6f7b1dfcfb66587fb531b1202b9b207bc1e4a2df2e4303d5ae460b7a57323835

Analysis

max time kernel
120s
max time network
20s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
11-10-2024 23:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6f7b1dfcfb66587fb531b1202b9b207bc1e4a2df2e4303d5ae460b7a57323835N.exe
Size

468KB
MD5

d9ad59d0f294a16409142c841bfce800
SHA1

48697ffb277af9edb11f0968af2d7122f45abd46
SHA256

6f7b1dfcfb66587fb531b1202b9b207bc1e4a2df2e4303d5ae460b7a57323835
SHA512

170410472679b3382c39d8075cac3e667b0d4d1130d0070a7085ec2a4b6acb98e42dd7a847622b82d31ce0ce145d4066ac5ca61ac3e8f72eec848d70d7a0a378
SSDEEP

3072:4belogxaIU57tbYZPzcfmbfD/n2DnsIH/QmyeQVqvL5PkkiTux0lt:4b4oCc7tCP4fmbfra1fL5c7Tux

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2448	Unicorn-54626.exe
2804	Unicorn-26181.exe
2732	Unicorn-14291.exe
2928	Unicorn-49206.exe
2704	Unicorn-16433.exe
2668	Unicorn-49761.exe
2608	Unicorn-61458.exe
872	Unicorn-43067.exe
432	Unicorn-35453.exe
2836	Unicorn-41240.exe
1296	Unicorn-55319.exe
1992	Unicorn-36029.exe
2220	Unicorn-49765.exe
340	Unicorn-29253.exe
2240	Unicorn-55895.exe
2068	Unicorn-48879.exe
1928	Unicorn-25727.exe
2108	Unicorn-40964.exe
1516	Unicorn-34188.exe
708	Unicorn-8292.exe
1852	Unicorn-13767.exe
1772	Unicorn-59439.exe
828	Unicorn-56554.exe
1080	Unicorn-27966.exe
1528	Unicorn-19035.exe
1228	Unicorn-39953.exe
1404	Unicorn-13575.exe
2364	Unicorn-42256.exe
2368	Unicorn-53601.exe
1664	Unicorn-20182.exe
2000	Unicorn-59631.exe
2244	Unicorn-18392.exe
2316	Unicorn-8012.exe
2736	Unicorn-45418.exe
2796	Unicorn-1048.exe
2708	Unicorn-34811.exe
2856	Unicorn-28132.exe
2916	Unicorn-52901.exe
2412	Unicorn-16145.exe
3052	Unicorn-10014.exe
2756	Unicorn-20229.exe
2664	Unicorn-10498.exe
272	Unicorn-63875.exe
952	Unicorn-50140.exe
1028	Unicorn-12999.exe
1956	Unicorn-2138.exe
2944	Unicorn-36949.exe
2632	Unicorn-6798.exe
1784	Unicorn-52470.exe
548	Unicorn-60175.exe
812	Unicorn-9299.exe
2432	Unicorn-6606.exe
2352	Unicorn-44731.exe
2120	Unicorn-51723.exe
2092	Unicorn-20997.exe
1288	Unicorn-25556.exe
2176	Unicorn-25556.exe
2480	Unicorn-22756.exe
976	Unicorn-31687.exe
1700	Unicorn-42377.exe
1940	Unicorn-5983.exe
1848	Unicorn-45392.exe
1248	Unicorn-7628.exe
1332	Unicorn-9403.exe

Loads dropped DLL 64 IoCs

pid	Process
844	6f7b1dfcfb66587fb531b1202b9b207bc1e4a2df2e4303d5ae460b7a57323835N.exe
844	6f7b1dfcfb66587fb531b1202b9b207bc1e4a2df2e4303d5ae460b7a57323835N.exe
2448	Unicorn-54626.exe
2448	Unicorn-54626.exe
844	6f7b1dfcfb66587fb531b1202b9b207bc1e4a2df2e4303d5ae460b7a57323835N.exe
844	6f7b1dfcfb66587fb531b1202b9b207bc1e4a2df2e4303d5ae460b7a57323835N.exe
2732	Unicorn-14291.exe
2732	Unicorn-14291.exe
844	6f7b1dfcfb66587fb531b1202b9b207bc1e4a2df2e4303d5ae460b7a57323835N.exe
844	6f7b1dfcfb66587fb531b1202b9b207bc1e4a2df2e4303d5ae460b7a57323835N.exe
2804	Unicorn-26181.exe
2448	Unicorn-54626.exe
2804	Unicorn-26181.exe
2448	Unicorn-54626.exe
2928	Unicorn-49206.exe
2732	Unicorn-14291.exe
2928	Unicorn-49206.exe
2732	Unicorn-14291.exe
2704	Unicorn-16433.exe
844	6f7b1dfcfb66587fb531b1202b9b207bc1e4a2df2e4303d5ae460b7a57323835N.exe
2704	Unicorn-16433.exe
844	6f7b1dfcfb66587fb531b1202b9b207bc1e4a2df2e4303d5ae460b7a57323835N.exe
2804	Unicorn-26181.exe
2804	Unicorn-26181.exe
2448	Unicorn-54626.exe
2668	Unicorn-49761.exe
2608	Unicorn-61458.exe
2668	Unicorn-49761.exe
2448	Unicorn-54626.exe
2608	Unicorn-61458.exe
432	Unicorn-35453.exe
432	Unicorn-35453.exe
2732	Unicorn-14291.exe
2732	Unicorn-14291.exe
2608	Unicorn-61458.exe
2608	Unicorn-61458.exe
1296	Unicorn-55319.exe
1296	Unicorn-55319.exe
2704	Unicorn-16433.exe
2704	Unicorn-16433.exe
2836	Unicorn-41240.exe
2836	Unicorn-41240.exe
2668	Unicorn-49761.exe
2668	Unicorn-49761.exe
2220	Unicorn-49765.exe
2220	Unicorn-49765.exe
1992	Unicorn-36029.exe
1992	Unicorn-36029.exe
844	6f7b1dfcfb66587fb531b1202b9b207bc1e4a2df2e4303d5ae460b7a57323835N.exe
844	6f7b1dfcfb66587fb531b1202b9b207bc1e4a2df2e4303d5ae460b7a57323835N.exe
2448	Unicorn-54626.exe
2448	Unicorn-54626.exe
872	Unicorn-43067.exe
872	Unicorn-43067.exe
2804	Unicorn-26181.exe
2804	Unicorn-26181.exe
2928	Unicorn-49206.exe
2928	Unicorn-49206.exe
2068	Unicorn-48879.exe
2068	Unicorn-48879.exe
432	Unicorn-35453.exe
432	Unicorn-35453.exe
1928	Unicorn-25727.exe
1928	Unicorn-25727.exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49206.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25727.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7487.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13358.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49274.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7628.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50628.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64094.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33746.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10014.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33859.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31059.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43816.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36694.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26887.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16881.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59156.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45392.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30574.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1510.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5594.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8967.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20062.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22365.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29281.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47971.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46767.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50545.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46382.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8216.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45290.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19457.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51723.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24239.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24073.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57490.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62182.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50628.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5786.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16881.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28239.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19457.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43359.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16493.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52107.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55895.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48879.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18999.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28833.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59926.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19457.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5217.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16881.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11927.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40124.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2506.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6606.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15516.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8967.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56165.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57936.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15516.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-830.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11348.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
844	6f7b1dfcfb66587fb531b1202b9b207bc1e4a2df2e4303d5ae460b7a57323835N.exe
2448	Unicorn-54626.exe
2804	Unicorn-26181.exe
2732	Unicorn-14291.exe
2928	Unicorn-49206.exe
2704	Unicorn-16433.exe
2608	Unicorn-61458.exe
2668	Unicorn-49761.exe
432	Unicorn-35453.exe
2836	Unicorn-41240.exe
2240	Unicorn-55895.exe
2220	Unicorn-49765.exe
872	Unicorn-43067.exe
1296	Unicorn-55319.exe
340	Unicorn-29253.exe
1992	Unicorn-36029.exe
2068	Unicorn-48879.exe
1928	Unicorn-25727.exe
2108	Unicorn-40964.exe
1516	Unicorn-34188.exe
708	Unicorn-8292.exe
828	Unicorn-56554.exe
1852	Unicorn-13767.exe
1772	Unicorn-59439.exe
1080	Unicorn-27966.exe
1528	Unicorn-19035.exe
1228	Unicorn-39953.exe
1404	Unicorn-13575.exe
2364	Unicorn-42256.exe
2368	Unicorn-53601.exe
1664	Unicorn-20182.exe
2000	Unicorn-59631.exe
2244	Unicorn-18392.exe
2316	Unicorn-8012.exe
2736	Unicorn-45418.exe
2796	Unicorn-1048.exe
2856	Unicorn-28132.exe
2708	Unicorn-34811.exe
2916	Unicorn-52901.exe
3052	Unicorn-10014.exe
2412	Unicorn-16145.exe
2756	Unicorn-20229.exe
2664	Unicorn-10498.exe
272	Unicorn-63875.exe
952	Unicorn-50140.exe
1028	Unicorn-12999.exe
2944	Unicorn-36949.exe
1956	Unicorn-2138.exe
2632	Unicorn-6798.exe
548	Unicorn-60175.exe
812	Unicorn-9299.exe
2432	Unicorn-6606.exe
1784	Unicorn-52470.exe
2352	Unicorn-44731.exe
2480	Unicorn-22756.exe
1288	Unicorn-25556.exe
2120	Unicorn-51723.exe
2092	Unicorn-20997.exe
976	Unicorn-31687.exe
2176	Unicorn-25556.exe
1940	Unicorn-5983.exe
1700	Unicorn-42377.exe
1848	Unicorn-45392.exe
1248	Unicorn-7628.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 844 wrote to memory of 2448	844	6f7b1dfcfb66587fb531b1202b9b207bc1e4a2df2e4303d5ae460b7a57323835N.exe	30
PID 844 wrote to memory of 2448	844	6f7b1dfcfb66587fb531b1202b9b207bc1e4a2df2e4303d5ae460b7a57323835N.exe	30
PID 844 wrote to memory of 2448	844	6f7b1dfcfb66587fb531b1202b9b207bc1e4a2df2e4303d5ae460b7a57323835N.exe	30
PID 844 wrote to memory of 2448	844	6f7b1dfcfb66587fb531b1202b9b207bc1e4a2df2e4303d5ae460b7a57323835N.exe	30
PID 2448 wrote to memory of 2804	2448	Unicorn-54626.exe	31
PID 2448 wrote to memory of 2804	2448	Unicorn-54626.exe	31
PID 2448 wrote to memory of 2804	2448	Unicorn-54626.exe	31
PID 2448 wrote to memory of 2804	2448	Unicorn-54626.exe	31
PID 844 wrote to memory of 2732	844	6f7b1dfcfb66587fb531b1202b9b207bc1e4a2df2e4303d5ae460b7a57323835N.exe	32
PID 844 wrote to memory of 2732	844	6f7b1dfcfb66587fb531b1202b9b207bc1e4a2df2e4303d5ae460b7a57323835N.exe	32
PID 844 wrote to memory of 2732	844	6f7b1dfcfb66587fb531b1202b9b207bc1e4a2df2e4303d5ae460b7a57323835N.exe	32
PID 844 wrote to memory of 2732	844	6f7b1dfcfb66587fb531b1202b9b207bc1e4a2df2e4303d5ae460b7a57323835N.exe	32
PID 2732 wrote to memory of 2928	2732	Unicorn-14291.exe	33
PID 2732 wrote to memory of 2928	2732	Unicorn-14291.exe	33
PID 2732 wrote to memory of 2928	2732	Unicorn-14291.exe	33
PID 2732 wrote to memory of 2928	2732	Unicorn-14291.exe	33
PID 844 wrote to memory of 2704	844	6f7b1dfcfb66587fb531b1202b9b207bc1e4a2df2e4303d5ae460b7a57323835N.exe	34
PID 844 wrote to memory of 2704	844	6f7b1dfcfb66587fb531b1202b9b207bc1e4a2df2e4303d5ae460b7a57323835N.exe	34
PID 844 wrote to memory of 2704	844	6f7b1dfcfb66587fb531b1202b9b207bc1e4a2df2e4303d5ae460b7a57323835N.exe	34
PID 844 wrote to memory of 2704	844	6f7b1dfcfb66587fb531b1202b9b207bc1e4a2df2e4303d5ae460b7a57323835N.exe	34
PID 2804 wrote to memory of 2608	2804	Unicorn-26181.exe	35
PID 2804 wrote to memory of 2608	2804	Unicorn-26181.exe	35
PID 2804 wrote to memory of 2608	2804	Unicorn-26181.exe	35
PID 2804 wrote to memory of 2608	2804	Unicorn-26181.exe	35
PID 2448 wrote to memory of 2668	2448	Unicorn-54626.exe	36
PID 2448 wrote to memory of 2668	2448	Unicorn-54626.exe	36
PID 2448 wrote to memory of 2668	2448	Unicorn-54626.exe	36
PID 2448 wrote to memory of 2668	2448	Unicorn-54626.exe	36
PID 2928 wrote to memory of 872	2928	Unicorn-49206.exe	37
PID 2928 wrote to memory of 872	2928	Unicorn-49206.exe	37
PID 2928 wrote to memory of 872	2928	Unicorn-49206.exe	37
PID 2928 wrote to memory of 872	2928	Unicorn-49206.exe	37
PID 2732 wrote to memory of 432	2732	Unicorn-14291.exe	38
PID 2732 wrote to memory of 432	2732	Unicorn-14291.exe	38
PID 2732 wrote to memory of 432	2732	Unicorn-14291.exe	38
PID 2732 wrote to memory of 432	2732	Unicorn-14291.exe	38
PID 2704 wrote to memory of 1296	2704	Unicorn-16433.exe	39
PID 2704 wrote to memory of 1296	2704	Unicorn-16433.exe	39
PID 2704 wrote to memory of 1296	2704	Unicorn-16433.exe	39
PID 2704 wrote to memory of 1296	2704	Unicorn-16433.exe	39
PID 844 wrote to memory of 2836	844	6f7b1dfcfb66587fb531b1202b9b207bc1e4a2df2e4303d5ae460b7a57323835N.exe	40
PID 844 wrote to memory of 2836	844	6f7b1dfcfb66587fb531b1202b9b207bc1e4a2df2e4303d5ae460b7a57323835N.exe	40
PID 844 wrote to memory of 2836	844	6f7b1dfcfb66587fb531b1202b9b207bc1e4a2df2e4303d5ae460b7a57323835N.exe	40
PID 844 wrote to memory of 2836	844	6f7b1dfcfb66587fb531b1202b9b207bc1e4a2df2e4303d5ae460b7a57323835N.exe	40
PID 2804 wrote to memory of 1992	2804	Unicorn-26181.exe	41
PID 2804 wrote to memory of 1992	2804	Unicorn-26181.exe	41
PID 2804 wrote to memory of 1992	2804	Unicorn-26181.exe	41
PID 2804 wrote to memory of 1992	2804	Unicorn-26181.exe	41
PID 2668 wrote to memory of 340	2668	Unicorn-49761.exe	43
PID 2668 wrote to memory of 340	2668	Unicorn-49761.exe	43
PID 2668 wrote to memory of 340	2668	Unicorn-49761.exe	43
PID 2668 wrote to memory of 340	2668	Unicorn-49761.exe	43
PID 2448 wrote to memory of 2220	2448	Unicorn-54626.exe	42
PID 2448 wrote to memory of 2220	2448	Unicorn-54626.exe	42
PID 2448 wrote to memory of 2220	2448	Unicorn-54626.exe	42
PID 2448 wrote to memory of 2220	2448	Unicorn-54626.exe	42
PID 2608 wrote to memory of 2240	2608	Unicorn-61458.exe	44
PID 2608 wrote to memory of 2240	2608	Unicorn-61458.exe	44
PID 2608 wrote to memory of 2240	2608	Unicorn-61458.exe	44
PID 2608 wrote to memory of 2240	2608	Unicorn-61458.exe	44
PID 432 wrote to memory of 2068	432	Unicorn-35453.exe	45
PID 432 wrote to memory of 2068	432	Unicorn-35453.exe	45
PID 432 wrote to memory of 2068	432	Unicorn-35453.exe	45
PID 432 wrote to memory of 2068	432	Unicorn-35453.exe	45

C:\Users\Admin\AppData\Local\Temp\6f7b1dfcfb66587fb531b1202b9b207bc1e4a2df2e4303d5ae460b7a57323835N.exe
"C:\Users\Admin\AppData\Local\Temp\6f7b1dfcfb66587fb531b1202b9b207bc1e4a2df2e4303d5ae460b7a57323835N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:844
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54626.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54626.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26181.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26181.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61458.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61458.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55895.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40964.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16145.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18999.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32423.exe
        7⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20062.exe
        7⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57936.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1510.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46159.exe
        6⤵
        
        PID:320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16881.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23118.exe
        6⤵
        
        PID:3256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63875.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15516.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52107.exe
        6⤵
        
        PID:1556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25588.exe
        6⤵
        
        PID:3216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27740.exe
        6⤵
        
        PID:4112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39535.exe
        6⤵
        
        PID:4492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7659.exe
        5⤵
        
        PID:2680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31059.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27046.exe
        5⤵
        
        PID:3528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50905.exe
        5⤵
        
        PID:3332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59156.exe
        5⤵
        
        PID:4316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36029.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36029.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27966.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36949.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13160.exe
        7⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63150.exe
        7⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20062.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33746.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1510.exe
        6⤵
        
        PID:2852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50545.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43027.exe
        6⤵
        
        PID:3796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12947.exe
        6⤵
        
        PID:3172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19457.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52470.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10908.exe
        6⤵
        
        PID:2848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25677.exe
        6⤵
        
        PID:1892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63009.exe
        6⤵
        
        PID:3700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3664.exe
        6⤵
        
        PID:4448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58224.exe
        5⤵
        
        PID:1968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52024.exe
        5⤵
        
        PID:2212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8216.exe
        5⤵
        
        PID:3964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12947.exe
        5⤵
        
        PID:3436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19457.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42256.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42256.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34811.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5786.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38598.exe
        6⤵
        
        PID:396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16881.exe
        6⤵
        
        PID:4056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-368.exe
        6⤵
        
        PID:3672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30340.exe
        6⤵
        
        PID:4792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61572.exe
        5⤵
        
        PID:2460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59926.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60399.exe
        5⤵
        
        PID:3352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27740.exe
        5⤵
        
        PID:4104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12893.exe
        5⤵
        
        PID:4800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28132.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28132.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46960.exe
        6⤵
        
        PID:4652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8967.exe
        5⤵
        
        PID:2744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50300.exe
        5⤵
        
        PID:3092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6218.exe
        5⤵
        
        PID:3780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63622.exe
        5⤵
        
        PID:4404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61066.exe
        5⤵
        
        PID:4468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48112.exe
      4⤵
      PID:2800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14524.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14524.exe
      4⤵
      PID:1536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44112.exe
      4⤵
      PID:3428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29374.exe
      4⤵
      PID:3456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53821.exe
      4⤵
      PID:4412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49761.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49761.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29253.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29253.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59439.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59439.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51723.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28833.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36564.exe
        6⤵
        
        PID:1088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34617.exe
        6⤵
        
        PID:3716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5724.exe
        6⤵
        
        PID:4172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33893.exe
        6⤵
        
        PID:4776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22702.exe
        5⤵
        
        PID:1748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56165.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31817.exe
        5⤵
        
        PID:3736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10674.exe
        5⤵
        
        PID:2872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25556.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25556.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56430.exe
        5⤵
        
        PID:3152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4546.exe
        5⤵
        
        PID:3464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40124.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42559.exe
        5⤵
        
        PID:4828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28568.exe
      4⤵
      PID:108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47500.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47500.exe
      4⤵
      PID:3128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6748.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6748.exe
      4⤵
      PID:3768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59156.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60843.exe
      4⤵
      PID:4368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49765.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49765.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56554.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56554.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10498.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45392.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8967.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50300.exe
        6⤵
        
        PID:3112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12947.exe
        6⤵
        
        PID:600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19457.exe
        6⤵
        
        PID:4228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7628.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10555.exe
        6⤵
        
        PID:2828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20124.exe
        6⤵
        
        PID:2956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38214.exe
        6⤵
        
        PID:3520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50998.exe
        6⤵
        
        PID:3444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63622.exe
        6⤵
        
        PID:4396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61066.exe
        6⤵
        
        PID:4392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17746.exe
        5⤵
        
        PID:3064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39725.exe
        5⤵
        
        PID:2492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4687.exe
        5⤵
        
        PID:3380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39208.exe
        5⤵
        
        PID:3668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49246.exe
        5⤵
        
        PID:4528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12999.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12999.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5786.exe
        5⤵
        
        PID:2948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52107.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8216.exe
        5⤵
        
        PID:3948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36100.exe
        5⤵
        
        PID:3260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39535.exe
        5⤵
        
        PID:4508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9770.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9770.exe
      4⤵
      PID:776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-830.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-830.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4687.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4687.exe
      4⤵
      PID:3372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51528.exe
      4⤵
      PID:3452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35871.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35871.exe
      4⤵
      PID:4884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39953.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39953.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8967.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8967.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34074.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34074.exe
      4⤵
      PID:3248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34462.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34462.exe
      4⤵
      PID:3568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15150.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15150.exe
      4⤵
      PID:4384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31967.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31967.exe
    3⤵
    PID:2696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14524.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14524.exe
    3⤵
    PID:2208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5217.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5217.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29374.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29374.exe
    3⤵
    PID:3472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53821.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53821.exe
    3⤵
    PID:4420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44155.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44155.exe
    3⤵
    PID:4944
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14291.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14291.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49206.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49206.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43067.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43067.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13575.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6798.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15516.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46767.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7487.exe
        7⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50998.exe
        7⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32011.exe
        7⤵
        
        PID:4956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35121.exe
        6⤵
        
        PID:1688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33859.exe
        6⤵
        
        PID:2192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44079.exe
        6⤵
        
        PID:3504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34462.exe
        6⤵
        
        PID:3540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41206.exe
        6⤵
        
        PID:4896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9299.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26887.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36564.exe
        6⤵
        
        PID:1100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22365.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45989.exe
        6⤵
        
        PID:4048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60536.exe
        6⤵
        
        PID:4516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62884.exe
        5⤵
        
        PID:112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42232.exe
        6⤵
        
        PID:3192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33793.exe
        6⤵
        
        PID:3656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17420.exe
        6⤵
        
        PID:4372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30307.exe
        6⤵
        
        PID:4352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64852.exe
        5⤵
        
        PID:1624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8216.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12947.exe
        5⤵
        
        PID:4052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19457.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53601.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53601.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52901.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42377.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8967.exe
        6⤵
        
        PID:2740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50300.exe
        6⤵
        
        PID:1752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12947.exe
        6⤵
        
        PID:3168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19457.exe
        6⤵
        
        PID:4204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5983.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49575.exe
        6⤵
        
        PID:3648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34280.exe
        6⤵
        
        PID:4968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22702.exe
        5⤵
        
        PID:1996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56165.exe
        5⤵
        
        PID:3076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55220.exe
        5⤵
        
        PID:3868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45290.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10014.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10014.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29113.exe
        5⤵
        
        PID:1312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46191.exe
        5⤵
        
        PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46382.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59040.exe
        5⤵
        
        PID:3316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17467.exe
        5⤵
        
        PID:5008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53736.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53736.exe
      4⤵
      PID:1916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43359.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43359.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57218.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57218.exe
      4⤵
      PID:3940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30013.exe
      4⤵
      PID:3896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63464.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63464.exe
      4⤵
      PID:4188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35453.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35453.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48879.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48879.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20182.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3949.exe
        6⤵
        
        PID:2256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8967.exe
        6⤵
        
        PID:2508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50300.exe
        6⤵
        
        PID:3100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40483.exe
        6⤵
        
        PID:3696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27209.exe
        6⤵
        
        PID:2984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48084.exe
        6⤵
        
        PID:4752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45345.exe
        5⤵
        
        PID:2628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33859.exe
        5⤵
        
        PID:2228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52247.exe
        5⤵
        
        PID:3416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34462.exe
        5⤵
        
        PID:3580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45290.exe
        5⤵
        
        PID:4908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59631.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59631.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31687.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39035.exe
        6⤵
        
        PID:2128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46767.exe
        6⤵
        
        PID:3016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7487.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43673.exe
        6⤵
        
        PID:3924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19457.exe
        6⤵
        
        PID:4148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49704.exe
        5⤵
        
        PID:2436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33859.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39995.exe
        5⤵
        
        PID:3336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50375.exe
        5⤵
        
        PID:2276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1284.exe
        5⤵
        
        PID:4976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25556.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25556.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47971.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46242.exe
        5⤵
        
        PID:2812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16881.exe
        5⤵
        
        PID:4016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61821.exe
        5⤵
        
        PID:3620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61066.exe
        5⤵
        
        PID:4488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21110.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21110.exe
      4⤵
      PID:1436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8548.exe
      4⤵
      PID:972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11927.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11927.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6209.exe
      4⤵
      PID:3804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38284.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38284.exe
      4⤵
      PID:4768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25727.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25727.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18392.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46819.exe
        5⤵
        
        PID:2320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20124.exe
        5⤵
        
        PID:2348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26693.exe
        5⤵
        
        PID:3752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21152.exe
        5⤵
        
        PID:3680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14620.exe
        5⤵
        
        PID:4432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17358.exe
        5⤵
        
        PID:4852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64094.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64094.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33859.exe
      4⤵
      PID:1672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8216.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8216.exe
      4⤵
      PID:3972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12947.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12947.exe
      4⤵
      PID:3144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19457.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19457.exe
      4⤵
      PID:4132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8012.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8012.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20997.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16493.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62818.exe
        5⤵
        
        PID:3852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32282.exe
        5⤵
        
        PID:3992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49274.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21930.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21930.exe
      4⤵
      PID:1056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11348.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11348.exe
      4⤵
      PID:2912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42124.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42124.exe
      4⤵
      PID:2224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50812.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50812.exe
      4⤵
      PID:4664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22756.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22756.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21568.exe
      4⤵
      PID:2236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35329.exe
      4⤵
      PID:1472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20062.exe
      4⤵
      PID:3356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35616.exe
      4⤵
      PID:4536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3367.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3367.exe
    3⤵
    PID:880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48030.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48030.exe
    3⤵
    PID:3084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10817.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10817.exe
    3⤵
    PID:3636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-874.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-874.exe
    3⤵
    PID:3760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42484.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42484.exe
    3⤵
    PID:4756
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16433.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16433.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55319.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55319.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34188.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34188.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45418.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42351.exe
        6⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21329.exe
        7⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46242.exe
        7⤵
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51692.exe
        7⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29482.exe
        7⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24073.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1510.exe
        6⤵
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47500.exe
        6⤵
        
        PID:1728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54177.exe
        6⤵
        
        PID:3692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27740.exe
        6⤵
        
        PID:4120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24239.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33859.exe
        5⤵
        
        PID:2356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52851.exe
        5⤵
        
        PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61691.exe
        5⤵
        
        PID:4136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1048.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1048.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9403.exe
        5⤵
        Executes dropped EXE
        
        PID:1332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54001.exe
        6⤵
        
        PID:1588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32423.exe
        6⤵
        
        PID:2592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20062.exe
        6⤵
        
        PID:3348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33746.exe
        6⤵
        
        PID:4740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34135.exe
        5⤵
        
        PID:1692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52107.exe
        5⤵
        
        PID:2380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60399.exe
        5⤵
        
        PID:3324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29281.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11825.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11825.exe
      4⤵
      PID:1188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28568.exe
      4⤵
      PID:1568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47500.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47500.exe
      4⤵
      PID:3136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15282.exe
      4⤵
      PID:3720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63126.exe
      4⤵
      PID:4180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8292.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8292.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2138.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2138.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57790.exe
        5⤵
        
        PID:1984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3685.exe
        5⤵
        
        PID:4472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1883.exe
        5⤵
        
        PID:4808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5594.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46159.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46159.exe
      4⤵
      PID:1732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16881.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16881.exe
      4⤵
      PID:4024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60209.exe
      4⤵
      PID:3728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2392.exe
      4⤵
      PID:4260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60175.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60175.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13358.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13358.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3685.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3685.exe
      4⤵
      PID:4460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36694.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36694.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16834.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16834.exe
    3⤵
    PID:1412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8548.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8548.exe
    3⤵
    PID:848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11927.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11927.exe
    3⤵
    PID:2360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23946.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23946.exe
    3⤵
    PID:4704
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41240.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41240.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13767.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13767.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20229.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20229.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5786.exe
        5⤵
        
        PID:772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47500.exe
        5⤵
        
        PID:3120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30848.exe
        5⤵
        
        PID:3916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14273.exe
        5⤵
        
        PID:5108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43673.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43673.exe
      4⤵
      PID:2116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33859.exe
      4⤵
      PID:1704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13352.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13352.exe
      4⤵
      PID:3480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60739.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60739.exe
      4⤵
      PID:3684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63464.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63464.exe
      4⤵
      PID:4168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50140.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50140.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39035.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39035.exe
      4⤵
      PID:2020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3295.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3295.exe
      4⤵
      PID:1220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11016.exe
      4⤵
      PID:3928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38148.exe
      4⤵
      PID:4064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43816.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43816.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30574.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30574.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58199.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58199.exe
    3⤵
    PID:2868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43582.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43582.exe
    3⤵
    PID:3496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33839.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33839.exe
    3⤵
    PID:3268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57490.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57490.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4156
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19035.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19035.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6606.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6606.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34759.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34759.exe
      4⤵
      PID:3028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65241.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65241.exe
      4⤵
      PID:1808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11397.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11397.exe
      4⤵
      PID:3276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2506.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2506.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65150.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65150.exe
      4⤵
      PID:4628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34135.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34135.exe
    3⤵
    PID:1696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11348.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11348.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16881.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16881.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60209.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60209.exe
    3⤵
    PID:3748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62182.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62182.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4644
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44731.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44731.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16477.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16477.exe
    3⤵
    PID:616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65241.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65241.exe
    3⤵
    PID:3040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16881.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16881.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60209.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60209.exe
    3⤵
    PID:3832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2392.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2392.exe
    3⤵
    PID:4244
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11968.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11968.exe
  2⤵
  PID:620
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63344.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63344.exe
  2⤵
  PID:2968
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17246.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17246.exe
  2⤵
  PID:3396
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28239.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28239.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3188
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30286.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30286.exe
  2⤵
  PID:4280
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31358.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31358.exe
  2⤵
  PID:4784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-16433.exe

Filesize
468KB

MD5
67d4a652b48eab130b4540a3d127fc78

SHA1
c4dccae2dbb95f99aaa4dec56dcd28a429e95c2d

SHA256
5f27d1eeb26e35ae802f6c8655bee50208bcb0fded1d6f455c1a7b4d1865b90b

SHA512
de25fbb5923c39873d30aa90ce5096042c20e13703298a86324feda738afce246a717830d6b0e2c4fbda6516462d2b66dd3718ecde8ebc0d4fca5b801da0c748

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36029.exe

Filesize
468KB

MD5
3bc7f5529e831e3011037dfbd5ee9081

SHA1
70545418c8aa761ece2572373d6d154805a5ad3a

SHA256
976a755188cba9d6255c59c49d4390701802bfe420f0816e410ad30f31c2fe04

SHA512
d9aded659f6b13def35aae6a869b139615200b9dcf49bf5867af92eae4783eb90bc6872776c5e8a34eb099dbab726957ad83a4bb9cb2fff71654a4e0a14fcd0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49761.exe

Filesize
468KB

MD5
9177bd88d5230ac578bb10a54dd6318a

SHA1
8882e8f8396a6947eb3cb37a65a0c36918fc3dfc

SHA256
69ec462353eceb658d8db9044788d90434aacf38c5e03c0069e91f9a1724ebbf

SHA512
9021b09cfc438ab784cf0af888d5467cc0d248f155a22864fdfdcef14c4479c033a37980996979ac3b1f4d37de67fefa750eb0ead6565122aafc98af2cf4b6f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6748.exe

Filesize
468KB

MD5
6533b521fb851cacb2d3556bbedad3d2

SHA1
6583f66bae262d2d17f1c485e620fbc91220eccf

SHA256
4caec29c8bcf3529a80fd4717f0dbf9fb1757ab83ecec6e1fe63d05fa6b433a3

SHA512
976fb03d3beceeffff9f8fedfa7895c72b41ddcbc0722c860567de7c26546246cf020b8a8996dc1283543b15f52dc28bbbe9268b04878f6928afa3faafdd98fc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14291.exe

Filesize
468KB

MD5
c6d7dd2351190ca021925738c435547d

SHA1
ce4d5f132f6ad0758fdfa62f5265bf34d999a7e5

SHA256
ae7136f4f43a191fece906835292951751c0ca1f67d30413b1bf3135fb917e6b

SHA512
915aa690741f3f4d787b0f240cc7a11069efa1ede4ff6cfecfcbe00c070ba8ee5cdc9398a172e73cd6a3a6c263dfb0a9fd4a164e4aafcf6bf828b280d72b32ed

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25727.exe

Filesize
468KB

MD5
59e2964d1448e3b2eed891ba75012ff4

SHA1
f31063502f244ba5d96585daeae583d890acad4f

SHA256
e3a007d68e764cebc04f4e09cfb95fdf5a2ebc3d41374468b11e98962808bf65

SHA512
9a392f61d3c250d1c1419c3d75449e7be61039dc71c88543311a97a5c4d82a60a747f81bafa8dcf65d648b519de6c03f38dfce1a232ec49b551e139205188c49

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26181.exe

Filesize
468KB

MD5
1631b6f72b7b2198bd2e9b6e2ec4c335

SHA1
031d10769a44574df90c36665ee2b26636aad9a9

SHA256
034f5212c0d0f7458671bd6b60036c12bec61f9fe0e0527ba983097963e5ce93

SHA512
49436557bc3fb49df94741fc485502f3f9935019df9423945e5e8ac69d099a2d1d58cdce5185890ed9b22dceeedb72a1048144b3530fb32454e3725bbd5664ac

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29253.exe

Filesize
468KB

MD5
a0a04f277da8c611e7972fba42cc5161

SHA1
4f5b7f46f3c83a7ae94a05cfa00780c4c928201e

SHA256
12366968f3c51410da8330e84026bb990507e5e5bfbfb2082112f7d82a8fb417

SHA512
f0d42b09345d87f49f715ce4a47d5635457be4dfc1fd47bfc46ebffd39a8337b7d216391721c050ef2042700a08bb54940f78341ca306161646bca6f69b92bd5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35453.exe

Filesize
468KB

MD5
b63443eb392d60d8a8a8cbc8657a1b37

SHA1
e5054cfeb53c8dbaf2d3174ce1b194e2534639b6

SHA256
e2879d47ec207f943278ef7b36b68a92083694b2e8a00b20fbfa94851ce778f6

SHA512
2d2cb440347d04f3a99e51ed4133284679bb8e9f79aeb408c76da0609693614f2113268bea5ff8a36d5992169ee4af9bc516228fbcc2ed6e8dd4bb0394ad30d2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40964.exe

Filesize
468KB

MD5
e9f97d394458275ad4f09f4bf7e300de

SHA1
c1af8dde95f01d644218554706a439d34f23b2c4

SHA256
7a75e9e297e9b02d3c2780a1cfb6c57ae308da790e077c23ab4eaf7b64b2761f

SHA512
d60539009256841aa966226fcc8bd0e96ff64bcf23d41c27c42a6fdd72b3c0f8fe90288f0065f25ce9a45beddb34b56f1fa165235408e99c19fbcde6b2dbca54

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41240.exe

Filesize
468KB

MD5
e40d294966759e87a69a48d21092d847

SHA1
75b954d8eeb4d66608a5bfc8002553000e3f91e6

SHA256
b1b36cd642030b6b6cdfbb754d53552c21f1d0b265a20a6e028305535225b45c

SHA512
57fa6364f0c9c47ead4175fd0dcbdac3bdc050d6f42d8b820c03f7d1bfcf3f2b25cc0c5c5e84891cb5a30a736b31cd3a6b9add941831c1a40a42e7ba1d1b33dd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43067.exe

Filesize
468KB

MD5
7a8afbb260db6816a67a3a240d700051

SHA1
d6ec510c3aa74c56124b8f61639a6295530b5c4c

SHA256
868a1f7c8bb1707b964b6d3198e75f736fff601fe0aa8c8acc50e062e12379db

SHA512
1a1989b850aeaddb2674892b2b4ffe0d5d068dcd721d113bdc7c179ae3969875b07345d02b50356cd8213bd9ba25ebf095c3e5ed6b0a3502af9c08d6dbafe582

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48879.exe

Filesize
468KB

MD5
be3b481d12c1bb51c455bba795033abb

SHA1
4a704594467b398dddaacb12ddac0da3badc292f

SHA256
0f74450103660d7cbd9f7a7df0f27a728c37bbcf94e5f0d7754325cef123b077

SHA512
9df7d1f4e774b6314c291d04f7fe8661dd587d4ceb8a1ec70e2ba860dce8fd93079c1291a6c76ffff651459a0b3d072068abc40a71a37f54ed83b9a5d33fc7c2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49206.exe

Filesize
468KB

MD5
bddb0cf2891c07a07b522f2a36c86a9b

SHA1
a7361389a7c1afc06e422134019374e4a0c96575

SHA256
0c7bbff16fd679bffa01a5a03daac0e9f7dbf60d3b22aec3b2fd3a4413c3a268

SHA512
dd370fe07b536f0140d7ee0331e310aebfa5ba574b84d777753297f712d3dc3ad8968162349e0ed39f0dabb29cd50db37908c697f1bd7901e155a3eda1b102dc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49765.exe

Filesize
468KB

MD5
27eb0e76e5b526d028aa3a87864f824d

SHA1
c6f196098f947e0ac4347a1327cf9c9359e3143a

SHA256
9aa1a578d5be86a06955aff6fe46288d109aa56d2b83880abb4cedb8c74aa1fa

SHA512
63827c0c8b3e8679dd4feea9854318848ab5a3aba724117e4ba41dad48acd44d0492a11fc7aef51d4eed0da5d0d621ae4e84fb22a765837f666401304c522373

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54626.exe

Filesize
468KB

MD5
c4eb73f33793ef070fe4066fec101719

SHA1
ecabeb80efcce14b879a87424530e8639a9bfb92

SHA256
9e5103bf89e16f5f3a2967c0fa70f6ce8664f4899c218c2068ce630fccf73ca0

SHA512
25ebf6dfbd9b6ac6ac4db96c2907a8f368acfe9652552de709dbabf1e0ecd44981c422620d680344dbf167d24c60cf5692f48fffdb39284743415e6a837d408a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55319.exe

Filesize
468KB

MD5
7a83de21920549261042a75058fdbe88

SHA1
81b7ffc27d9d7742af86a2e0ef9b2628ca52b3e5

SHA256
b9b13b0923f4801667a3c936d550102a86afdcdd696bab443971a4fd97db529d

SHA512
684c42fe067b8da31f31a968ab571bad6a366cbc23fafb05379f965c472badf7a0d7e5f9e44b9fa285069b5dce4689678fcf5363137a8c5f57e39dbbaf1478cd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55895.exe

Filesize
468KB

MD5
93776cc17e58e920c6448108a36750df

SHA1
e8524cf81f7792fa17e87a28ef4d0b156fe7625f

SHA256
ca93cf420c2b57dfbb30efd6fed94fb1c87e3a99554853d43ccff3351599ccec

SHA512
5ad8daafd925a6c46b8f484ca13269f6ed013cbe075280df49851148326486b3d686af27b5bdf88737d85969662efd77da19f2cd4e4c74c7f0ac3e58548834c0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61458.exe

Filesize
468KB

MD5
223cd79e75c28b8e65b4b3db350a4446

SHA1
3a60359b370821917efd16690edc906c2b806eaf

SHA256
0697d9909bc2427ee9bc718c1d59949f59c9a5f9090e819e6b00ed7f4e3fc8cd

SHA512
41fa901123411286a728b21fa2b1f5ca9be5f61453852f01cac9ef42abd751375058bc7ceec456603ba52d600bb95ab8cb91fed3ef0b86325da85da2896330c3

Download Submit