53729bc9b2247f208cc867178d31236f5942b9e7398c7f097223d9d73d047e3b

Analysis

max time kernel
149s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
12/10/2024, 21:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

53729bc9b2247f208cc867178d31236f5942b9e7398c7f097223d9d73d047e3b.exe
Size

468KB
MD5

5076ffdb7789b4209ef647df4ee4276a
SHA1

433588b13cccaad795f4a71c68fabc7734b02baa
SHA256

53729bc9b2247f208cc867178d31236f5942b9e7398c7f097223d9d73d047e3b
SHA512

f31783f95eb766b90fd4745b68b08caacaaae7f4b2020941baa742bccb79cd664ee3b5b339908970cfcce9d034d5275bd9b5cb1ca3a5c2826dee42130068eb29
SSDEEP

3072:aQoHogIrI05QtbYiHzcOcfr/GChnPmp9nLHehVPkZ2uLBNkgOOlm:aQIoC8QtNH4OcfdmQIZ2Q/kgO

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2596	Unicorn-54325.exe
2916	Unicorn-22613.exe
2948	Unicorn-7900.exe
2180	Unicorn-15003.exe
2816	Unicorn-64304.exe
2812	Unicorn-23826.exe
2924	Unicorn-21134.exe
2540	Unicorn-50573.exe
3004	Unicorn-44086.exe
2332	Unicorn-52419.exe
2996	Unicorn-15570.exe
1784	Unicorn-58549.exe
1516	Unicorn-58549.exe
2460	Unicorn-8533.exe
1660	Unicorn-61242.exe
2352	Unicorn-22260.exe
2216	Unicorn-11731.exe
1964	Unicorn-57418.exe
2412	Unicorn-49058.exe
864	Unicorn-57418.exe
1260	Unicorn-7402.exe
2328	Unicorn-21137.exe
900	Unicorn-3318.exe
820	Unicorn-57994.exe
2000	Unicorn-57994.exe
1800	Unicorn-37382.exe
1788	Unicorn-12420.exe
2552	Unicorn-33197.exe
2764	Unicorn-19462.exe
2072	Unicorn-433.exe
2704	Unicorn-21408.exe
2096	Unicorn-57117.exe
2592	Unicorn-35113.exe
1756	Unicorn-12384.exe
2236	Unicorn-3831.exe
1704	Unicorn-15482.exe
2184	Unicorn-59016.exe
2212	Unicorn-48155.exe
2036	Unicorn-50101.exe
2256	Unicorn-43971.exe
2880	Unicorn-24013.exe
2848	Unicorn-54761.exe
2884	Unicorn-36649.exe
2856	Unicorn-11490.exe
3016	Unicorn-50385.exe
1880	Unicorn-56515.exe
264	Unicorn-17621.exe
1444	Unicorn-7013.exe
2260	Unicorn-52685.exe
1952	Unicorn-62799.exe
668	Unicorn-60661.exe
1152	Unicorn-36156.exe
1548	Unicorn-51746.exe
764	Unicorn-9343.exe
2292	Unicorn-45530.exe
564	Unicorn-9343.exe
2268	Unicorn-60582.exe
1424	Unicorn-25415.exe
2284	Unicorn-31710.exe
1208	Unicorn-4060.exe
1680	Unicorn-4060.exe
1700	Unicorn-14287.exe
2400	Unicorn-42784.exe
1088	Unicorn-24864.exe

Loads dropped DLL 64 IoCs

pid	Process
1736	53729bc9b2247f208cc867178d31236f5942b9e7398c7f097223d9d73d047e3b.exe
1736	53729bc9b2247f208cc867178d31236f5942b9e7398c7f097223d9d73d047e3b.exe
2596	Unicorn-54325.exe
1736	53729bc9b2247f208cc867178d31236f5942b9e7398c7f097223d9d73d047e3b.exe
2596	Unicorn-54325.exe
1736	53729bc9b2247f208cc867178d31236f5942b9e7398c7f097223d9d73d047e3b.exe
1736	53729bc9b2247f208cc867178d31236f5942b9e7398c7f097223d9d73d047e3b.exe
2948	Unicorn-7900.exe
2916	Unicorn-22613.exe
2948	Unicorn-7900.exe
1736	53729bc9b2247f208cc867178d31236f5942b9e7398c7f097223d9d73d047e3b.exe
2916	Unicorn-22613.exe
2596	Unicorn-54325.exe
2596	Unicorn-54325.exe
2180	Unicorn-15003.exe
2180	Unicorn-15003.exe
1736	53729bc9b2247f208cc867178d31236f5942b9e7398c7f097223d9d73d047e3b.exe
1736	53729bc9b2247f208cc867178d31236f5942b9e7398c7f097223d9d73d047e3b.exe
2596	Unicorn-54325.exe
2924	Unicorn-21134.exe
2812	Unicorn-23826.exe
2596	Unicorn-54325.exe
2816	Unicorn-64304.exe
2816	Unicorn-64304.exe
2924	Unicorn-21134.exe
2812	Unicorn-23826.exe
2916	Unicorn-22613.exe
2948	Unicorn-7900.exe
2948	Unicorn-7900.exe
2916	Unicorn-22613.exe
3004	Unicorn-44086.exe
3004	Unicorn-44086.exe
1736	53729bc9b2247f208cc867178d31236f5942b9e7398c7f097223d9d73d047e3b.exe
1736	53729bc9b2247f208cc867178d31236f5942b9e7398c7f097223d9d73d047e3b.exe
1784	Unicorn-58549.exe
1660	Unicorn-61242.exe
2996	Unicorn-15570.exe
1660	Unicorn-61242.exe
2996	Unicorn-15570.exe
1784	Unicorn-58549.exe
2812	Unicorn-23826.exe
2812	Unicorn-23826.exe
2916	Unicorn-22613.exe
2916	Unicorn-22613.exe
2816	Unicorn-64304.exe
2816	Unicorn-64304.exe
2332	Unicorn-52419.exe
2540	Unicorn-50573.exe
2332	Unicorn-52419.exe
2540	Unicorn-50573.exe
2460	Unicorn-8533.exe
2460	Unicorn-8533.exe
2596	Unicorn-54325.exe
2596	Unicorn-54325.exe
2948	Unicorn-7900.exe
2948	Unicorn-7900.exe
2180	Unicorn-15003.exe
2180	Unicorn-15003.exe
1516	Unicorn-58549.exe
1516	Unicorn-58549.exe
2924	Unicorn-21134.exe
2924	Unicorn-21134.exe
2352	Unicorn-22260.exe
2352	Unicorn-22260.exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60165.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17680.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46890.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7202.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1878.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33736.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22653.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16937.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45310.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40824.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14378.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31936.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48516.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43077.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60690.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9015.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53833.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2194.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11731.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10346.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54359.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57303.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39061.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7900.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11982.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57490.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23256.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19238.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11858.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59434.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60582.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40824.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4072.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28073.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50573.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34411.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27920.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19978.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29528.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51406.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27904.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28000.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46735.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8554.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25283.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18144.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13481.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49384.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28915.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56217.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12379.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27812.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3814.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4515.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43827.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64891.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65385.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19238.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28136.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41901.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4060.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21604.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9057.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17345.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1736	53729bc9b2247f208cc867178d31236f5942b9e7398c7f097223d9d73d047e3b.exe
2596	Unicorn-54325.exe
2916	Unicorn-22613.exe
2948	Unicorn-7900.exe
2180	Unicorn-15003.exe
2816	Unicorn-64304.exe
2812	Unicorn-23826.exe
2924	Unicorn-21134.exe
3004	Unicorn-44086.exe
2540	Unicorn-50573.exe
1784	Unicorn-58549.exe
2332	Unicorn-52419.exe
1660	Unicorn-61242.exe
2996	Unicorn-15570.exe
1516	Unicorn-58549.exe
2460	Unicorn-8533.exe
2352	Unicorn-22260.exe
2216	Unicorn-11731.exe
864	Unicorn-57418.exe
1964	Unicorn-57418.exe
1260	Unicorn-7402.exe
2000	Unicorn-57994.exe
900	Unicorn-3318.exe
1800	Unicorn-37382.exe
2412	Unicorn-49058.exe
2328	Unicorn-21137.exe
820	Unicorn-57994.exe
2764	Unicorn-19462.exe
2072	Unicorn-433.exe
2704	Unicorn-21408.exe
1788	Unicorn-12420.exe
2552	Unicorn-33197.exe
2096	Unicorn-57117.exe
2592	Unicorn-35113.exe
1756	Unicorn-12384.exe
2236	Unicorn-3831.exe
2184	Unicorn-59016.exe
2212	Unicorn-48155.exe
1704	Unicorn-15482.exe
2036	Unicorn-50101.exe
2256	Unicorn-43971.exe
2884	Unicorn-36649.exe
264	Unicorn-17621.exe
2880	Unicorn-24013.exe
2856	Unicorn-11490.exe
2848	Unicorn-54761.exe
1880	Unicorn-56515.exe
1952	Unicorn-62799.exe
2260	Unicorn-52685.exe
3016	Unicorn-50385.exe
1444	Unicorn-7013.exe
668	Unicorn-60661.exe
1548	Unicorn-51746.exe
1152	Unicorn-36156.exe
1424	Unicorn-25415.exe
2284	Unicorn-31710.exe
764	Unicorn-9343.exe
564	Unicorn-9343.exe
2292	Unicorn-45530.exe
2268	Unicorn-60582.exe
1208	Unicorn-4060.exe
1680	Unicorn-4060.exe
1700	Unicorn-14287.exe
2400	Unicorn-42784.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1736 wrote to memory of 2596	1736	53729bc9b2247f208cc867178d31236f5942b9e7398c7f097223d9d73d047e3b.exe	30
PID 1736 wrote to memory of 2596	1736	53729bc9b2247f208cc867178d31236f5942b9e7398c7f097223d9d73d047e3b.exe	30
PID 1736 wrote to memory of 2596	1736	53729bc9b2247f208cc867178d31236f5942b9e7398c7f097223d9d73d047e3b.exe	30
PID 1736 wrote to memory of 2596	1736	53729bc9b2247f208cc867178d31236f5942b9e7398c7f097223d9d73d047e3b.exe	30
PID 2596 wrote to memory of 2916	2596	Unicorn-54325.exe	31
PID 2596 wrote to memory of 2916	2596	Unicorn-54325.exe	31
PID 2596 wrote to memory of 2916	2596	Unicorn-54325.exe	31
PID 2596 wrote to memory of 2916	2596	Unicorn-54325.exe	31
PID 1736 wrote to memory of 2948	1736	53729bc9b2247f208cc867178d31236f5942b9e7398c7f097223d9d73d047e3b.exe	32
PID 1736 wrote to memory of 2948	1736	53729bc9b2247f208cc867178d31236f5942b9e7398c7f097223d9d73d047e3b.exe	32
PID 1736 wrote to memory of 2948	1736	53729bc9b2247f208cc867178d31236f5942b9e7398c7f097223d9d73d047e3b.exe	32
PID 1736 wrote to memory of 2948	1736	53729bc9b2247f208cc867178d31236f5942b9e7398c7f097223d9d73d047e3b.exe	32
PID 2948 wrote to memory of 2816	2948	Unicorn-7900.exe	33
PID 2948 wrote to memory of 2816	2948	Unicorn-7900.exe	33
PID 2948 wrote to memory of 2816	2948	Unicorn-7900.exe	33
PID 2948 wrote to memory of 2816	2948	Unicorn-7900.exe	33
PID 1736 wrote to memory of 2180	1736	53729bc9b2247f208cc867178d31236f5942b9e7398c7f097223d9d73d047e3b.exe	34
PID 1736 wrote to memory of 2180	1736	53729bc9b2247f208cc867178d31236f5942b9e7398c7f097223d9d73d047e3b.exe	34
PID 1736 wrote to memory of 2180	1736	53729bc9b2247f208cc867178d31236f5942b9e7398c7f097223d9d73d047e3b.exe	34
PID 1736 wrote to memory of 2180	1736	53729bc9b2247f208cc867178d31236f5942b9e7398c7f097223d9d73d047e3b.exe	34
PID 2916 wrote to memory of 2924	2916	Unicorn-22613.exe	35
PID 2916 wrote to memory of 2924	2916	Unicorn-22613.exe	35
PID 2916 wrote to memory of 2924	2916	Unicorn-22613.exe	35
PID 2916 wrote to memory of 2924	2916	Unicorn-22613.exe	35
PID 2596 wrote to memory of 2812	2596	Unicorn-54325.exe	36
PID 2596 wrote to memory of 2812	2596	Unicorn-54325.exe	36
PID 2596 wrote to memory of 2812	2596	Unicorn-54325.exe	36
PID 2596 wrote to memory of 2812	2596	Unicorn-54325.exe	36
PID 2180 wrote to memory of 2540	2180	Unicorn-15003.exe	37
PID 2180 wrote to memory of 2540	2180	Unicorn-15003.exe	37
PID 2180 wrote to memory of 2540	2180	Unicorn-15003.exe	37
PID 2180 wrote to memory of 2540	2180	Unicorn-15003.exe	37
PID 1736 wrote to memory of 3004	1736	53729bc9b2247f208cc867178d31236f5942b9e7398c7f097223d9d73d047e3b.exe	38
PID 1736 wrote to memory of 3004	1736	53729bc9b2247f208cc867178d31236f5942b9e7398c7f097223d9d73d047e3b.exe	38
PID 1736 wrote to memory of 3004	1736	53729bc9b2247f208cc867178d31236f5942b9e7398c7f097223d9d73d047e3b.exe	38
PID 1736 wrote to memory of 3004	1736	53729bc9b2247f208cc867178d31236f5942b9e7398c7f097223d9d73d047e3b.exe	38
PID 2596 wrote to memory of 2332	2596	Unicorn-54325.exe	39
PID 2596 wrote to memory of 2332	2596	Unicorn-54325.exe	39
PID 2596 wrote to memory of 2332	2596	Unicorn-54325.exe	39
PID 2596 wrote to memory of 2332	2596	Unicorn-54325.exe	39
PID 2816 wrote to memory of 2996	2816	Unicorn-64304.exe	42
PID 2816 wrote to memory of 2996	2816	Unicorn-64304.exe	42
PID 2816 wrote to memory of 2996	2816	Unicorn-64304.exe	42
PID 2816 wrote to memory of 2996	2816	Unicorn-64304.exe	42
PID 2924 wrote to memory of 1516	2924	Unicorn-21134.exe	40
PID 2924 wrote to memory of 1516	2924	Unicorn-21134.exe	40
PID 2924 wrote to memory of 1516	2924	Unicorn-21134.exe	40
PID 2924 wrote to memory of 1516	2924	Unicorn-21134.exe	40
PID 2812 wrote to memory of 1784	2812	Unicorn-23826.exe	41
PID 2812 wrote to memory of 1784	2812	Unicorn-23826.exe	41
PID 2812 wrote to memory of 1784	2812	Unicorn-23826.exe	41
PID 2812 wrote to memory of 1784	2812	Unicorn-23826.exe	41
PID 2948 wrote to memory of 2460	2948	Unicorn-7900.exe	44
PID 2948 wrote to memory of 2460	2948	Unicorn-7900.exe	44
PID 2948 wrote to memory of 2460	2948	Unicorn-7900.exe	44
PID 2948 wrote to memory of 2460	2948	Unicorn-7900.exe	44
PID 2916 wrote to memory of 1660	2916	Unicorn-22613.exe	43
PID 2916 wrote to memory of 1660	2916	Unicorn-22613.exe	43
PID 2916 wrote to memory of 1660	2916	Unicorn-22613.exe	43
PID 2916 wrote to memory of 1660	2916	Unicorn-22613.exe	43
PID 3004 wrote to memory of 2352	3004	Unicorn-44086.exe	45
PID 3004 wrote to memory of 2352	3004	Unicorn-44086.exe	45
PID 3004 wrote to memory of 2352	3004	Unicorn-44086.exe	45
PID 3004 wrote to memory of 2352	3004	Unicorn-44086.exe	45

C:\Users\Admin\AppData\Local\Temp\53729bc9b2247f208cc867178d31236f5942b9e7398c7f097223d9d73d047e3b.exe
"C:\Users\Admin\AppData\Local\Temp\53729bc9b2247f208cc867178d31236f5942b9e7398c7f097223d9d73d047e3b.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1736
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54325.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54325.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22613.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22613.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21134.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21134.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58549.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-433.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4060.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21604.exe
        8⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48661.exe
        8⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11327.exe
        8⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34467.exe
        8⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1533.exe
        8⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1653.exe
        8⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53190.exe
        7⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25283.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8527.exe
        7⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34088.exe
        7⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12379.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17921.exe
        7⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20395.exe
        7⤵
        
        PID:5340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52685.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37079.exe
        7⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42288.exe
        7⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46481.exe
        7⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55906.exe
        7⤵
        
        PID:5220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18379.exe
        6⤵
        
        PID:2804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6808.exe
        6⤵
        
        PID:960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8527.exe
        6⤵
        
        PID:3656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34088.exe
        6⤵
        
        PID:3564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45202.exe
        6⤵
        
        PID:4196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54968.exe
        6⤵
        
        PID:4904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61855.exe
        6⤵
        
        PID:5884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21408.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31710.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52247.exe
        7⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15058.exe
        7⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21110.exe
        7⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13712.exe
        7⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32223.exe
        7⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52155.exe
        7⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16937.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48718.exe
        6⤵
        
        PID:680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38748.exe
        6⤵
        
        PID:2504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19802.exe
        6⤵
        
        PID:3916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19238.exe
        6⤵
        
        PID:3352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26299.exe
        6⤵
        
        PID:4676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53749.exe
        6⤵
        
        PID:4888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1653.exe
        6⤵
        
        PID:6048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14287.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60690.exe
        6⤵
        
        PID:1256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11437.exe
        6⤵
        
        PID:2604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28073.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9015.exe
        6⤵
        
        PID:3208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33910.exe
        6⤵
        
        PID:5056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23256.exe
        6⤵
        
        PID:1160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41901.exe
        6⤵
        
        PID:5516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60425.exe
        5⤵
        
        PID:2104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36544.exe
        5⤵
        
        PID:3272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57529.exe
        5⤵
        
        PID:3592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51154.exe
        5⤵
        
        PID:3744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7044.exe
        5⤵
        
        PID:4100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19106.exe
        5⤵
        
        PID:4476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2194.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61242.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61242.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57418.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15482.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23407.exe
        7⤵
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1878.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20159.exe
        7⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27904.exe
        7⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34550.exe
        7⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13484.exe
        7⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56966.exe
        7⤵
        
        PID:5148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62856.exe
        6⤵
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38748.exe
        6⤵
        
        PID:2356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26025.exe
        6⤵
        
        PID:3872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19238.exe
        6⤵
        
        PID:3328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40951.exe
        6⤵
        
        PID:5032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13481.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39061.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59016.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61825.exe
        6⤵
        
        PID:2316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5713.exe
        6⤵
        
        PID:3372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47095.exe
        6⤵
        
        PID:3288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26299.exe
        6⤵
        
        PID:4692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23256.exe
        6⤵
        
        PID:4576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54153.exe
        6⤵
        
        PID:5416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54560.exe
        5⤵
        
        PID:1816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54142.exe
        5⤵
        
        PID:3104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57529.exe
        5⤵
        
        PID:3608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51154.exe
        5⤵
        
        PID:3132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7044.exe
        5⤵
        
        PID:5052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19106.exe
        5⤵
        
        PID:4516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18366.exe
        5⤵
        
        PID:5552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21137.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21137.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22255.exe
        5⤵
        
        PID:576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17946.exe
        6⤵
        
        PID:2888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33736.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13232.exe
        6⤵
        
        PID:1792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31319.exe
        6⤵
        
        PID:5932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48090.exe
        5⤵
        
        PID:1460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34658.exe
        5⤵
        
        PID:3424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12589.exe
        5⤵
        
        PID:3292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8024.exe
        5⤵
        
        PID:4628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3819.exe
        5⤵
        
        PID:5080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23183.exe
        5⤵
        
        PID:5908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7407.exe
      4⤵
      PID:2500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34411.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34411.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15323.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15323.exe
      4⤵
      PID:3392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12814.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12814.exe
      4⤵
      PID:3296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52560.exe
      4⤵
      PID:4700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59555.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59555.exe
      4⤵
      PID:4364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-518.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-518.exe
      4⤵
      PID:5836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23826.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23826.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58549.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58549.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57418.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4060.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59928.exe
        7⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2974.exe
        7⤵
        
        PID:5744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14378.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19828.exe
        6⤵
        
        PID:3148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8527.exe
        6⤵
        
        PID:3644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34088.exe
        6⤵
        
        PID:4028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45202.exe
        6⤵
        
        PID:4212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62929.exe
        6⤵
        
        PID:4728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20395.exe
        6⤵
        
        PID:5156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62799.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21604.exe
        6⤵
        
        PID:3068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5682.exe
        6⤵
        
        PID:1128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11327.exe
        6⤵
        
        PID:3548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63426.exe
        6⤵
        
        PID:4296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9527.exe
        6⤵
        
        PID:5060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1803.exe
        6⤵
        
        PID:5628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48832.exe
        5⤵
        
        PID:2016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19331.exe
        5⤵
        
        PID:1928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57529.exe
        5⤵
        
        PID:3568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51154.exe
        5⤵
        
        PID:3356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23671.exe
        5⤵
        
        PID:4116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49633.exe
        5⤵
        
        PID:4816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-518.exe
        5⤵
        
        PID:5828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7402.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51746.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20501.exe
        6⤵
        
        PID:1976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21338.exe
        6⤵
        
        PID:2436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65385.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34126.exe
        6⤵
        
        PID:3660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17464.exe
        6⤵
        
        PID:4560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42389.exe
        6⤵
        
        PID:5168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15643.exe
        6⤵
        
        PID:6128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43421.exe
        5⤵
        
        PID:760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48101.exe
        6⤵
        
        PID:4084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10140.exe
        6⤵
        
        PID:4040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47472.exe
        6⤵
        
        PID:3712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19097.exe
        6⤵
        
        PID:4944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22653.exe
        6⤵
        
        PID:5916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6293.exe
        5⤵
        
        PID:1876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51406.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47095.exe
        5⤵
        
        PID:3304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26299.exe
        5⤵
        
        PID:4668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51611.exe
        5⤵
        
        PID:4968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1653.exe
        5⤵
        
        PID:6012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60582.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60582.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8931.exe
        5⤵
        
        PID:3576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8303.exe
        5⤵
        
        PID:3532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45635.exe
        5⤵
        
        PID:4644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29020.exe
        5⤵
        
        PID:4348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22653.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16351.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16351.exe
      4⤵
      PID:1996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19331.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19331.exe
      4⤵
      PID:2056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57529.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57529.exe
      4⤵
      PID:3556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42425.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42425.exe
      4⤵
      PID:4268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65264.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65264.exe
      4⤵
      PID:4276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19978.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19978.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52419.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52419.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57994.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7013.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41689.exe
        6⤵
        
        PID:2580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25012.exe
        6⤵
        
        PID:2472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20159.exe
        6⤵
        
        PID:3888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9015.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28136.exe
        6⤵
        
        PID:4180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10962.exe
        6⤵
        
        PID:4828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1653.exe
        6⤵
        
        PID:5988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23769.exe
        5⤵
        
        PID:1340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8021.exe
        5⤵
        
        PID:972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11982.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19238.exe
        5⤵
        
        PID:3500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51616.exe
        5⤵
        
        PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57490.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47547.exe
        5⤵
        
        PID:5344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36156.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50561.exe
        5⤵
        
        PID:4312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42148.exe
        5⤵
        
        PID:5312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7529.exe
        5⤵
        
        PID:5320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28384.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28384.exe
      4⤵
      PID:2240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37395.exe
      4⤵
      PID:3680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23315.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23315.exe
      4⤵
      PID:3948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8554.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8554.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64891.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64891.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61855.exe
      4⤵
      PID:5900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12420.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12420.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9343.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43827.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25012.exe
        5⤵
        
        PID:2124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54359.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13712.exe
        5⤵
        
        PID:4140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32223.exe
        5⤵
        
        PID:4328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17345.exe
        5⤵
        
        PID:4588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16937.exe
        5⤵
        
        PID:5260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60718.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60718.exe
      4⤵
      PID:1500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38748.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38748.exe
      4⤵
      PID:2600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25273.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25273.exe
      4⤵
      PID:3772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2703.exe
      4⤵
      PID:3300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43365.exe
      4⤵
      PID:4736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64891.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64891.exe
      4⤵
      PID:3024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61855.exe
      4⤵
      PID:5940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45530.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45530.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-929.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-929.exe
      4⤵
      PID:3268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56217.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56217.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42045.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42045.exe
      4⤵
      PID:4108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17614.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17614.exe
      4⤵
      PID:4564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63954.exe
      4⤵
      PID:5432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49889.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49889.exe
    3⤵
    PID:1992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19861.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19861.exe
    3⤵
    PID:1052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53063.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53063.exe
    3⤵
    PID:3348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40816.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40816.exe
    3⤵
    PID:4020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22536.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22536.exe
    3⤵
    PID:4128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26098.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26098.exe
    3⤵
    PID:4956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20118.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20118.exe
    3⤵
    PID:5964
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7900.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7900.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64304.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64304.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15570.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15570.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49058.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42784.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35418.exe
        7⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25012.exe
        7⤵
        
        PID:520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13937.exe
        7⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27904.exe
        7⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17464.exe
        7⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11663.exe
        7⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28964.exe
        7⤵
        
        PID:6100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21582.exe
        6⤵
        
        PID:1364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44970.exe
        6⤵
        
        PID:2544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3814.exe
        6⤵
        
        PID:3092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19238.exe
        6⤵
        
        PID:3320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47710.exe
        6⤵
        
        PID:3984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45202.exe
        6⤵
        
        PID:4228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15866.exe
        6⤵
        
        PID:4388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46101.exe
        6⤵
        
        PID:5576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24864.exe
        5⤵
        Executes dropped EXE
        
        PID:1088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45310.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4072.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27997.exe
        5⤵
        
        PID:1840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8527.exe
        5⤵
        
        PID:3572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63956.exe
        5⤵
        
        PID:4280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5062.exe
        5⤵
        
        PID:4256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40474.exe
        5⤵
        
        PID:5616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3318.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48155.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20120.exe
        6⤵
        
        PID:2384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62470.exe
        6⤵
        
        PID:3900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17680.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16844.exe
        6⤵
        
        PID:5088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18144.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47236.exe
        6⤵
        
        PID:5564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40824.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11851.exe
        5⤵
        
        PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33939.exe
        5⤵
        
        PID:3784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19238.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57026.exe
        5⤵
        
        PID:4652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20884.exe
        5⤵
        
        PID:4496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1653.exe
        5⤵
        
        PID:6020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43971.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43971.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57182.exe
        5⤵
        
        PID:1988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14208.exe
        5⤵
        
        PID:3600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46735.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16689.exe
        5⤵
        
        PID:4684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20354.exe
        5⤵
        
        PID:4412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6118.exe
        5⤵
        
        PID:5860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25200.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25200.exe
      4⤵
      PID:2860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60165.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60165.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9057.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29623.exe
      4⤵
      PID:4008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18336.exe
      4⤵
      PID:4120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53833.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53833.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38319.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38319.exe
      4⤵
      PID:5956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8533.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8533.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37382.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37382.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17621.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24458.exe
        6⤵
        
        PID:1764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49751.exe
        6⤵
        
        PID:584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22038.exe
        6⤵
        
        PID:3996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-161.exe
        6⤵
        
        PID:4932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20354.exe
        6⤵
        
        PID:4464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6118.exe
        6⤵
        
        PID:5852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53352.exe
        5⤵
        
        PID:1248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13963.exe
        5⤵
        
        PID:3116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17192.exe
        5⤵
        
        PID:3380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50624.exe
        5⤵
        
        PID:4032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27812.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5197.exe
        5⤵
        
        PID:5456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1260.exe
        5⤵
        
        PID:5568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60661.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59779.exe
        5⤵
        
        PID:2004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4515.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36180.exe
        6⤵
        
        PID:5104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52922.exe
        6⤵
        
        PID:4584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2700.exe
        6⤵
        
        PID:5588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19776.exe
        5⤵
        
        PID:632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34658.exe
        5⤵
        
        PID:3448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63928.exe
        5⤵
        
        PID:4048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61769.exe
        5⤵
        
        PID:4536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50241.exe
        5⤵
        
        PID:4236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59488.exe
        5⤵
        
        PID:5448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39259.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39259.exe
      4⤵
      PID:3012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59797.exe
      4⤵
      PID:1236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10753.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10753.exe
      4⤵
      PID:3616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23315.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23315.exe
      4⤵
      PID:3936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57303.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57303.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17345.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17345.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55831.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55831.exe
      4⤵
      PID:5164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33197.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33197.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9343.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21604.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5682.exe
        5⤵
        
        PID:840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11327.exe
        5⤵
        
        PID:3624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59289.exe
        5⤵
        
        PID:1920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44672.exe
        5⤵
        
        PID:3240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59434.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23183.exe
        5⤵
        
        PID:6060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59766.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59766.exe
      4⤵
      PID:2052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56942.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56942.exe
      4⤵
      PID:2528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17192.exe
      4⤵
      PID:3416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46890.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26593.exe
      4⤵
      PID:4292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5353.exe
      4⤵
      PID:5692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25415.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25415.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11858.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11858.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6399.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6399.exe
      4⤵
      PID:5420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42724.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42724.exe
      4⤵
      PID:5544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54173.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54173.exe
    3⤵
    PID:612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2796.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2796.exe
    3⤵
    PID:2532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21050.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21050.exe
    3⤵
    PID:3732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24667.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24667.exe
    3⤵
    PID:4448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44404.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44404.exe
    3⤵
    PID:4784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38319.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38319.exe
    3⤵
    PID:5972
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15003.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15003.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50573.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50573.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57994.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50101.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36631.exe
        6⤵
        
        PID:2560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22131.exe
        6⤵
        
        PID:3084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17192.exe
        6⤵
        
        PID:3404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1615.exe
        6⤵
        
        PID:4088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64636.exe
        6⤵
        
        PID:5008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23256.exe
        6⤵
        
        PID:4848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41901.exe
        6⤵
        
        PID:5504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28000.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27997.exe
        5⤵
        
        PID:964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46703.exe
        5⤵
        
        PID:3836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49587.exe
        5⤵
        
        PID:4392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45539.exe
        5⤵
        
        PID:4820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61855.exe
        5⤵
        
        PID:5876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24013.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39066.exe
        5⤵
        
        PID:912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27721.exe
        5⤵
        
        PID:3460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26952.exe
        5⤵
        
        PID:3988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51500.exe
        5⤵
        
        PID:4484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1003.exe
        5⤵
        
        PID:4792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6118.exe
        5⤵
        
        PID:5892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15473.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15473.exe
      4⤵
      PID:2156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17716.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17716.exe
      4⤵
      PID:1600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7868.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7868.exe
      4⤵
      PID:3860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2703.exe
      4⤵
      PID:3504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45151.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45151.exe
      4⤵
      PID:5028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51282.exe
      4⤵
      PID:5488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7202.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19462.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19462.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56515.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56515.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37413.exe
        5⤵
        
        PID:2028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59823.exe
        5⤵
        
        PID:452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47726.exe
        5⤵
        
        PID:3204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9015.exe
        5⤵
        
        PID:3728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28136.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10962.exe
        5⤵
        
        PID:4884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1653.exe
        5⤵
        
        PID:5996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57078.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57078.exe
      4⤵
      PID:2508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38748.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38748.exe
      4⤵
      PID:2232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19802.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19802.exe
      4⤵
      PID:3908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19238.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19238.exe
      4⤵
      PID:3508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13297.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13297.exe
      4⤵
      PID:4492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22680.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22680.exe
      4⤵
      PID:4508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51631.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51631.exe
      4⤵
      PID:5200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11490.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11490.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60690.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60690.exe
      4⤵
      PID:2288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16372.exe
      4⤵
      PID:3244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30296.exe
      4⤵
      PID:3780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18138.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18138.exe
      4⤵
      PID:4948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54966.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54966.exe
      4⤵
      PID:4580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23183.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23183.exe
      4⤵
      PID:5844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42489.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42489.exe
    3⤵
    PID:2792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63115.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63115.exe
    3⤵
    PID:3384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56820.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56820.exe
    3⤵
    PID:3216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16499.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16499.exe
    3⤵
    PID:4716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63756.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63756.exe
    3⤵
    PID:4336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38319.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38319.exe
    3⤵
    PID:5980
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44086.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44086.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22260.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22260.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57117.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54761.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60690.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63653.exe
        6⤵
        
        PID:2136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10668.exe
        6⤵
        
        PID:3844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27904.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14706.exe
        6⤵
        
        PID:4512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44211.exe
        6⤵
        
        PID:4788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15742.exe
        6⤵
        
        PID:4324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40824.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20019.exe
        5⤵
        
        PID:2912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16533.exe
        5⤵
        
        PID:2624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58017.exe
        5⤵
        
        PID:3840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45202.exe
        5⤵
        
        PID:4220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15866.exe
        5⤵
        
        PID:5016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58354.exe
        5⤵
        
        PID:5468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36649.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32945.exe
        5⤵
        
        PID:1940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23668.exe
        5⤵
        
        PID:2920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34658.exe
        5⤵
        
        PID:3440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30680.exe
        5⤵
        
        PID:4004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42835.exe
        5⤵
        
        PID:4744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3819.exe
        5⤵
        
        PID:4160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23183.exe
        5⤵
        
        PID:6072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29528.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21478.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21478.exe
      4⤵
      PID:2360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44002.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44002.exe
      4⤵
      PID:3808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2703.exe
      4⤵
      PID:3544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10241.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10241.exe
      4⤵
      PID:4620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17345.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17345.exe
      4⤵
      PID:4572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14607.exe
      4⤵
      PID:4752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35113.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35113.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36353.exe
      4⤵
      PID:1820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43077.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43077.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62585.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62585.exe
      4⤵
      PID:3364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5479.exe
      4⤵
      PID:4064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56135.exe
      4⤵
      PID:4416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41254.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41254.exe
      4⤵
      PID:5188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57644.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57644.exe
      4⤵
      PID:5784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50385.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50385.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27920.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27920.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56072.exe
      4⤵
      PID:4900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56071.exe
      4⤵
      PID:5388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59055.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59055.exe
    3⤵
    PID:2972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63680.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63680.exe
    3⤵
    PID:1628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56971.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56971.exe
    3⤵
    PID:3800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28056.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28056.exe
    3⤵
    PID:4380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40204.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40204.exe
    3⤵
    PID:4768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-518.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-518.exe
    3⤵
    PID:5868
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11731.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11731.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12384.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12384.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10770.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10770.exe
      4⤵
      PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31936.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28915.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10824.exe
        5⤵
        
        PID:4608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29020.exe
        5⤵
        
        PID:4996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22653.exe
        5⤵
        
        PID:5924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17062.exe
      4⤵
      PID:1320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40196.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40196.exe
      4⤵
      PID:3692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48516.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48516.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17464.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17464.exe
      4⤵
      PID:4604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60863.exe
      4⤵
      PID:5276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49384.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49384.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11133.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11133.exe
    3⤵
    PID:2824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33511.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33511.exe
    3⤵
    PID:1808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40524.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40524.exe
    3⤵
    PID:3432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22014.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22014.exe
    3⤵
    PID:4080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26299.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26299.exe
    3⤵
    PID:4660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23256.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23256.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41901.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41901.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5508
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3831.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3831.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63863.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63863.exe
    3⤵
    PID:2128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35226.exe
      4⤵
      PID:2300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18790.exe
      4⤵
      PID:2148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63486.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63486.exe
      4⤵
      PID:3112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9015.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9015.exe
      4⤵
      PID:4060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28136.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28136.exe
      4⤵
      PID:4172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10962.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10962.exe
      4⤵
      PID:4908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1653.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1653.exe
      4⤵
      PID:6036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56201.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56201.exe
    3⤵
    PID:1708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34471.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34471.exe
    3⤵
    PID:872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3814.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3814.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19238.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19238.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61471.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61471.exe
    3⤵
    PID:4424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6328.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6328.exe
    3⤵
    PID:5212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33164.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33164.exe
    3⤵
    PID:6096
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10346.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10346.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2876
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30131.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30131.exe
  2⤵
  PID:2024
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11060.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11060.exe
  2⤵
  PID:3648
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17715.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17715.exe
  2⤵
  PID:3848
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23690.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23690.exe
  2⤵
  PID:4636
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17819.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17819.exe
  2⤵
  PID:4252
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35519.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35519.exe
  2⤵
  PID:6028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-15003.exe

Filesize
468KB

MD5
d0f68f859c5848a66c04ef793d5dadba

SHA1
0c3a64b75c3bb81ec09e0c0c660a737fa1e26c89

SHA256
be203a04354bab1f89996b987b16010e81b7bfb66c2448fad6a35a01b699b9fd

SHA512
ed85556cdf6692b2fd478bd6d39c113ea7175044359fe010a4c9929289ed0f54ccfa6a3eea2ddb1e9220bd584619151439905a5e589a0fb477ba1fd389f8008e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15570.exe

Filesize
468KB

MD5
fb78c442d7f8e8a9b2e8af55e4391d32

SHA1
e6cf94122577cf45d1a6d7fe1f703366e0f5c4b4

SHA256
c50ec5e5557235d38eff6d8c63d3936914bb3c4a0d1d7488d74d564116388441

SHA512
3a4d6906740fcfcd450928992fc319b756effd712f109667e990a10d28a5e67206f50125a79ce44122224dcf43584ba2b240fbb4c3ff26d0c68d531c52b12fb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20019.exe

Filesize
468KB

MD5
35a44008358023924f61023376199c71

SHA1
56a2cb68d18aa42f4b0407416b1eb549585f84fc

SHA256
ec96666660203e2c10eae6e238268711469180a3742de618eee723e650550819

SHA512
031489fe88aa7d70c5a90ef1cf2071e1a219edc6a42184dc3428849622a3f20e04fe9a132292336f01d8ab7e7194c005570321612f7760698eb269fba8ac45cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23690.exe

Filesize
468KB

MD5
b172b8cd5feddbad6f0536f0ae82fe7d

SHA1
5f625482d5a8aa97585604725b09a98b79cc84b8

SHA256
7971b081946293a47b3a745fe2b3e6088cba500316fa1aea27f6e9b5d73bf512

SHA512
b7d14bcbf04078314471cef5dfd957bc6416dfa38250542b5212ad42e7aac780de6cfe022c7139efc56a19bec7e9b0b4264257d2366c1b1b4d1e2fc3ba5bfb56

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23826.exe

Filesize
468KB

MD5
d716ca4fb1b72843207c99b376909a66

SHA1
a35c0c99c7b8520212ac9d3fd56cf5ddc2ed4b9c

SHA256
cf9e1a14cf7c520fc31a1e86415ec97f22dff77ef358beeb024cf5b46224f915

SHA512
4566b615e76acec2d276d6eee11416f79bf91e49366b90804c072cdb5349c205e563cdcaaae9d13f80f058d209c394c4f81ef386fc8032708e9b7f2bf0921e28

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50573.exe

Filesize
468KB

MD5
6bff486440d847671647888b12b63670

SHA1
f5142e784d49f4c60b4183cf15a8f9557558dccc

SHA256
dfa4c1e33f91b44b4a77e862fc2ff5c33671f28647f2cc3cfc0e1d758e1ba1a8

SHA512
79c7e43969856152a00eeac6cb87c459ec2278a3941b38e8e2fe4cd5778029fa048c8ea98aa5ff4d9bc9adbae8e286207c71ceccf44e58f349d71320a5708647

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58549.exe

Filesize
468KB

MD5
2f57fcecf731b447b8e4ec65e4156fc9

SHA1
f954de2a0269e29b55e01b6d3845b5a66c776b77

SHA256
591b7fb37ebffabf93f1ec478d983f1293557aef70e4a148cf9f94b980518701

SHA512
4eacc6c1544918a5a768c0f42b05de5e745f446c1aea6b1a4b17810152f99e6d157faa5a79b6c73c804b1c09cbc6f5acc95cd0053a84a080df8397d45a9f1ecc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11731.exe

Filesize
468KB

MD5
19e569d71b96f78981a640dc64f1faf6

SHA1
e09e6c92572a5f5d6eb64ae9bfe15d1416a527ea

SHA256
4c7cbb773bf83fd315e6c27252c1605f2e292ec75fdd0f5f3e69b5c7453bbce0

SHA512
d7672c311078bce05ba13d95ee439512785bddc7a8aa4addc8ffded62bf8c9c5abaf601ea26f54095c4c81342e366d49a012a64ce8bba85ee199a6cd5841a315

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21134.exe

Filesize
468KB

MD5
d7067f698eb5755ab0fc9e67cac0247b

SHA1
78cb0c95f467af454ae52f17c7eaf707e8531907

SHA256
67432f1546c9c364987fabd52fe433f2118636e70a8102b23c25bc00e552c375

SHA512
bb4e6ac5bcf7e00c7f421024305f2f76c5cc4febd5876fdb739c8efaae3ca598067669b4be3475e1c8d4694e531a66d851af7bfbdf227171d089b41b13f1061c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22260.exe

Filesize
468KB

MD5
22b7c271ac7f4b20ae651dd46bfc819e

SHA1
b1f3880bf308753074eaf1753452c2107db05c79

SHA256
9864c60e26d319d14bacfcf5bba4c80c33f642b2c0bbb4c28bc9842dc1a47283

SHA512
af3944738f363d449f5d2ac717e21a1345dcb302773b586ae81520850631bfc3b317be8b4c983434c97b29eef60745a736dafcb6f9fba77ce27d3021c2b766b0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22613.exe

Filesize
468KB

MD5
e7a511d2277dec78861ecf8d9ef58c45

SHA1
6a57356833e421d9c70b85b8bc030843c9a5431b

SHA256
4d0744b1520b153bd01e6b5dff53ba987644186039ae6dfb77d5305c0a264216

SHA512
9359a9864ad1be6023d766a8cef3b8512bb3edc051ba9b6e4f4d2feeea2c8a15256e2e121a7529061dec5347bb83aa8ebb67b7c40f8c42f2dd47c41b730c7400

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44086.exe

Filesize
468KB

MD5
7bea93b23c9a0239d298e65869785964

SHA1
8cf89016f9d434f3063b8e1b876c9de58978c3e1

SHA256
830c4f4e5a67c336bb3d17a503810a1b996b6c12a644e96ebac50c5f7ddcc369

SHA512
b17f04a73246f683fc0441b2405f61e01258dea0276aefd7f82d3ea3efafd7c38586cb4fffcc2848f378db259bddad8df822b39f898043ff1f06fe9f4ff5b9ea

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52419.exe

Filesize
468KB

MD5
982248612859f4705017895d1e114f5e

SHA1
9d96e8cb3fbb5bf08278489f5c25df7003d60179

SHA256
a87022e42c891d4e250354081a14a955bdd474c435e1e1e6a7d29ac118b549cf

SHA512
0b7413dd3733463a0f139e7eb4a506c0ae7b99328eb92f44e425d0882763549a4c5487132cdf62950acc466dac092f6b91c70b3be028db4f1a5955a9f152a3b8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54325.exe

Filesize
468KB

MD5
ee1943e4019c810a52ac6a12ffd847a7

SHA1
20f9c5cc5fc8b1dd01123d3ed3bfaf76d5acfbc9

SHA256
b0f4fbb4a70e7ccffe328ce6fd93eba19d2ead7dbf76556dcadc109d764fbe8f

SHA512
bf47c5f52ce8b5f2c37a2bd30f766fc252699c25636e059059938baec1d0a686261a728a0e5a619c23984215547717945b5b49a572e79ab47b7eee63bd57d6d1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57418.exe

Filesize
468KB

MD5
95fcee9e860b4f4ff6599bb51656dc3a

SHA1
7ebd602d87c8400cb26c121358423eaaa6644904

SHA256
2271b5f5429caa90518967c40fa9479c032ecd6f47991e7e945fe6440b2903c1

SHA512
1f6a15401092d8346aba0dccf6a143605d71c273bd7b34ccdeda3040229beb5ea0da369b635945c5650c6135dd230dcef403a13ae29d2a0dd4704a51c2814f21

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61242.exe

Filesize
468KB

MD5
80b2855cb2a31db0a6dd4f86b6495ed9

SHA1
41e9e9067585be5bf4a386db3625b7594bd6a20e

SHA256
47d9d1725b07b756d51fbc56603e1c66771ff6e6117fe92c33efbd4b3439dddd

SHA512
73890cd508b692f053907e6dfdf689d153ec6a129dbd905fb033f3b4328f83417eff3b87ea1f432d97a8da630e82d4eecddac14c370873f55ee0d723c0c7bbb2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64304.exe

Filesize
468KB

MD5
93e831a347f122924860bad27ea4cc04

SHA1
20a2aeb18140114bc0934524a7937bb473fd42ad

SHA256
edcb2bcb73afa687a7575581ebdeb801de762973f7f06ed072dffbb780e6d7ee

SHA512
173a8f8729a95b3af22ec97d0b7d75befafd6c7865e3e4172528323f02c32611ff684e811774d3057d10d0226df7c79759aaad8be7fe9aec20e8fcdb36ca6e16

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7900.exe

Filesize
468KB

MD5
9636def5afbb5583071457e3de1c0222

SHA1
7c6245f9ce80ee0dd7859c03593fc7d9aa4dae7c

SHA256
9fc9329ec2824b5f79271097e59350f57e88dfda2d3d53d932dc54ef3a17c69a

SHA512
a63acfe1a8c0794b8c5552a5282ff482fbfcb434afe11a677f8da9228d629cc18fb216f8d18ba37566ef9720541a97bcbd5d3a191e2d5a6da34ac1a791ef8915

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8533.exe

Filesize
468KB

MD5
fdaac8f3143cf8556332f038b985fbb9

SHA1
1ce1d84b610e100dedc925c438eb48b0f822a406

SHA256
1bbd6c6cd8d41c3c700834482081399fd11db6d3e3f5b00d8df5e31acf9f2ea3

SHA512
2356f7c6f74e6e3aefc4cda191c899bdd3e46a5724ff66bbbb43e84262d7945a1e172d07cea41ede1bc1bcb437ccf3344c95f530cba4f7a9bf7e62d7bd1aba32

Download Submit