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35582.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47377.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27976.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59142.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54271.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24445.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32967.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47587.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63015.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28469.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48209.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27208.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27245.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17659.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11923.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46779.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22665.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33503.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21237.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32505.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41171.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11433.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4489.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46977.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40743.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50665.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34472.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49318.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27414.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35663.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64167.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18496.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19014.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32505.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41150.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21484.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55857.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6683.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2132	37d85cd9ced4af35612dc186cb5e697154363b19288ba9dfd226beb8476c4335N.exe
2156	Unicorn-18176.exe
3028	Unicorn-22665.exe
2920	Unicorn-35663.exe
2640	Unicorn-36378.exe
2728	Unicorn-17088.exe
2184	Unicorn-49464.exe
2672	Unicorn-53098.exe
392	Unicorn-12719.exe
2400	Unicorn-28563.exe
2416	Unicorn-26954.exe
2396	Unicorn-27219.exe
1256	Unicorn-27219.exe
2960	Unicorn-22240.exe
3004	Unicorn-7353.exe
1272	Unicorn-64914.exe
2220	Unicorn-10000.exe
2344	Unicorn-31743.exe
1936	Unicorn-47587.exe
2196	Unicorn-43140.exe
1980	Unicorn-26420.exe
1524	Unicorn-20364.exe
2584	Unicorn-11433.exe
1216	Unicorn-20364.exe
2244	Unicorn-11738.exe
3060	Unicorn-4411.exe
1016	Unicorn-16834.exe
1824	Unicorn-4411.exe
2404	Unicorn-6257.exe
1148	Unicorn-12387.exe
1284	Unicorn-61405.exe
1316	Unicorn-47670.exe
2716	Unicorn-43498.exe
1652	Unicorn-13840.exe
1656	Unicorn-27575.exe
2268	Unicorn-52163.exe
2760	Unicorn-11204.exe
2860	Unicorn-64167.exe
1752	Unicorn-18496.exe
2748	Unicorn-46871.exe
2652	Unicorn-17536.exe
2612	Unicorn-63015.exe
2736	Unicorn-28008.exe
2100	Unicorn-47255.exe
2632	Unicorn-28008.exe
2964	Unicorn-18697.exe
2528	Unicorn-61256.exe
3008	Unicorn-52326.exe
3036	Unicorn-34531.exe
1696	Unicorn-18387.exe
1312	Unicorn-34531.exe
1700	Unicorn-34531.exe
2052	Unicorn-14665.exe
2956	Unicorn-64058.exe
1756	Unicorn-13041.exe
2384	Unicorn-6373.exe
520	Unicorn-64426.exe
2804	Unicorn-4489.exe
2208	Unicorn-26667.exe
1816	Unicorn-32533.exe
2884	Unicorn-32798.exe
692	Unicorn-32798.exe
2572	Unicorn-52490.exe
1020	Unicorn-35293.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2132 wrote to memory of 2156	2132	37d85cd9ced4af35612dc186cb5e697154363b19288ba9dfd226beb8476c4335N.exe	30
PID 2132 wrote to memory of 2156	2132	37d85cd9ced4af35612dc186cb5e697154363b19288ba9dfd226beb8476c4335N.exe	30
PID 2132 wrote to memory of 2156	2132	37d85cd9ced4af35612dc186cb5e697154363b19288ba9dfd226beb8476c4335N.exe	30
PID 2132 wrote to memory of 2156	2132	37d85cd9ced4af35612dc186cb5e697154363b19288ba9dfd226beb8476c4335N.exe	30
PID 2156 wrote to memory of 3028	2156	Unicorn-18176.exe	31
PID 2156 wrote to memory of 3028	2156	Unicorn-18176.exe	31
PID 2156 wrote to memory of 3028	2156	Unicorn-18176.exe	31
PID 2156 wrote to memory of 3028	2156	Unicorn-18176.exe	31
PID 2132 wrote to memory of 2920	2132	37d85cd9ced4af35612dc186cb5e697154363b19288ba9dfd226beb8476c4335N.exe	32
PID 2132 wrote to memory of 2920	2132	37d85cd9ced4af35612dc186cb5e697154363b19288ba9dfd226beb8476c4335N.exe	32
PID 2132 wrote to memory of 2920	2132	37d85cd9ced4af35612dc186cb5e697154363b19288ba9dfd226beb8476c4335N.exe	32
PID 2132 wrote to memory of 2920	2132	37d85cd9ced4af35612dc186cb5e697154363b19288ba9dfd226beb8476c4335N.exe	32
PID 3028 wrote to memory of 2640	3028	Unicorn-22665.exe	33
PID 3028 wrote to memory of 2640	3028	Unicorn-22665.exe	33
PID 3028 wrote to memory of 2640	3028	Unicorn-22665.exe	33
PID 3028 wrote to memory of 2640	3028	Unicorn-22665.exe	33
PID 2156 wrote to memory of 2728	2156	Unicorn-18176.exe	34
PID 2156 wrote to memory of 2728	2156	Unicorn-18176.exe	34
PID 2156 wrote to memory of 2728	2156	Unicorn-18176.exe	34
PID 2156 wrote to memory of 2728	2156	Unicorn-18176.exe	34
PID 2920 wrote to memory of 2672	2920	Unicorn-35663.exe	35
PID 2920 wrote to memory of 2672	2920	Unicorn-35663.exe	35
PID 2920 wrote to memory of 2672	2920	Unicorn-35663.exe	35
PID 2920 wrote to memory of 2672	2920	Unicorn-35663.exe	35
PID 2132 wrote to memory of 2184	2132	37d85cd9ced4af35612dc186cb5e697154363b19288ba9dfd226beb8476c4335N.exe	36
PID 2132 wrote to memory of 2184	2132	37d85cd9ced4af35612dc186cb5e697154363b19288ba9dfd226beb8476c4335N.exe	36
PID 2132 wrote to memory of 2184	2132	37d85cd9ced4af35612dc186cb5e697154363b19288ba9dfd226beb8476c4335N.exe	36
PID 2132 wrote to memory of 2184	2132	37d85cd9ced4af35612dc186cb5e697154363b19288ba9dfd226beb8476c4335N.exe	36
PID 2728 wrote to memory of 392	2728	Unicorn-17088.exe	37
PID 2728 wrote to memory of 392	2728	Unicorn-17088.exe	37
PID 2728 wrote to memory of 392	2728	Unicorn-17088.exe	37
PID 2728 wrote to memory of 392	2728	Unicorn-17088.exe	37
PID 2640 wrote to memory of 2400	2640	Unicorn-36378.exe	38
PID 2640 wrote to memory of 2400	2640	Unicorn-36378.exe	38
PID 2640 wrote to memory of 2400	2640	Unicorn-36378.exe	38
PID 2640 wrote to memory of 2400	2640	Unicorn-36378.exe	38
PID 2156 wrote to memory of 2960	2156	Unicorn-18176.exe	39
PID 2156 wrote to memory of 2960	2156	Unicorn-18176.exe	39
PID 2156 wrote to memory of 2960	2156	Unicorn-18176.exe	39
PID 2156 wrote to memory of 2960	2156	Unicorn-18176.exe	39
PID 3028 wrote to memory of 3004	3028	Unicorn-22665.exe	40
PID 3028 wrote to memory of 3004	3028	Unicorn-22665.exe	40
PID 3028 wrote to memory of 3004	3028	Unicorn-22665.exe	40
PID 3028 wrote to memory of 3004	3028	Unicorn-22665.exe	40
PID 2132 wrote to memory of 2416	2132	37d85cd9ced4af35612dc186cb5e697154363b19288ba9dfd226beb8476c4335N.exe	41
PID 2132 wrote to memory of 2416	2132	37d85cd9ced4af35612dc186cb5e697154363b19288ba9dfd226beb8476c4335N.exe	41
PID 2132 wrote to memory of 2416	2132	37d85cd9ced4af35612dc186cb5e697154363b19288ba9dfd226beb8476c4335N.exe	41
PID 2132 wrote to memory of 2416	2132	37d85cd9ced4af35612dc186cb5e697154363b19288ba9dfd226beb8476c4335N.exe	41
PID 2184 wrote to memory of 2396	2184	Unicorn-49464.exe	42
PID 2184 wrote to memory of 2396	2184	Unicorn-49464.exe	42
PID 2184 wrote to memory of 2396	2184	Unicorn-49464.exe	42
PID 2184 wrote to memory of 2396	2184	Unicorn-49464.exe	42
PID 2672 wrote to memory of 1256	2672	Unicorn-53098.exe	43
PID 2672 wrote to memory of 1256	2672	Unicorn-53098.exe	43
PID 2672 wrote to memory of 1256	2672	Unicorn-53098.exe	43
PID 2672 wrote to memory of 1256	2672	Unicorn-53098.exe	43
PID 2920 wrote to memory of 1272	2920	Unicorn-35663.exe	44
PID 2920 wrote to memory of 1272	2920	Unicorn-35663.exe	44
PID 2920 wrote to memory of 1272	2920	Unicorn-35663.exe	44
PID 2920 wrote to memory of 1272	2920	Unicorn-35663.exe	44
PID 392 wrote to memory of 2220	392	Unicorn-12719.exe	45
PID 392 wrote to memory of 2220	392	Unicorn-12719.exe	45
PID 392 wrote to memory of 2220	392	Unicorn-12719.exe	45
PID 392 wrote to memory of 2220	392	Unicorn-12719.exe	45

C:\Users\Admin\AppData\Local\Temp\37d85cd9ced4af35612dc186cb5e697154363b19288ba9dfd226beb8476c4335N.exe
"C:\Users\Admin\AppData\Local\Temp\37d85cd9ced4af35612dc186cb5e697154363b19288ba9dfd226beb8476c4335N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2132
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18176.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18176.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22665.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22665.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36378.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28563.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20364.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18496.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53369.exe
        8⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27414.exe
        8⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27245.exe
        8⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-138.exe
        8⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33503.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49318.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33111.exe
        7⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32505.exe
        7⤵
        
        PID:4916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46871.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59407.exe
        7⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8079.exe
        7⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36592.exe
        7⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38618.exe
        7⤵
        
        PID:5100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47239.exe
        6⤵
        
        PID:1856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54271.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7910.exe
        6⤵
        
        PID:3872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49372.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16834.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28469.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4142.exe
        7⤵
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52578.exe
        7⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27245.exe
        7⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24581.exe
        7⤵
        
        PID:4508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36998.exe
        6⤵
        
        PID:2740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7767.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24445.exe
        6⤵
        
        PID:3852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25112.exe
        6⤵
        
        PID:4308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48070.exe
        5⤵
        
        PID:680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33376.exe
        6⤵
        
        PID:3272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21570.exe
        6⤵
        
        PID:4988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34472.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44834.exe
        5⤵
        
        PID:3760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50414.exe
        5⤵
        
        PID:3556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39086.exe
        5⤵
        
        PID:4704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7353.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:3004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4411.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18387.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26524.exe
        7⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1519.exe
        8⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42529.exe
        9⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30159.exe
        8⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27245.exe
        8⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41171.exe
        8⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47191.exe
        7⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43895.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33111.exe
        7⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32505.exe
        7⤵
        
        PID:4848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35293.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53369.exe
        7⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59271.exe
        7⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33111.exe
        7⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32505.exe
        7⤵
        
        PID:4940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47239.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64639.exe
        6⤵
        
        PID:3524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7910.exe
        6⤵
        
        PID:3900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3581.exe
        6⤵
        
        PID:4472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13041.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13719.exe
        6⤵
        
        PID:2996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50435.exe
        6⤵
        
        PID:3732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42295.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41171.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64400.exe
        5⤵
        
        PID:2944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40741.exe
        5⤵
        
        PID:3216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24445.exe
        5⤵
        
        PID:3984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32306.exe
        5⤵
        
        PID:4164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61405.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61405.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28008.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24338.exe
        6⤵
        
        PID:3268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52352.exe
        6⤵
        
        PID:4496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40154.exe
        6⤵
        
        PID:4252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1106.exe
        5⤵
        
        PID:1336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48441.exe
        5⤵
        
        PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33111.exe
        5⤵
        
        PID:3380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17129.exe
        5⤵
        
        PID:4436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18697.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18697.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6683.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57781.exe
        5⤵
        
        PID:3612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29991.exe
        5⤵
        
        PID:4820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61901.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61901.exe
      4⤵
      PID:580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46977.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46977.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24976.exe
      4⤵
      PID:2784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36009.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36009.exe
      4⤵
      PID:4180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17088.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17088.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12719.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10000.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63015.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34960.exe
        7⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53704.exe
        7⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27245.exe
        7⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41171.exe
        7⤵
        
        PID:4828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15116.exe
        6⤵
        
        PID:280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6641.exe
        6⤵
        
        PID:2044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24445.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48739.exe
        6⤵
        
        PID:4264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13840.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32798.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46199.exe
        7⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11923.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50665.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45230.exe
        6⤵
        
        PID:3972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13532.exe
        6⤵
        
        PID:3644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46779.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52490.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25149.exe
        6⤵
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55712.exe
        6⤵
        
        PID:2836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9655.exe
        6⤵
        
        PID:3168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21237.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32505.exe
        6⤵
        
        PID:4892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14494.exe
        5⤵
        
        PID:2980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42143.exe
        5⤵
        
        PID:2912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55857.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13102.exe
        5⤵
        
        PID:3740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58650.exe
        5⤵
        
        PID:4368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31743.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43498.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48335.exe
        6⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20979.exe
        7⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38342.exe
        7⤵
        
        PID:4672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23537.exe
        6⤵
        
        PID:3040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64170.exe
        6⤵
        
        PID:3748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13645.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32742.exe
        6⤵
        
        PID:4700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27976.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53369.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35582.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27245.exe
        6⤵
        
        PID:4048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41171.exe
        6⤵
        
        PID:4908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47239.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6683.exe
        6⤵
        
        PID:3836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8388.exe
        6⤵
        
        PID:3652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58767.exe
        6⤵
        
        PID:4276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47015.exe
        5⤵
        
        PID:3024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24445.exe
        5⤵
        
        PID:4072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34418.exe
        5⤵
        
        PID:4204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27575.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27575.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40743.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31463.exe
        6⤵
        
        PID:4052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9805.exe
        6⤵
        
        PID:3312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-578.exe
        6⤵
        
        PID:4424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15369.exe
        5⤵
        
        PID:2116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64170.exe
        5⤵
        
        PID:3724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6743.exe
        5⤵
        
        PID:3400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5946.exe
        5⤵
        
        PID:4544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38916.exe
      4⤵
      PID:2128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36689.exe
        5⤵
        
        PID:3600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22856.exe
        5⤵
        
        PID:4404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35555.exe
        5⤵
        
        PID:4804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50996.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50996.exe
      4⤵
      PID:2280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55857.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55857.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13102.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13102.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61666.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61666.exe
      4⤵
      PID:4384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22240.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22240.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20364.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34531.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53369.exe
        6⤵
        
        PID:2392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27414.exe
        6⤵
        
        PID:2508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27245.exe
        6⤵
        
        PID:3884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41171.exe
        6⤵
        
        PID:4884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33503.exe
        5⤵
        
        PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41150.exe
        5⤵
        
        PID:2212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33111.exe
        5⤵
        
        PID:3948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32505.exe
        5⤵
        
        PID:4972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64058.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64058.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55019.exe
        5⤵
        
        PID:2688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22982.exe
        5⤵
        
        PID:1364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27245.exe
        5⤵
        
        PID:3968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5532.exe
        5⤵
        
        PID:5052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7856.exe
      4⤵
      PID:1132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33071.exe
      4⤵
      PID:2228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24445.exe
      4⤵
      PID:4064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48739.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48739.exe
      4⤵
      PID:4244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11738.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11738.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28008.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21195.exe
        5⤵
        
        PID:2300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62697.exe
        5⤵
        
        PID:2348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21814.exe
        5⤵
        
        PID:3560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42457.exe
        5⤵
        
        PID:4448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35167.exe
        5⤵
        
        PID:5008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59082.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59082.exe
      4⤵
      PID:2540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45571.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45571.exe
      4⤵
      PID:2084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33111.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33111.exe
      4⤵
      PID:3080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32505.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52326.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52326.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53369.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53369.exe
      4⤵
      PID:1472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27414.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27414.exe
      4⤵
      PID:2552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12857.exe
        5⤵
        
        PID:4736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38508.exe
        5⤵
        
        PID:4964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27245.exe
      4⤵
      PID:4020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5532.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5532.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27903.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27903.exe
    3⤵
    PID:2008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38880.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38880.exe
    3⤵
    PID:2820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3445.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3445.exe
    3⤵
    PID:3212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30674.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30674.exe
    3⤵
    PID:4108
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35663.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35663.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53098.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53098.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27219.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27219.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12387.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34531.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53369.exe
        7⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1902.exe
        7⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33111.exe
        7⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32505.exe
        7⤵
        
        PID:4932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-805.exe
        6⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31712.exe
        7⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13510.exe
        7⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35306.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-776.exe
        6⤵
        
        PID:3092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33111.exe
        6⤵
        
        PID:3956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32505.exe
        6⤵
        
        PID:4900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4489.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47377.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30174.exe
        6⤵
        
        PID:4596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64400.exe
        5⤵
        
        PID:2948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40741.exe
        5⤵
        
        PID:3232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24445.exe
        5⤵
        
        PID:3116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41640.exe
        5⤵
        
        PID:4360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47670.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47670.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32798.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20979.exe
        6⤵
        
        PID:4628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30174.exe
        6⤵
        
        PID:4656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23371.exe
        5⤵
        
        PID:316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34875.exe
        5⤵
        
        PID:3276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21218.exe
        6⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14853.exe
        7⤵
        
        PID:4604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38508.exe
        6⤵
        
        PID:4956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33111.exe
        5⤵
        
        PID:3152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32505.exe
        5⤵
        
        PID:4856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26667.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56977.exe
        5⤵
        
        PID:3416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47419.exe
        5⤵
        
        PID:4340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42972.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42972.exe
      4⤵
      PID:2068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32075.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32075.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7910.exe
      4⤵
      PID:3132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27208.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27208.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64914.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64914.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4411.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4411.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17536.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53369.exe
        6⤵
        
        PID:912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27414.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27245.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5532.exe
        6⤵
        
        PID:5060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33503.exe
        5⤵
        
        PID:2436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62936.exe
        5⤵
        
        PID:3620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24445.exe
        5⤵
        
        PID:3868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25112.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47255.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1680.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4472.exe
        5⤵
        
        PID:3244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23540.exe
        5⤵
        
        PID:3204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6443.exe
        5⤵
        
        PID:4412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30684.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30684.exe
      4⤵
      PID:872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6641.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6641.exe
      4⤵
      PID:2900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24445.exe
      4⤵
      PID:3124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40474.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40474.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6257.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6257.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6373.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6373.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33376.exe
        5⤵
        
        PID:3228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21570.exe
        5⤵
        
        PID:4996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23371.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23371.exe
      4⤵
      PID:2936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59995.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59995.exe
      4⤵
      PID:3444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61574.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61574.exe
      4⤵
      PID:3992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17659.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17659.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32533.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32533.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53369.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53369.exe
      4⤵
      PID:1956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27414.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27414.exe
      4⤵
      PID:1084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27245.exe
      4⤵
      PID:4092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48209.exe
      4⤵
      PID:4336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44439.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44439.exe
    3⤵
    PID:568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29982.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29982.exe
    3⤵
    PID:1772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24976.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24976.exe
    3⤵
    PID:3812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11505.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11505.exe
    3⤵
    PID:4808
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49464.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49464.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27219.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27219.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43140.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11204.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29268.exe
        6⤵
        
        PID:3800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8388.exe
        6⤵
        
        PID:3668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50163.exe
        6⤵
        
        PID:4756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33503.exe
        5⤵
        
        PID:2968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27945.exe
        6⤵
        
        PID:3584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22856.exe
        6⤵
        
        PID:4396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37968.exe
        6⤵
        
        PID:5032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49318.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33111.exe
        5⤵
        
        PID:3336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32505.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64167.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53369.exe
        5⤵
        
        PID:820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35582.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27245.exe
        5⤵
        
        PID:3192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41110.exe
        5⤵
        
        PID:4564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47239.exe
      4⤵
      PID:2108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55183.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55183.exe
      4⤵
      PID:2720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24445.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15970.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15970.exe
      4⤵
      PID:5108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47587.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47587.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1308.exe
      4⤵
      Executes dropped EXE
      PID:1480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64758.exe
        5⤵
        
        PID:2692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59142.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19014.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17256.exe
        5⤵
        
        PID:4428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35698.exe
        5⤵
        
        PID:5048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38754.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38754.exe
      4⤵
      Executes dropped EXE
      PID:1984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24684.exe
        5⤵
        
        PID:3664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18633.exe
        5⤵
        
        PID:4200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60926.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60926.exe
      4⤵
      PID:1820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49760.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49760.exe
      4⤵
      PID:3420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24445.exe
      4⤵
      PID:3860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25112.exe
      4⤵
      PID:4296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52163.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52163.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13218.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13218.exe
      4⤵
      PID:2992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62697.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62697.exe
      4⤵
      PID:3048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21814.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21814.exe
      4⤵
      PID:3480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42457.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42457.exe
      4⤵
      PID:4440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32967.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32967.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20623.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20623.exe
    3⤵
    PID:2972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38350.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38350.exe
    3⤵
    PID:1716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7910.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7910.exe
    3⤵
    PID:3960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57540.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57540.exe
    3⤵
    PID:4104
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26954.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26954.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26420.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26420.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61256.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61256.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47005.exe
        5⤵
        
        PID:3356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9805.exe
        5⤵
        
        PID:3332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8746.exe
        5⤵
        
        PID:4576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58174.exe
      4⤵
      PID:1668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-776.exe
      4⤵
      PID:3084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33111.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33111.exe
      4⤵
      PID:4032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32505.exe
      4⤵
      PID:4980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14665.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14665.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25426.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25426.exe
      4⤵
      PID:4548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44290.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44290.exe
      4⤵
      PID:4800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7799.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7799.exe
    3⤵
    PID:2624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62749.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62749.exe
    3⤵
    PID:3144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24445.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24445.exe
    3⤵
    PID:3108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25112.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25112.exe
    3⤵
    PID:4316
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11433.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11433.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34531.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34531.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53369.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53369.exe
      4⤵
      PID:3068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27414.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27414.exe
      4⤵
      PID:1144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27245.exe
      4⤵
      PID:4080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48209.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33503.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33503.exe
    3⤵
    PID:1176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21218.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21218.exe
      4⤵
      PID:4712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38508.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38508.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41150.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41150.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33111.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33111.exe
    3⤵
    PID:3344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63315.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63315.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4480
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64426.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64426.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21484.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21484.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13510.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13510.exe
    3⤵
    PID:3816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51642.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51642.exe
    3⤵
    PID:4116
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62130.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62130.exe
  2⤵
  PID:2040
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11075.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11075.exe
  2⤵
  PID:3300
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63647.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63647.exe
  2⤵
  PID:3996
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34874.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34874.exe
  2⤵
  PID:4152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12719.exe

Filesize
468KB

MD5
c48e55b8c60e881ac5c08c0ce87cb2d2

SHA1
a9ff0bd4f85ddb5e5e0bcf6b78f359c99045f36c

SHA256
ebb9e074b2a3d1ebae1957af1be6412fc4fe786b057ec5a8912133715dd747c4

SHA512
668c69cb653a851b77d08e0764e312b2417a0ab9dd3c9c62854374025a82bfad604365ddf430a8d1c08b5284182d76aefe981361df91d287e023158ee4957373

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22240.exe

Filesize
468KB

MD5
89af462d04ed6549b26604364e11e025

SHA1
23f20c5cdc1df9b4e5759673aebbda329cdf1bfe

SHA256
60c78216f72a7f8c0dcdc41ecbb1c2ed3fe8dd14923197918db2b003e4a01c55

SHA512
da9dba3f6decdb04ea240e20d859b47f66c2450e595eff98fb12f2014367a12c8527a964723581be0cfd14b3e0c9c5ffc2b4ca43bf5b88abda2cf1af90ff7fe2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31743.exe

Filesize
468KB

MD5
7003c904cb6ed762103a436e719e6e3a

SHA1
24c9277211b7e35905739bbf54eec07d75ff6298

SHA256
48681df117b31b70131fe694cd3ac8c61c1d3e6c42dff7e7656e2ec665829eb4

SHA512
e3c7abd45107660b5eb96d21867033949166a0e46d890e7b4c37ba432a64fc48f45f476b45737dcd688874ae765360d6c0062aeecb6f894e510fd9bcc510f808

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64914.exe

Filesize
468KB

MD5
2989acf6bd7d99662ff568bbe80535ce

SHA1
2c57c07a9af80ddbdb723a75a924cf518edb08de

SHA256
717be720fa9055f07a658a39ca30f611b355b1cddec0da801fef79d7b162f642

SHA512
345a7af00266b425545e172aadfc93299a96123d73b25be1a0451ed4ac002a3bf235df5d4d8d73fb47fac55168bff9ba9f7e547a93cfc1d5c554dfad4e817831

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10000.exe

Filesize
468KB

MD5
c6fc50181a82e977a6123c437c8ca025

SHA1
3eb0fe19814be7b3e06379841e9acee8313408f4

SHA256
bb415037cd6c2bf0f94f437cd5c9ad2414d3b365b0f8d3ee6e4932e9079fdc64

SHA512
9399f02833471d6dd4773fc486d6d84919d09892ea5359b79d3785e360988ff4ad4acf5892e2f59eb95aa023eaf053b376a685b531d8345f1a83ac5e4382bbc8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17088.exe

Filesize
468KB

MD5
70024ea67bf76bfd3a8ec671616138f5

SHA1
0b1bbd73a35ac895e3f9d346b804da1896d6d77e

SHA256
bcd5914a1b22d6aef639e37467a7c453495ef265d86e73395019fb0e6acfa63c

SHA512
d0cecc4fae8e6e55e099cb042818c9704e4b3ac013eb528ed21fdd9a6a0b47cc356fe45adcc97c62c1b7cb506d2be3122cfee8e07855cfe8811211d4be736569

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18176.exe

Filesize
468KB

MD5
9d74b186a230dc0665052a8a9cf51600

SHA1
7d38cf06fb69e3d6610747aeffa033c0a3b90b6f

SHA256
4104c2b7ca630fd871495e98e863b5d873b772bef4cebf80175f14c53615bad2

SHA512
f8e593e18ea42e099d3dd190248cc273f9f8dd360efbe597af9e69f39faa7a3194494cf05965b4a3e641e644432e291baf4e4909732f45f841eef015baf7fd00

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22665.exe

Filesize
468KB

MD5
fe49062d502bc9d890f409bb10eebb07

SHA1
cae97cd3b202e9f847a300e5acd38c537a7cbacc

SHA256
ec98e7b088e0d6f915d6a44b912224c24aa9ab4da3b5ea69ff561a259f1667e6

SHA512
5137b3f143555bc0823a1e7779fb2c0f1169bb230987b5ae5c6eb7c22d10d159dfa7dc52c04ad6e037af6589b88d4527aea492be27d2829eee99fc3dbb7a7a64

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26954.exe

Filesize
468KB

MD5
2826dd96075fb6a5c4b72dba16b4ad90

SHA1
9b519dfad198692ef2079bcf778424cb09c9d2b1

SHA256
8718174b025f72b5986914fd3eebd9d9e8aeb02617cca88b732a7334cd73942d

SHA512
bc4d4bd79b0e2b68e77988e763ffea47e406fc78e0a2ac2f7358efb92ee1377bdc32cbdad67c1a3305cbbc07799b7a6017f5895e1e628081825e9c4bb80bd6b8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27219.exe

Filesize
468KB

MD5
64f3c7b3436e5658d1be1ea6d07686eb

SHA1
f2bd0b18dfa4ff7afe844db3d3700f5bda9784f4

SHA256
b2f6bbfdf223109513c314e166df0bad9955fa88ed3db527b90c32f06945f5a4

SHA512
e7c2de7d29301d18ad10565147700e70bfdf95f99aecc46c1fd7b6c84a0ce3a16aea1f16c32a8b2742abb4a6e9a92f43d80b854575166a8a79b2e5bedd589b67

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28563.exe

Filesize
468KB

MD5
5f3dfca593fb25c7f4b126da92172872

SHA1
6fe7f150d51c0e3cc6badb7c5ca395bac17e0c27

SHA256
cd2544579df35fec20272354dd1a1b74d5e312c0794fdcb244276d3bc8025169

SHA512
a26b2f48a694dab6b568d4eddceacf3fda1f58c65c36cc2f43a1d34b70eebd9e7a75e9efc39c6feba33271ab341eed746d65636712047b05599a9d20620db406

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35663.exe

Filesize
468KB

MD5
bfa3dafa09e0ecaf5ed5104c558ef7da

SHA1
bef080c60aa5b45f9bfc83dc42888d2aa8b053b6

SHA256
e7265fccfe6d9fcd3a8757e3e52b958f4538eafd211c44c73d4aac2e49ff2305

SHA512
0a142b406ef07a83886cf93648b800ea17d052ba2ccf51e47f1927d2de9af9b5c231aea96cb8e723fcbf8bef704a15ec10dd7dcbcd7d959bc7fe884f35f5578d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36378.exe

Filesize
468KB

MD5
8126cd8bf35952a0af14e25c65c8f6a1

SHA1
3f9b5a3b8aff24115f33bd51afae923090322aae

SHA256
63a4ed936b6ec69cf01a5af61fbfa2b1483b3b1265876c4e36d6036a71ffe0d4

SHA512
d0e505c02f195fe3767dfbe17f80030cd214ce96c7d1f52e42c69133833e0c829be2378716f38bcd3622f8ef84e46ca51be017a2e5c01535ca65a4c83212e12f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43140.exe

Filesize
468KB

MD5
d707de6c0e8f7ca03bb68067cea67919

SHA1
d9406b2328f2ef31e078049bc6a64df23476ecec

SHA256
5c3a5974832f4cdd979e763eac04d3b08687a4d49458b6e8d77a8ff9e5cef29e

SHA512
cfcbcdd0b586c3c4fab766c23b14a09ef2423bd237a80226353c2db9b493b1a537348d2dedfce3d0d233a93ca3ca9f8cac9675875c3d4b3d2dffd8f1f3165e52

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47587.exe

Filesize
468KB

MD5
ff63571d9e4005525b8d6e42e6720dc2

SHA1
2178ce3c19d177a31684dc73808029ebf208e9a8

SHA256
160798ad726112c8ea3fecd0c797ed9eefa0f32f4bb0feef4551453bb8a8d27d

SHA512
b8069d24c11a82dfd05fdc93828abca7947556731a7757cdb316e134546f90fb5740000a1a9e8f0b2ce17abf48b023636456287f2c6bd31a18229391b6a2629e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49464.exe

Filesize
468KB

MD5
3f877bdb9c2b468e2c8fde8409e83937

SHA1
81f38bab8bfa4ce3c24e5698fac7f419b41b627b

SHA256
3d7a021ca0f2c3ecbeb7790f8a4c5cf4ca045b713063f9f1d6b0f9ea6aa6ffd8

SHA512
d70b4c03cafa9cb39f53ae6c50a6d5eced74c1a3b47805d019c626c6b5c0cc73fa2560348f7e92ffab860a733704e6c5d0800af208e057f01518911b9eee2dbf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53098.exe

Filesize
468KB

MD5
7f1b62d6d9deeb869376767e9b5e56bd

SHA1
00e3d1a77e7afd2774ddca2e032867056a58a542

SHA256
c78c41f9598035c041d9d52a0179b681a71a0ec083df4c5040aad24c9949dc4d

SHA512
867bac1cf16249a9788f50a9ec9a5fc30e68e087c35ab887aff3ed7d871bb6a3a3c9dba80e8315511ffcd72da253e42284b81471f481645cd0411e125871201a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7353.exe

Filesize
468KB

MD5
98ca1278f8705e031457c56ec2d491cd

SHA1
6732229cd951c719663a322f4253708bd3f46fd0

SHA256
8dfd120a059e9004c870a4663bec20c4e5582f3d85db50e292ceb8be377d1c28

SHA512
4277289755f9ca6b77974c84098073d985439ded9cc50a42d0ef1e62883606351a1b558a95b62f6d48654425075553c2ecbca72857c12cf13f3299c466990827

Download Submit