b57b5bba36246b9d3be5c7e4a1a4609fb4a72a1f28fe4242a4866125d6b9b285

Analysis

max time kernel
120s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
10/10/2024, 15:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b57b5bba36246b9d3be5c7e4a1a4609fb4a72a1f28fe4242a4866125d6b9b285N.exe
Size

468KB
MD5

ac0d8c5582193bff17d8cada4507fee0
SHA1

38dd540ff2e74d77e4825a9725aa136e203e7c28
SHA256

b57b5bba36246b9d3be5c7e4a1a4609fb4a72a1f28fe4242a4866125d6b9b285
SHA512

c6225af5f134c7ea6c5b59f5552306174fd33d412051acbed8dae924feefb6e61ec7d56a9190f55db00a8e8fb6382a5ce1c2c6e713fb61cdb2626afa46afd3cc
SSDEEP

3072:1huUogIuIw5UtbYXHzcjrf8/EodCflpC6FH0pVSzwaUknCVz3Qex:1hJo3gUt4H4jrf5j+wwaVCVz3

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2300	Unicorn-23652.exe
2396	Unicorn-61451.exe
2932	Unicorn-553.exe
2868	Unicorn-61809.exe
3048	Unicorn-51228.exe
3052	Unicorn-1472.exe
2668	Unicorn-24122.exe
2296	Unicorn-27020.exe
1708	Unicorn-8114.exe
2628	Unicorn-50630.exe
3020	Unicorn-6225.exe
2244	Unicorn-56760.exe
2956	Unicorn-19812.exe
2472	Unicorn-33002.exe
2192	Unicorn-37060.exe
1372	Unicorn-7917.exe
1768	Unicorn-25540.exe
2364	Unicorn-65442.exe
2388	Unicorn-52620.exe
2412	Unicorn-61550.exe
2160	Unicorn-41684.exe
820	Unicorn-21670.exe
948	Unicorn-21404.exe
1672	Unicorn-37875.exe
560	Unicorn-51611.exe
3064	Unicorn-57741.exe
2636	Unicorn-55119.exe
612	Unicorn-62209.exe
1300	Unicorn-21177.exe
2616	Unicorn-19130.exe
940	Unicorn-26775.exe
332	Unicorn-41296.exe
868	Unicorn-5971.exe
796	Unicorn-14745.exe
1720	Unicorn-54700.exe
2228	Unicorn-38556.exe
2912	Unicorn-55447.exe
1636	Unicorn-70.exe
2060	Unicorn-31518.exe
2848	Unicorn-43216.exe
1660	Unicorn-47227.exe
2716	Unicorn-39324.exe
2800	Unicorn-39324.exe
2264	Unicorn-51555.exe
2272	Unicorn-65290.exe
2644	Unicorn-9090.exe
1236	Unicorn-51638.exe
1744	Unicorn-39023.exe
1732	Unicorn-1233.exe
2724	Unicorn-54021.exe
2968	Unicorn-13942.exe
936	Unicorn-33468.exe
1060	Unicorn-39791.exe
2544	Unicorn-19349.exe
1016	Unicorn-27155.exe
1312	Unicorn-17768.exe
2200	Unicorn-18938.exe
2504	Unicorn-20007.exe
2392	Unicorn-20007.exe
272	Unicorn-19514.exe
1796	Unicorn-24536.exe
2528	Unicorn-12284.exe
2044	Unicorn-1323.exe
340	Unicorn-27258.exe

Loads dropped DLL 64 IoCs

pid	Process
2052	b57b5bba36246b9d3be5c7e4a1a4609fb4a72a1f28fe4242a4866125d6b9b285N.exe
2052	b57b5bba36246b9d3be5c7e4a1a4609fb4a72a1f28fe4242a4866125d6b9b285N.exe
2300	Unicorn-23652.exe
2300	Unicorn-23652.exe
2052	b57b5bba36246b9d3be5c7e4a1a4609fb4a72a1f28fe4242a4866125d6b9b285N.exe
2052	b57b5bba36246b9d3be5c7e4a1a4609fb4a72a1f28fe4242a4866125d6b9b285N.exe
2396	Unicorn-61451.exe
2396	Unicorn-61451.exe
2300	Unicorn-23652.exe
2300	Unicorn-23652.exe
2932	Unicorn-553.exe
2932	Unicorn-553.exe
2052	b57b5bba36246b9d3be5c7e4a1a4609fb4a72a1f28fe4242a4866125d6b9b285N.exe
2052	b57b5bba36246b9d3be5c7e4a1a4609fb4a72a1f28fe4242a4866125d6b9b285N.exe
3048	Unicorn-51228.exe
3048	Unicorn-51228.exe
2300	Unicorn-23652.exe
2396	Unicorn-61451.exe
2396	Unicorn-61451.exe
2300	Unicorn-23652.exe
2868	Unicorn-61809.exe
3052	Unicorn-1472.exe
2052	b57b5bba36246b9d3be5c7e4a1a4609fb4a72a1f28fe4242a4866125d6b9b285N.exe
2052	b57b5bba36246b9d3be5c7e4a1a4609fb4a72a1f28fe4242a4866125d6b9b285N.exe
2868	Unicorn-61809.exe
3052	Unicorn-1472.exe
2932	Unicorn-553.exe
2932	Unicorn-553.exe
2668	Unicorn-24122.exe
2668	Unicorn-24122.exe
2296	Unicorn-27020.exe
2296	Unicorn-27020.exe
3048	Unicorn-51228.exe
3048	Unicorn-51228.exe
2244	Unicorn-56760.exe
2244	Unicorn-56760.exe
2052	b57b5bba36246b9d3be5c7e4a1a4609fb4a72a1f28fe4242a4866125d6b9b285N.exe
2052	b57b5bba36246b9d3be5c7e4a1a4609fb4a72a1f28fe4242a4866125d6b9b285N.exe
2628	Unicorn-50630.exe
2628	Unicorn-50630.exe
2868	Unicorn-61809.exe
2868	Unicorn-61809.exe
1708	Unicorn-8114.exe
2300	Unicorn-23652.exe
1708	Unicorn-8114.exe
2300	Unicorn-23652.exe
3052	Unicorn-1472.exe
3052	Unicorn-1472.exe
2396	Unicorn-61451.exe
2956	Unicorn-19812.exe
2396	Unicorn-61451.exe
2956	Unicorn-19812.exe
2932	Unicorn-553.exe
2932	Unicorn-553.exe
2192	Unicorn-37060.exe
2192	Unicorn-37060.exe
1372	Unicorn-7917.exe
2668	Unicorn-24122.exe
1372	Unicorn-7917.exe
2668	Unicorn-24122.exe
2296	Unicorn-27020.exe
2296	Unicorn-27020.exe
1768	Unicorn-25540.exe
1768	Unicorn-25540.exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16087.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51315.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37407.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49643.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10002.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16198.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13042.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19349.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54484.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29097.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35216.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37060.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-70.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54310.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20007.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3409.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14468.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60349.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62286.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5414.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26828.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35216.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46227.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41684.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36622.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45748.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30182.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37373.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42825.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17947.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5414.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36842.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16095.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39701.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2491.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61809.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62816.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21174.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42555.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57903.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25231.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38556.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63042.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1323.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15876.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44376.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54484.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61550.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32508.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55309.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45750.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59919.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65290.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2684.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52282.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12357.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56352.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18269.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15309.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62975.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20341.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2052	b57b5bba36246b9d3be5c7e4a1a4609fb4a72a1f28fe4242a4866125d6b9b285N.exe
2300	Unicorn-23652.exe
2396	Unicorn-61451.exe
2932	Unicorn-553.exe
3048	Unicorn-51228.exe
3052	Unicorn-1472.exe
2868	Unicorn-61809.exe
2668	Unicorn-24122.exe
2296	Unicorn-27020.exe
2244	Unicorn-56760.exe
1708	Unicorn-8114.exe
2956	Unicorn-19812.exe
3020	Unicorn-6225.exe
2472	Unicorn-33002.exe
2628	Unicorn-50630.exe
2192	Unicorn-37060.exe
1372	Unicorn-7917.exe
1768	Unicorn-25540.exe
2364	Unicorn-65442.exe
2388	Unicorn-52620.exe
2160	Unicorn-41684.exe
2412	Unicorn-61550.exe
948	Unicorn-21404.exe
820	Unicorn-21670.exe
560	Unicorn-51611.exe
3064	Unicorn-57741.exe
1672	Unicorn-37875.exe
2636	Unicorn-55119.exe
612	Unicorn-62209.exe
1300	Unicorn-21177.exe
2616	Unicorn-19130.exe
940	Unicorn-26775.exe
332	Unicorn-41296.exe
868	Unicorn-5971.exe
796	Unicorn-14745.exe
1720	Unicorn-54700.exe
2912	Unicorn-55447.exe
2228	Unicorn-38556.exe
1636	Unicorn-70.exe
2060	Unicorn-31518.exe
2848	Unicorn-43216.exe
1660	Unicorn-47227.exe
2800	Unicorn-39324.exe
2716	Unicorn-39324.exe
2272	Unicorn-65290.exe
2264	Unicorn-51555.exe
2644	Unicorn-9090.exe
1732	Unicorn-1233.exe
1236	Unicorn-51638.exe
1744	Unicorn-39023.exe
2968	Unicorn-13942.exe
2724	Unicorn-54021.exe
936	Unicorn-33468.exe
2544	Unicorn-19349.exe
1060	Unicorn-39791.exe
1312	Unicorn-17768.exe
1016	Unicorn-27155.exe
2200	Unicorn-18938.exe
2504	Unicorn-20007.exe
2392	Unicorn-20007.exe
1796	Unicorn-24536.exe
1800	Unicorn-16198.exe
272	Unicorn-19514.exe
2100	Unicorn-61869.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2052 wrote to memory of 2300	2052	b57b5bba36246b9d3be5c7e4a1a4609fb4a72a1f28fe4242a4866125d6b9b285N.exe	29
PID 2052 wrote to memory of 2300	2052	b57b5bba36246b9d3be5c7e4a1a4609fb4a72a1f28fe4242a4866125d6b9b285N.exe	29
PID 2052 wrote to memory of 2300	2052	b57b5bba36246b9d3be5c7e4a1a4609fb4a72a1f28fe4242a4866125d6b9b285N.exe	29
PID 2052 wrote to memory of 2300	2052	b57b5bba36246b9d3be5c7e4a1a4609fb4a72a1f28fe4242a4866125d6b9b285N.exe	29
PID 2300 wrote to memory of 2396	2300	Unicorn-23652.exe	30
PID 2300 wrote to memory of 2396	2300	Unicorn-23652.exe	30
PID 2300 wrote to memory of 2396	2300	Unicorn-23652.exe	30
PID 2300 wrote to memory of 2396	2300	Unicorn-23652.exe	30
PID 2052 wrote to memory of 2932	2052	b57b5bba36246b9d3be5c7e4a1a4609fb4a72a1f28fe4242a4866125d6b9b285N.exe	31
PID 2052 wrote to memory of 2932	2052	b57b5bba36246b9d3be5c7e4a1a4609fb4a72a1f28fe4242a4866125d6b9b285N.exe	31
PID 2052 wrote to memory of 2932	2052	b57b5bba36246b9d3be5c7e4a1a4609fb4a72a1f28fe4242a4866125d6b9b285N.exe	31
PID 2052 wrote to memory of 2932	2052	b57b5bba36246b9d3be5c7e4a1a4609fb4a72a1f28fe4242a4866125d6b9b285N.exe	31
PID 2396 wrote to memory of 2868	2396	Unicorn-61451.exe	32
PID 2396 wrote to memory of 2868	2396	Unicorn-61451.exe	32
PID 2396 wrote to memory of 2868	2396	Unicorn-61451.exe	32
PID 2396 wrote to memory of 2868	2396	Unicorn-61451.exe	32
PID 2300 wrote to memory of 3048	2300	Unicorn-23652.exe	33
PID 2300 wrote to memory of 3048	2300	Unicorn-23652.exe	33
PID 2300 wrote to memory of 3048	2300	Unicorn-23652.exe	33
PID 2300 wrote to memory of 3048	2300	Unicorn-23652.exe	33
PID 2932 wrote to memory of 3052	2932	Unicorn-553.exe	34
PID 2932 wrote to memory of 3052	2932	Unicorn-553.exe	34
PID 2932 wrote to memory of 3052	2932	Unicorn-553.exe	34
PID 2932 wrote to memory of 3052	2932	Unicorn-553.exe	34
PID 2052 wrote to memory of 2668	2052	b57b5bba36246b9d3be5c7e4a1a4609fb4a72a1f28fe4242a4866125d6b9b285N.exe	35
PID 2052 wrote to memory of 2668	2052	b57b5bba36246b9d3be5c7e4a1a4609fb4a72a1f28fe4242a4866125d6b9b285N.exe	35
PID 2052 wrote to memory of 2668	2052	b57b5bba36246b9d3be5c7e4a1a4609fb4a72a1f28fe4242a4866125d6b9b285N.exe	35
PID 2052 wrote to memory of 2668	2052	b57b5bba36246b9d3be5c7e4a1a4609fb4a72a1f28fe4242a4866125d6b9b285N.exe	35
PID 3048 wrote to memory of 2296	3048	Unicorn-51228.exe	36
PID 3048 wrote to memory of 2296	3048	Unicorn-51228.exe	36
PID 3048 wrote to memory of 2296	3048	Unicorn-51228.exe	36
PID 3048 wrote to memory of 2296	3048	Unicorn-51228.exe	36
PID 2396 wrote to memory of 1708	2396	Unicorn-61451.exe	38
PID 2396 wrote to memory of 1708	2396	Unicorn-61451.exe	38
PID 2396 wrote to memory of 1708	2396	Unicorn-61451.exe	38
PID 2396 wrote to memory of 1708	2396	Unicorn-61451.exe	38
PID 2300 wrote to memory of 2628	2300	Unicorn-23652.exe	37
PID 2300 wrote to memory of 2628	2300	Unicorn-23652.exe	37
PID 2300 wrote to memory of 2628	2300	Unicorn-23652.exe	37
PID 2300 wrote to memory of 2628	2300	Unicorn-23652.exe	37
PID 2052 wrote to memory of 3020	2052	b57b5bba36246b9d3be5c7e4a1a4609fb4a72a1f28fe4242a4866125d6b9b285N.exe	41
PID 2052 wrote to memory of 3020	2052	b57b5bba36246b9d3be5c7e4a1a4609fb4a72a1f28fe4242a4866125d6b9b285N.exe	41
PID 2052 wrote to memory of 3020	2052	b57b5bba36246b9d3be5c7e4a1a4609fb4a72a1f28fe4242a4866125d6b9b285N.exe	41
PID 2052 wrote to memory of 3020	2052	b57b5bba36246b9d3be5c7e4a1a4609fb4a72a1f28fe4242a4866125d6b9b285N.exe	41
PID 3052 wrote to memory of 2956	3052	Unicorn-1472.exe	40
PID 3052 wrote to memory of 2956	3052	Unicorn-1472.exe	40
PID 3052 wrote to memory of 2956	3052	Unicorn-1472.exe	40
PID 3052 wrote to memory of 2956	3052	Unicorn-1472.exe	40
PID 2868 wrote to memory of 2244	2868	Unicorn-61809.exe	39
PID 2868 wrote to memory of 2244	2868	Unicorn-61809.exe	39
PID 2868 wrote to memory of 2244	2868	Unicorn-61809.exe	39
PID 2868 wrote to memory of 2244	2868	Unicorn-61809.exe	39
PID 2932 wrote to memory of 2472	2932	Unicorn-553.exe	42
PID 2932 wrote to memory of 2472	2932	Unicorn-553.exe	42
PID 2932 wrote to memory of 2472	2932	Unicorn-553.exe	42
PID 2932 wrote to memory of 2472	2932	Unicorn-553.exe	42
PID 2668 wrote to memory of 2192	2668	Unicorn-24122.exe	43
PID 2668 wrote to memory of 2192	2668	Unicorn-24122.exe	43
PID 2668 wrote to memory of 2192	2668	Unicorn-24122.exe	43
PID 2668 wrote to memory of 2192	2668	Unicorn-24122.exe	43
PID 2296 wrote to memory of 1372	2296	Unicorn-27020.exe	44
PID 2296 wrote to memory of 1372	2296	Unicorn-27020.exe	44
PID 2296 wrote to memory of 1372	2296	Unicorn-27020.exe	44
PID 2296 wrote to memory of 1372	2296	Unicorn-27020.exe	44

C:\Users\Admin\AppData\Local\Temp\b57b5bba36246b9d3be5c7e4a1a4609fb4a72a1f28fe4242a4866125d6b9b285N.exe
"C:\Users\Admin\AppData\Local\Temp\b57b5bba36246b9d3be5c7e4a1a4609fb4a72a1f28fe4242a4866125d6b9b285N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2052
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23652.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23652.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61451.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61451.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61809.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61809.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56760.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65442.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38556.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2736.exe
        8⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60349.exe
        8⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35216.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58647.exe
        8⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61345.exe
        7⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47333.exe
        7⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5414.exe
        7⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16230.exe
        7⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45748.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31518.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20007.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54267.exe
        7⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16087.exe
        7⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62975.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36842.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37580.exe
        7⤵
        
        PID:4152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1323.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8330.exe
        6⤵
        
        PID:2068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13287.exe
        6⤵
        
        PID:3084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21438.exe
        6⤵
        
        PID:3676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37373.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-443.exe
        6⤵
        
        PID:4856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41684.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39324.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61345.exe
        6⤵
        
        PID:1740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59393.exe
        6⤵
        
        PID:2676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5414.exe
        6⤵
        
        PID:3240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36842.exe
        6⤵
        
        PID:3424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27340.exe
        6⤵
        
        PID:5000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65290.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51387.exe
        6⤵
        
        PID:1528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44999.exe
        6⤵
        
        PID:2212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23225.exe
        6⤵
        
        PID:2308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45730.exe
        6⤵
        
        PID:3568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8263.exe
        6⤵
        
        PID:4288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15408.exe
        5⤵
        
        PID:2144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7584.exe
        5⤵
        
        PID:2176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45750.exe
        5⤵
        
        PID:4020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15876.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4667.exe
        5⤵
        
        PID:4672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8114.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8114.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21670.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39324.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11755.exe
        7⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2352.exe
        7⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29097.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45508.exe
        7⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58200.exe
        7⤵
        
        PID:5052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61345.exe
        6⤵
        
        PID:568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10384.exe
        6⤵
        
        PID:880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5414.exe
        6⤵
        
        PID:3252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65431.exe
        6⤵
        
        PID:1168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45748.exe
        6⤵
        
        PID:5036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51555.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45113.exe
        6⤵
        
        PID:2824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42616.exe
        6⤵
        
        PID:2828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15309.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45508.exe
        6⤵
        
        PID:4084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62284.exe
        6⤵
        
        PID:4912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9543.exe
        5⤵
        
        PID:440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16057.exe
        5⤵
        
        PID:2844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58202.exe
        5⤵
        
        PID:4012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37407.exe
        5⤵
        
        PID:4116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51611.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43216.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20007.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7400.exe
        6⤵
        
        PID:2872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26935.exe
        6⤵
        
        PID:3512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16095.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2493.exe
        6⤵
        
        PID:4376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24536.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15674.exe
        6⤵
        
        PID:2408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61994.exe
        6⤵
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61002.exe
        6⤵
        
        PID:3996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46227.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39171.exe
        6⤵
        
        PID:4824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9543.exe
        5⤵
        
        PID:1620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65258.exe
        5⤵
        
        PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62286.exe
        5⤵
        
        PID:4064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9903.exe
        5⤵
        
        PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6369.exe
        5⤵
        
        PID:4656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47227.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47227.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe
        5⤵
        
        PID:1596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17261.exe
        5⤵
        
        PID:700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23225.exe
        5⤵
        
        PID:3948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45730.exe
        5⤵
        
        PID:3784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8263.exe
        5⤵
        
        PID:4312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6743.exe
      4⤵
      PID:1108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60670.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60670.exe
      4⤵
      PID:2232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62816.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62816.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44430.exe
      4⤵
      PID:3564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35948.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35948.exe
      4⤵
      PID:4920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51228.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51228.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27020.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27020.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7917.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21177.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1418.exe
        7⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55309.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5414.exe
        7⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65431.exe
        7⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50264.exe
        7⤵
        
        PID:4212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26861.exe
        6⤵
        
        PID:2752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29138.exe
        6⤵
        
        PID:1728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-396.exe
        6⤵
        
        PID:3768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35216.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58647.exe
        6⤵
        
        PID:4796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26775.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58932.exe
        6⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9351.exe
        7⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63840.exe
        7⤵
        
        PID:4180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44376.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54484.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55836.exe
        6⤵
        
        PID:3692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41581.exe
        6⤵
        
        PID:4772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3409.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52155.exe
        5⤵
        
        PID:1188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28295.exe
        5⤵
        
        PID:3708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52282.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37116.exe
        5⤵
        
        PID:4764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25540.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25540.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41296.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3836.exe
        6⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17947.exe
        7⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28470.exe
        7⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65086.exe
        7⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8559.exe
        7⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5107.exe
        7⤵
        
        PID:4904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63042.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42206.exe
        6⤵
        
        PID:1668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5414.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31434.exe
        6⤵
        
        PID:4432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11704.exe
        6⤵
        
        PID:4704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62144.exe
        5⤵
        
        PID:2148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7400.exe
        5⤵
        
        PID:1356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26935.exe
        5⤵
        
        PID:3528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31471.exe
        5⤵
        
        PID:3336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31533.exe
        5⤵
        
        PID:4744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14745.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15674.exe
        5⤵
        
        PID:2284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62186.exe
        5⤵
        
        PID:2088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23225.exe
        5⤵
        
        PID:3932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45730.exe
        5⤵
        
        PID:3284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39163.exe
        5⤵
        
        PID:4556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47558.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47558.exe
      4⤵
      PID:2368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62289.exe
      4⤵
      PID:2588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26828.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26828.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15842.exe
      4⤵
      PID:2768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35948.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35948.exe
      4⤵
      PID:4972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50630.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50630.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61550.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61550.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39791.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16529.exe
        6⤵
        
        PID:4524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21769.exe
        6⤵
        
        PID:4584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36622.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16087.exe
        5⤵
        
        PID:3104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50723.exe
        5⤵
        
        PID:3580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36842.exe
        5⤵
        
        PID:3376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19349.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59747.exe
        5⤵
        
        PID:2520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14468.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5414.exe
        5⤵
        
        PID:3232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31434.exe
        5⤵
        
        PID:4440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11704.exe
        5⤵
        
        PID:4740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9543.exe
      4⤵
      PID:2000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65258.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65258.exe
      4⤵
      PID:1048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62286.exe
      4⤵
      PID:4044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65232.exe
      4⤵
      PID:3324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42825.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42825.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21404.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21404.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12284.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12284.exe
      4⤵
      Executes dropped EXE
      PID:2528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2465.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2465.exe
      4⤵
      PID:1804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21952.exe
      4⤵
      PID:3136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54310.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37407.exe
      4⤵
      PID:3972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14086.exe
      4⤵
      PID:4708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54021.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54021.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2491.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2491.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42999.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42999.exe
    3⤵
    PID:2884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54082.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54082.exe
    3⤵
    PID:2892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32733.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32733.exe
    3⤵
    PID:3344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10507.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10507.exe
    3⤵
    PID:3888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40148.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40148.exe
    3⤵
    PID:5064
- C:\Users\Admin\AppData\Local\Temp\Unicorn-553.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-553.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1472.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1472.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19812.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19812.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57741.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9090.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26883.exe
        7⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32554.exe
        7⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27011.exe
        7⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51315.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27058.exe
        7⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16169.exe
        7⤵
        
        PID:4692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61345.exe
        6⤵
        
        PID:1868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62601.exe
        6⤵
        
        PID:3264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14559.exe
        6⤵
        
        PID:3800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29194.exe
        6⤵
        
        PID:3976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56229.exe
        6⤵
        
        PID:4452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51638.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21274.exe
        6⤵
        
        PID:3848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59919.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10398.exe
        6⤵
        
        PID:4508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41370.exe
        6⤵
        
        PID:4608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9543.exe
        5⤵
        
        PID:108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16249.exe
        5⤵
        
        PID:2084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62286.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37407.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37875.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37875.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13942.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8360.exe
        6⤵
        
        PID:4476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49560.exe
        5⤵
        
        PID:2728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56352.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21174.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20341.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2493.exe
        5⤵
        
        PID:4392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33468.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33468.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44355.exe
      4⤵
      PID:580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25539.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25539.exe
      4⤵
      PID:1748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30182.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30182.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37373.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37373.exe
      4⤵
      PID:3160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41283.exe
      4⤵
      PID:4956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33002.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33002.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55447.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55447.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27155.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17947.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32554.exe
        6⤵
        
        PID:2988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55984.exe
        6⤵
        
        PID:3892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29194.exe
        6⤵
        
        PID:3880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60313.exe
        6⤵
        
        PID:4416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38729.exe
        5⤵
        
        PID:976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11344.exe
        5⤵
        
        PID:2268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5414.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36842.exe
        5⤵
        
        PID:3436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39701.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17768.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17768.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43219.exe
        5⤵
        
        PID:2112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43105.exe
        5⤵
        
        PID:3412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6967.exe
        5⤵
        
        PID:3208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61867.exe
        5⤵
        
        PID:3560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15408.exe
      4⤵
      PID:1064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28772.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28772.exe
      4⤵
      PID:2948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45750.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45750.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37373.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37373.exe
      4⤵
      PID:3172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49643.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55119.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55119.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39023.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39023.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61345.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61345.exe
      4⤵
      PID:2280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30996.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30996.exe
      4⤵
      PID:1544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5414.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5414.exe
      4⤵
      PID:3216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43089.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43089.exe
      4⤵
      PID:4636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46825.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46825.exe
      4⤵
      PID:4932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1233.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1233.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4687.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4687.exe
      4⤵
      PID:2688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44376.exe
      4⤵
      PID:1856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54484.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54484.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10546.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10546.exe
      4⤵
      PID:4300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62695.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62695.exe
      4⤵
      PID:4356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50002.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50002.exe
    3⤵
    PID:2156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62648.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62648.exe
      4⤵
      PID:2700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7334.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7334.exe
      4⤵
      PID:3464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34271.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34271.exe
      4⤵
      PID:3356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25231.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31002.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31002.exe
      4⤵
      PID:4756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8677.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8677.exe
    3⤵
    PID:2652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18799.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18799.exe
    3⤵
    PID:3496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48571.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48571.exe
    3⤵
    PID:3400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55766.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55766.exe
    3⤵
    PID:3320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8867.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8867.exe
    3⤵
    PID:4664
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24122.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24122.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37060.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37060.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62209.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19514.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54267.exe
        5⤵
        
        PID:1968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16087.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42555.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65431.exe
        5⤵
        
        PID:3736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45748.exe
        5⤵
        
        PID:5044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61869.exe
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:2100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32508.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55118.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21069.exe
        5⤵
        
        PID:3484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40137.exe
        5⤵
        
        PID:3368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16565.exe
        5⤵
        
        PID:3844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14467.exe
        5⤵
        
        PID:4724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27529.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27529.exe
      4⤵
      PID:2704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8304.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8304.exe
      4⤵
      PID:2152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18269.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18269.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52077.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52077.exe
      4⤵
      PID:3380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17095.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17095.exe
      4⤵
      PID:3860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10002.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10002.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19130.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19130.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16198.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16198.exe
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32700.exe
        5⤵
        
        PID:2464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22637.exe
        5⤵
        
        PID:1488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60349.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46260.exe
        5⤵
        
        PID:3740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34698.exe
        5⤵
        
        PID:4408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54635.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54635.exe
      4⤵
      PID:2596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12357.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12357.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62286.exe
      4⤵
      PID:4028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20307.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20307.exe
      4⤵
      PID:3992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59161.exe
      4⤵
      PID:4244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55512.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55512.exe
    3⤵
    PID:2320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36037.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36037.exe
    3⤵
    PID:2920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62289.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62289.exe
    3⤵
    PID:3092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38504.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38504.exe
    3⤵
    PID:3616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15842.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15842.exe
    3⤵
    PID:3856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60644.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60644.exe
    3⤵
    PID:4844
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6225.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6225.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5971.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5971.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32508.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32508.exe
      4⤵
      PID:2104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58111.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58111.exe
      4⤵
      PID:2256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60349.exe
      4⤵
      PID:3644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42650.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42650.exe
      4⤵
      PID:3152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14607.exe
      4⤵
      PID:4548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33235.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33235.exe
      4⤵
      PID:4624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23061.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23061.exe
    3⤵
    PID:3036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63976.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63976.exe
    3⤵
    PID:2476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41666.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41666.exe
    3⤵
    PID:4072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15876.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15876.exe
    3⤵
    PID:3796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8751.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8751.exe
    3⤵
    PID:4484
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52620.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52620.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54700.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54700.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2684.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2684.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13042.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13042.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16087.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16087.exe
      4⤵
      PID:3120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62975.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62975.exe
      4⤵
      PID:3600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36842.exe
      4⤵
      PID:3404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4908.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4908.exe
      4⤵
      PID:4868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28895.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28895.exe
    3⤵
    PID:2092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3233.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3233.exe
    3⤵
    PID:2832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21952.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21952.exe
    3⤵
    PID:3128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37973.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37973.exe
    3⤵
    PID:3700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37407.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37407.exe
    3⤵
    PID:2328
- C:\Users\Admin\AppData\Local\Temp\Unicorn-70.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-70.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18938.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18938.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46587.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46587.exe
      4⤵
      PID:1988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7334.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7334.exe
      4⤵
      PID:3440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9767.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9767.exe
      4⤵
      PID:3168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57903.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57903.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6958.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6958.exe
      4⤵
      PID:4344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7400.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7400.exe
    3⤵
    PID:2996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51684.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51684.exe
    3⤵
    PID:3668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26114.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26114.exe
    3⤵
    PID:3180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27589.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27589.exe
    3⤵
    PID:4488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11704.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11704.exe
    3⤵
    PID:4568
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27258.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27258.exe
  2⤵
  - Executes dropped EXE
  PID:340
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44201.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44201.exe
  2⤵
  PID:1536
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52488.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52488.exe
  2⤵
  PID:3144
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57961.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57961.exe
  2⤵
  PID:3904
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44675.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44675.exe
  2⤵
  PID:1384
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44804.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44804.exe
  2⤵
  PID:4384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1472.exe

Filesize
468KB

MD5
f6bbf4366ca3df41aff935b9bcdd8b7f

SHA1
0b506f9d18419b16184d3a2a0275065b7ac2c83a

SHA256
4802e9e7a16329828ae03aeb5814bd36ec171020d9d6e7e6608c1febd0311e46

SHA512
7bc2a802895b8fb24bb433fab0bdf5946d0bd9cb8dc226521336fdfe26e150fdf86e8fdb13327eecb196287598bda50e4003c96dadaf145a7d9dfbae8d6f4feb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27020.exe

Filesize
468KB

MD5
360ae64d012c721074f41c0ec52cd7e3

SHA1
dc54931cdf49874936efa6f086f0b5026f37f9e9

SHA256
da82b764b631692bb6a883457449d42ada0f5366aae86ca25ec1f79a0a784d09

SHA512
2569ee054c77a38efc54faf63d6d66dfa6903c31a77a8abf27ae55d3b505c90b74208ae06cd609e35d46a1b3f064b0d25377166b74965b2c1bcb771e5fcf87a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56760.exe

Filesize
468KB

MD5
eba0d8808c7f2a77e14adb34624625b6

SHA1
fb031c7e9b422a2ee721bda0cb20e96cd025faac

SHA256
bce8ee2fbc79f3f48f7c4c0d1712145c155576b791e5ac79e1baf696cb45718d

SHA512
14c7456b8dd80f417f316decffabcbd6e8aee633d15a07089698aace845182c517eab065edeadbb51336facc18c88119876d10f47d1a82d27617da654fa8dc8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61451.exe

Filesize
468KB

MD5
9e38ee8076406210f4f5bd9cd358a532

SHA1
a235a21f50def59ac1d9648e420f608f8d89b60e

SHA256
7b19a6d0d40f801a713866f2428a68a9e9f9423638187a850665ec00f06ea904

SHA512
dd204eba63c29b08d877665fd0587726f096cf5033c2d31290c09275c6620b5f042dec352e764056291bceb88e2d63764c6b52454e6c9f23f9ceecf7a13a5359

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19812.exe

Filesize
468KB

MD5
8ef07ff079ddb95ccd8f9737c7a5abfd

SHA1
c03c35058eaab628b966efdef42fb2eb444423d1

SHA256
5a7ac1f91aca60ce90077ccadca49471e74d7920fc98c3877d39775be00aa5bc

SHA512
a2d814709aeb5715f46e5e89f02c2f44db0add4143b023ad4cbd0cd1f9cc39d10d3cee3056150ad476e7c2d8eb4d603a392b2749830c796677894a5f68590385

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23652.exe

Filesize
468KB

MD5
f7622a7a6ac6b12e09ea96eb555e8f58

SHA1
482c2c122a18da41c157653c65fb4f0ee2706c5f

SHA256
43ad16262a234fcd1f28185e8bac482575769a06f1f04461434910d2f510e533

SHA512
634123e525f94d1451eaff2de0e06ad04934311ba932e959d988b9e600823f0339557f3c55f67fbb7310d4a11dfde51b33d4b5f74c5cc62fb4d0d9c873b148f8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24122.exe

Filesize
468KB

MD5
2d4a9d7c97914a1778112bf1aedc2533

SHA1
4cc7871b3f0267b0f5d3239a669e1c8e1c4f6408

SHA256
ee1c128d1f68c8fcf0b3b2efcc9b01f676170a80851ed01a771d67ac963cf119

SHA512
46f5f1585c48ba70cefb313127f5fbc4bd196df5198f5b30e92d8f70f775ee8629b7c97adbc5db289bb2a1bdc5d3370ca86ae7f62a45683e58ba408f97fd15e6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25540.exe

Filesize
468KB

MD5
dce044be45a809548180079c348fcf4b

SHA1
fe699fbcb6573896b5e61ea4eda82eaefd71f80a

SHA256
cdc00bf2edac11d710c7842681d20e613d36b0f43b498b759f126b6fc8440749

SHA512
ce7adff041baf07668365656b1e9c11077e9fbf2ffbbb2782794e3c07cbe20e2225a08f068553d554625f4723d7d878e79262534caaf7ed57b48544472b4fe79

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33002.exe

Filesize
468KB

MD5
ef3efe596d87b7787292e7f9568a5e0e

SHA1
aeffab8805b4c5028633d07f284878fe2841676c

SHA256
86de89d54d820ee8e72575e1103854f8d7419350b6e4db4ec302979fd7c4770b

SHA512
0b7a183044ff3c696fb0f7c68f0d11e5de2d0ec24fcb3e789706b3e1ca2aea806965e9d163c88d652ca18594b808f07dc4f5c1a99d4698a21142585a657ae8fe

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37060.exe

Filesize
468KB

MD5
50c746788d360c0a6c294e6484079a26

SHA1
023aff7ccf3389972d600c46cecc6c55a7c36dab

SHA256
8aa5f1846f4cc4b2101c123d13a2fef879852a118375eeda20b157b12d0d3803

SHA512
6e51a64aa539639de26812498a9757bd770c3c3aac3093dc0d11f1ae6e1af03cc8129f11822735a43a400687ae42111bc9775445cf86673a9f443895f2bef41c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50630.exe

Filesize
468KB

MD5
8acd344ff4a3e22480103f9bc3e79c66

SHA1
7385043b6a1d7f71af855055f83cf52b23d5d1d6

SHA256
b9fc077901d082ffb80e13f7f5855c249bc5b10904d57661118b4ba9aa001801

SHA512
43cba9b1ee0c11167ee364a59806bf4618472c5a71e3cba8b00ef2a7d8ab9c512ee27660ca4fc4f64b5286067eac17eb2edbcd69e7379b542efbd5caded6bb0c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51228.exe

Filesize
468KB

MD5
791fa0694cfc72d1bcbf4fdfc0fe41fd

SHA1
b68d8379a25491e81a7c1d19ab35c080d6dc1784

SHA256
cb44c779fd62fa0a48f0e7d35763d2c7e63f117681842469035fedd054975e01

SHA512
ecfa051df0e6baec23519d8221c6803fc4d02318abef50ccc0036d9072ff3e8e79e8e7a844606187940ff4412951f7740ab94dcd473dbb06f2675f741af4eb03

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-553.exe

Filesize
468KB

MD5
9ea60ab6e1e9a2477acd3dbabd86aad1

SHA1
3c576a63ccbd391c43b386e0415ebd9718369d1f

SHA256
d66706b9a824d264df38a532aa410df531ae78f84283604f05ffa690575b5199

SHA512
45811b5ab8f4af23e4e6ec2f3823757646d270cc2655610690dcb6e2ddbe3051795aff3c817693768ea9352bf094637e45b516984b96c1e67de7baa7d605a778

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61809.exe

Filesize
468KB

MD5
cecaca2facd3216516091c17139c31d0

SHA1
112b7f1c5277c5483b9ea78c8bcb975fcf548bd5

SHA256
e70674e3732e64e171cdc978a840339059d008320c48200747f358cda6f311ce

SHA512
28f5cf184a73cb9f50dc600b14562d0d5971783f9a1edfa4cc9e833a38d7d8b5211183d89cb66b131cea2e68c38aed0b109ce4c813f3d4cdb1fdb823d07f32f1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6225.exe

Filesize
468KB

MD5
f9a3d8001accc2e337ae68eb57fbe73b

SHA1
177605033386b9d8b4d2bec3a4d6c7cc48e05c5e

SHA256
8aca55ad6f453992981498ec91fba611ad666398075a5e786faa76d571a58295

SHA512
c461223cc1f976d97e9df32361e21f027da64b210a1c614d83eff599aee45af7b5dbbaa0248a2f5710888abbddd230f7afae348b0ce1687e515f780bb82effed

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65442.exe

Filesize
468KB

MD5
f24d4ec7040fec06f4f9daa37d430e6f

SHA1
669375eeb45ac55da21254b686aea044cb766389

SHA256
646f2697cb4d61c069409750dac7b02502bebb29a2e4eb1613df31675c7b67f2

SHA512
e4e2f38b598a0a3511b524026aa6bd15f8bd4ec5dd05ef6636e002416fb12574b97a774be0f7bd8c937615403dea4a432620a47cbc8f3b4d1ee7f1e77c74be20

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7917.exe

Filesize
468KB

MD5
414a9c4f833bea48bf678ef2a3b5e8b2

SHA1
f061a31bae5fefc82c60100572c566b5c2ddd9eb

SHA256
4a2dbcf1e6dcc647eb45b3cfbb328372fe12af2ea7932ac67f2cfec947b1e22d

SHA512
5285e97273f28d2b346d2446f427905d3e6be7865575175f5699d9ec3422307ce39b9c5ab7f0196c0d5071d666e129a43dd26df8d1855a04e0d573f190b0e0af

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8114.exe

Filesize
468KB

MD5
e8f6f0ba40cf092e032d5881ef0e126a

SHA1
72c524d15316e1d7970c2309cd700116e8444541

SHA256
3333115eed374cb18bbb818ecacc99ea7d44b4a635d633f4e25f263d04bb263b

SHA512
8d9c70d755dce12513df3fc467ee05ba0a70baf93fbfd326a3c1f631728a763440d9d1aae8a10d2c773d6d88e41df3d77583598c72320d719a52c404ba00c94b

Download Submit