1f639cfb6dbc688e0451d9fb208bef773b06fe4bf1b9bba86b514d13bfb4aa58

Analysis

max time kernel
119s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12/10/2024, 00:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1f639cfb6dbc688e0451d9fb208bef773b06fe4bf1b9bba86b514d13bfb4aa58N.exe
Size

468KB
MD5

5a1f95413c46808679da13759c8af2a0
SHA1

5a33ebd889fa0d9402853956a1854a6fbe8dd8bf
SHA256

1f639cfb6dbc688e0451d9fb208bef773b06fe4bf1b9bba86b514d13bfb4aa58
SHA512

d6030b144e16f775f4f51d996e37b1a67029e876279bddd9821d909c4a425814156f353045a617dfd7c8e5bce422ea18fc2d6ebe9981499f5b6139e1e8027560
SSDEEP

3072:4belogxaIU57tbYZPzcfmbfD/n2DnsIH/QmyeQVoAu5Kkkx3u30lj:4b4oCc7tCP4fmbfra1eu5Do3u3

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2324	Unicorn-18619.exe
1900	Unicorn-55395.exe
2252	Unicorn-4035.exe
2888	Unicorn-48485.exe
2880	Unicorn-1339.exe
2708	Unicorn-28405.exe
2616	Unicorn-14670.exe
2636	Unicorn-45791.exe
2568	Unicorn-11556.exe
568	Unicorn-43347.exe
1720	Unicorn-20805.exe
1712	Unicorn-26936.exe
2872	Unicorn-7070.exe
2580	Unicorn-26671.exe
1744	Unicorn-24792.exe
2820	Unicorn-23893.exe
2972	Unicorn-14796.exe
2116	Unicorn-40701.exe
1716	Unicorn-34662.exe
408	Unicorn-56416.exe
2576	Unicorn-24922.exe
636	Unicorn-30960.exe
108	Unicorn-58964.exe
2316	Unicorn-64989.exe
2064	Unicorn-27334.exe
1200	Unicorn-40818.exe
1680	Unicorn-49748.exe
1992	Unicorn-49483.exe
1468	Unicorn-38574.exe
1600	Unicorn-60416.exe
1812	Unicorn-4814.exe
2548	Unicorn-55650.exe
3060	Unicorn-33100.exe
1496	Unicorn-40933.exe
3064	Unicorn-40933.exe
2544	Unicorn-21342.exe
596	Unicorn-56480.exe
2328	Unicorn-63211.exe
2868	Unicorn-50366.exe
2932	Unicorn-16310.exe
2628	Unicorn-6583.exe
2764	Unicorn-41136.exe
2896	Unicorn-38067.exe
2756	Unicorn-63533.exe
1648	Unicorn-18334.exe
2612	Unicorn-18334.exe
1556	Unicorn-42895.exe
376	Unicorn-23818.exe
1504	Unicorn-23818.exe
2128	Unicorn-25895.exe
1996	Unicorn-50721.exe
2148	Unicorn-41791.exe
1620	Unicorn-50721.exe
1348	Unicorn-50721.exe
872	Unicorn-48121.exe
2832	Unicorn-32691.exe
2788	Unicorn-18956.exe
644	Unicorn-50991.exe
2984	Unicorn-56071.exe
2208	Unicorn-24918.exe
3032	Unicorn-52032.exe
832	Unicorn-3978.exe
1640	Unicorn-24210.exe
3044	Unicorn-60299.exe

Loads dropped DLL 64 IoCs

pid	Process
2520	1f639cfb6dbc688e0451d9fb208bef773b06fe4bf1b9bba86b514d13bfb4aa58N.exe
2520	1f639cfb6dbc688e0451d9fb208bef773b06fe4bf1b9bba86b514d13bfb4aa58N.exe
2324	Unicorn-18619.exe
2324	Unicorn-18619.exe
2520	1f639cfb6dbc688e0451d9fb208bef773b06fe4bf1b9bba86b514d13bfb4aa58N.exe
2520	1f639cfb6dbc688e0451d9fb208bef773b06fe4bf1b9bba86b514d13bfb4aa58N.exe
2252	Unicorn-4035.exe
2252	Unicorn-4035.exe
1900	Unicorn-55395.exe
1900	Unicorn-55395.exe
2520	1f639cfb6dbc688e0451d9fb208bef773b06fe4bf1b9bba86b514d13bfb4aa58N.exe
2520	1f639cfb6dbc688e0451d9fb208bef773b06fe4bf1b9bba86b514d13bfb4aa58N.exe
2324	Unicorn-18619.exe
2324	Unicorn-18619.exe
2888	Unicorn-48485.exe
2888	Unicorn-48485.exe
2252	Unicorn-4035.exe
2252	Unicorn-4035.exe
2708	Unicorn-28405.exe
2708	Unicorn-28405.exe
2324	Unicorn-18619.exe
2520	1f639cfb6dbc688e0451d9fb208bef773b06fe4bf1b9bba86b514d13bfb4aa58N.exe
1900	Unicorn-55395.exe
2616	Unicorn-14670.exe
2324	Unicorn-18619.exe
2616	Unicorn-14670.exe
2520	1f639cfb6dbc688e0451d9fb208bef773b06fe4bf1b9bba86b514d13bfb4aa58N.exe
1900	Unicorn-55395.exe
2636	Unicorn-45791.exe
2636	Unicorn-45791.exe
2888	Unicorn-48485.exe
2888	Unicorn-48485.exe
2880	Unicorn-1339.exe
2880	Unicorn-1339.exe
2252	Unicorn-4035.exe
2252	Unicorn-4035.exe
2568	Unicorn-11556.exe
2568	Unicorn-11556.exe
2872	Unicorn-7070.exe
2872	Unicorn-7070.exe
1712	Unicorn-26936.exe
1712	Unicorn-26936.exe
1900	Unicorn-55395.exe
1900	Unicorn-55395.exe
1720	Unicorn-20805.exe
2580	Unicorn-26671.exe
1720	Unicorn-20805.exe
2580	Unicorn-26671.exe
2616	Unicorn-14670.exe
2616	Unicorn-14670.exe
2520	1f639cfb6dbc688e0451d9fb208bef773b06fe4bf1b9bba86b514d13bfb4aa58N.exe
568	Unicorn-43347.exe
2324	Unicorn-18619.exe
2520	1f639cfb6dbc688e0451d9fb208bef773b06fe4bf1b9bba86b514d13bfb4aa58N.exe
568	Unicorn-43347.exe
2324	Unicorn-18619.exe
2708	Unicorn-28405.exe
2708	Unicorn-28405.exe
1744	Unicorn-24792.exe
1744	Unicorn-24792.exe
2636	Unicorn-45791.exe
2636	Unicorn-45791.exe
2820	Unicorn-23893.exe
2820	Unicorn-23893.exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46524.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50366.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31654.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2538.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36922.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60321.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57521.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25267.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32696.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49278.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6583.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25000.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5566.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32334.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24898.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19637.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48121.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2065.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55997.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8050.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10771.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65038.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37024.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32964.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2991.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-181.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23818.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25895.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18126.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18956.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13167.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-914.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33681.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14670.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31619.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33703.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27033.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36922.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10114.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58709.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64241.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40701.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47072.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25000.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4249.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16565.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46524.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28303.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24792.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52844.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47054.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53376.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46186.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22605.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38736.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59863.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16434.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22409.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57053.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57583.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34914.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41747.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19073.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-914.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2520	1f639cfb6dbc688e0451d9fb208bef773b06fe4bf1b9bba86b514d13bfb4aa58N.exe
2324	Unicorn-18619.exe
2252	Unicorn-4035.exe
1900	Unicorn-55395.exe
2888	Unicorn-48485.exe
2880	Unicorn-1339.exe
2616	Unicorn-14670.exe
2708	Unicorn-28405.exe
2636	Unicorn-45791.exe
2568	Unicorn-11556.exe
568	Unicorn-43347.exe
2872	Unicorn-7070.exe
1720	Unicorn-20805.exe
1712	Unicorn-26936.exe
2580	Unicorn-26671.exe
1744	Unicorn-24792.exe
2820	Unicorn-23893.exe
1716	Unicorn-34662.exe
2116	Unicorn-40701.exe
2972	Unicorn-14796.exe
2576	Unicorn-24922.exe
408	Unicorn-56416.exe
636	Unicorn-30960.exe
2316	Unicorn-64989.exe
108	Unicorn-58964.exe
2064	Unicorn-27334.exe
1680	Unicorn-49748.exe
1200	Unicorn-40818.exe
1992	Unicorn-49483.exe
1468	Unicorn-38574.exe
1600	Unicorn-60416.exe
1812	Unicorn-4814.exe
2548	Unicorn-55650.exe
3060	Unicorn-33100.exe
1496	Unicorn-40933.exe
3064	Unicorn-40933.exe
2544	Unicorn-21342.exe
596	Unicorn-56480.exe
2328	Unicorn-63211.exe
2868	Unicorn-50366.exe
2628	Unicorn-6583.exe
2932	Unicorn-16310.exe
2764	Unicorn-41136.exe
2756	Unicorn-63533.exe
2896	Unicorn-38067.exe
1648	Unicorn-18334.exe
2612	Unicorn-18334.exe
1556	Unicorn-42895.exe
1504	Unicorn-23818.exe
376	Unicorn-23818.exe
2128	Unicorn-25895.exe
2148	Unicorn-41791.exe
1996	Unicorn-50721.exe
1348	Unicorn-50721.exe
1620	Unicorn-50721.exe
2788	Unicorn-18956.exe
872	Unicorn-48121.exe
2832	Unicorn-32691.exe
644	Unicorn-50991.exe
2984	Unicorn-56071.exe
2208	Unicorn-24918.exe
832	Unicorn-3978.exe
3032	Unicorn-52032.exe
1640	Unicorn-24210.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2520 wrote to memory of 2324	2520	1f639cfb6dbc688e0451d9fb208bef773b06fe4bf1b9bba86b514d13bfb4aa58N.exe	30
PID 2520 wrote to memory of 2324	2520	1f639cfb6dbc688e0451d9fb208bef773b06fe4bf1b9bba86b514d13bfb4aa58N.exe	30
PID 2520 wrote to memory of 2324	2520	1f639cfb6dbc688e0451d9fb208bef773b06fe4bf1b9bba86b514d13bfb4aa58N.exe	30
PID 2520 wrote to memory of 2324	2520	1f639cfb6dbc688e0451d9fb208bef773b06fe4bf1b9bba86b514d13bfb4aa58N.exe	30
PID 2324 wrote to memory of 1900	2324	Unicorn-18619.exe	31
PID 2324 wrote to memory of 1900	2324	Unicorn-18619.exe	31
PID 2324 wrote to memory of 1900	2324	Unicorn-18619.exe	31
PID 2324 wrote to memory of 1900	2324	Unicorn-18619.exe	31
PID 2520 wrote to memory of 2252	2520	1f639cfb6dbc688e0451d9fb208bef773b06fe4bf1b9bba86b514d13bfb4aa58N.exe	32
PID 2520 wrote to memory of 2252	2520	1f639cfb6dbc688e0451d9fb208bef773b06fe4bf1b9bba86b514d13bfb4aa58N.exe	32
PID 2520 wrote to memory of 2252	2520	1f639cfb6dbc688e0451d9fb208bef773b06fe4bf1b9bba86b514d13bfb4aa58N.exe	32
PID 2520 wrote to memory of 2252	2520	1f639cfb6dbc688e0451d9fb208bef773b06fe4bf1b9bba86b514d13bfb4aa58N.exe	32
PID 2252 wrote to memory of 2888	2252	Unicorn-4035.exe	34
PID 2252 wrote to memory of 2888	2252	Unicorn-4035.exe	34
PID 2252 wrote to memory of 2888	2252	Unicorn-4035.exe	34
PID 2252 wrote to memory of 2888	2252	Unicorn-4035.exe	34
PID 1900 wrote to memory of 2880	1900	Unicorn-55395.exe	35
PID 1900 wrote to memory of 2880	1900	Unicorn-55395.exe	35
PID 1900 wrote to memory of 2880	1900	Unicorn-55395.exe	35
PID 1900 wrote to memory of 2880	1900	Unicorn-55395.exe	35
PID 2520 wrote to memory of 2708	2520	1f639cfb6dbc688e0451d9fb208bef773b06fe4bf1b9bba86b514d13bfb4aa58N.exe	36
PID 2520 wrote to memory of 2708	2520	1f639cfb6dbc688e0451d9fb208bef773b06fe4bf1b9bba86b514d13bfb4aa58N.exe	36
PID 2520 wrote to memory of 2708	2520	1f639cfb6dbc688e0451d9fb208bef773b06fe4bf1b9bba86b514d13bfb4aa58N.exe	36
PID 2520 wrote to memory of 2708	2520	1f639cfb6dbc688e0451d9fb208bef773b06fe4bf1b9bba86b514d13bfb4aa58N.exe	36
PID 2324 wrote to memory of 2616	2324	Unicorn-18619.exe	37
PID 2324 wrote to memory of 2616	2324	Unicorn-18619.exe	37
PID 2324 wrote to memory of 2616	2324	Unicorn-18619.exe	37
PID 2324 wrote to memory of 2616	2324	Unicorn-18619.exe	37
PID 2888 wrote to memory of 2636	2888	Unicorn-48485.exe	38
PID 2888 wrote to memory of 2636	2888	Unicorn-48485.exe	38
PID 2888 wrote to memory of 2636	2888	Unicorn-48485.exe	38
PID 2888 wrote to memory of 2636	2888	Unicorn-48485.exe	38
PID 2252 wrote to memory of 2568	2252	Unicorn-4035.exe	39
PID 2252 wrote to memory of 2568	2252	Unicorn-4035.exe	39
PID 2252 wrote to memory of 2568	2252	Unicorn-4035.exe	39
PID 2252 wrote to memory of 2568	2252	Unicorn-4035.exe	39
PID 2708 wrote to memory of 568	2708	Unicorn-28405.exe	40
PID 2708 wrote to memory of 568	2708	Unicorn-28405.exe	40
PID 2708 wrote to memory of 568	2708	Unicorn-28405.exe	40
PID 2708 wrote to memory of 568	2708	Unicorn-28405.exe	40
PID 2324 wrote to memory of 1720	2324	Unicorn-18619.exe	41
PID 2324 wrote to memory of 1720	2324	Unicorn-18619.exe	41
PID 2324 wrote to memory of 1720	2324	Unicorn-18619.exe	41
PID 2324 wrote to memory of 1720	2324	Unicorn-18619.exe	41
PID 2616 wrote to memory of 1712	2616	Unicorn-14670.exe	44
PID 2616 wrote to memory of 1712	2616	Unicorn-14670.exe	44
PID 2616 wrote to memory of 1712	2616	Unicorn-14670.exe	44
PID 2616 wrote to memory of 1712	2616	Unicorn-14670.exe	44
PID 2520 wrote to memory of 2580	2520	1f639cfb6dbc688e0451d9fb208bef773b06fe4bf1b9bba86b514d13bfb4aa58N.exe	42
PID 2520 wrote to memory of 2580	2520	1f639cfb6dbc688e0451d9fb208bef773b06fe4bf1b9bba86b514d13bfb4aa58N.exe	42
PID 2520 wrote to memory of 2580	2520	1f639cfb6dbc688e0451d9fb208bef773b06fe4bf1b9bba86b514d13bfb4aa58N.exe	42
PID 2520 wrote to memory of 2580	2520	1f639cfb6dbc688e0451d9fb208bef773b06fe4bf1b9bba86b514d13bfb4aa58N.exe	42
PID 1900 wrote to memory of 2872	1900	Unicorn-55395.exe	43
PID 1900 wrote to memory of 2872	1900	Unicorn-55395.exe	43
PID 1900 wrote to memory of 2872	1900	Unicorn-55395.exe	43
PID 1900 wrote to memory of 2872	1900	Unicorn-55395.exe	43
PID 2636 wrote to memory of 1744	2636	Unicorn-45791.exe	45
PID 2636 wrote to memory of 1744	2636	Unicorn-45791.exe	45
PID 2636 wrote to memory of 1744	2636	Unicorn-45791.exe	45
PID 2636 wrote to memory of 1744	2636	Unicorn-45791.exe	45
PID 2888 wrote to memory of 2820	2888	Unicorn-48485.exe	46
PID 2888 wrote to memory of 2820	2888	Unicorn-48485.exe	46
PID 2888 wrote to memory of 2820	2888	Unicorn-48485.exe	46
PID 2888 wrote to memory of 2820	2888	Unicorn-48485.exe	46

C:\Users\Admin\AppData\Local\Temp\1f639cfb6dbc688e0451d9fb208bef773b06fe4bf1b9bba86b514d13bfb4aa58N.exe
"C:\Users\Admin\AppData\Local\Temp\1f639cfb6dbc688e0451d9fb208bef773b06fe4bf1b9bba86b514d13bfb4aa58N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2520
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18619.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18619.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55395.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55395.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1339.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14796.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63211.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52562.exe
        7⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49278.exe
        8⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56051.exe
        8⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52844.exe
        8⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-181.exe
        8⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53751.exe
        7⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32453.exe
        7⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33681.exe
        7⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64241.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44682.exe
        6⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22393.exe
        7⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40312.exe
        7⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27815.exe
        7⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28303.exe
        7⤵
        
        PID:5260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48650.exe
        6⤵
        
        PID:2596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23323.exe
        6⤵
        
        PID:4068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38958.exe
        6⤵
        
        PID:5424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50366.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52586.exe
        6⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18202.exe
        7⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4249.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58709.exe
        7⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57053.exe
        7⤵
        
        PID:5896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21832.exe
        6⤵
        
        PID:3316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54721.exe
        6⤵
        
        PID:4496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43327.exe
        6⤵
        
        PID:5824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8050.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60967.exe
        6⤵
        
        PID:3988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33681.exe
        6⤵
        
        PID:4328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7769.exe
        6⤵
        
        PID:5668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21706.exe
        5⤵
        
        PID:2632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37024.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4936.exe
        5⤵
        
        PID:5236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7070.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7070.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56416.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50991.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23628.exe
        7⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38465.exe
        8⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
        8⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59853.exe
        8⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13305.exe
        7⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25015.exe
        7⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3102.exe
        7⤵
        
        PID:5564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46586.exe
        6⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16711.exe
        7⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32964.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22437.exe
        7⤵
        
        PID:5268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5566.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63957.exe
        6⤵
        
        PID:4636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30428.exe
        6⤵
        
        PID:5972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56071.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18181.exe
        6⤵
        
        PID:1876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13917.exe
        6⤵
        
        PID:3304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4406.exe
        6⤵
        
        PID:5204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22605.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30384.exe
        5⤵
        
        PID:1548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1449.exe
        5⤵
        
        PID:3536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2538.exe
        5⤵
        
        PID:5004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57583.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30960.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30960.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63533.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38784.exe
        6⤵
        
        PID:340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25000.exe
        6⤵
        
        PID:3484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25267.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15239.exe
        6⤵
        
        PID:5228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2328.exe
        5⤵
        
        PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38736.exe
        5⤵
        
        PID:3324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33681.exe
        5⤵
        
        PID:4360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7769.exe
        5⤵
        
        PID:5664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42895.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42895.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59569.exe
        5⤵
        
        PID:2916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65038.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16172.exe
        6⤵
        
        PID:5304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41941.exe
        6⤵
        
        PID:6148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13305.exe
        5⤵
        
        PID:4028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19073.exe
        5⤵
        
        PID:4984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40517.exe
        5⤵
        
        PID:6080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14697.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14697.exe
      4⤵
      PID:2988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14861.exe
        5⤵
        
        PID:3960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
        5⤵
        
        PID:1904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22437.exe
        5⤵
        
        PID:5344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62169.exe
      4⤵
      PID:3368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55251.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55251.exe
      4⤵
      PID:4580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3367.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3367.exe
      4⤵
      PID:5832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14670.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14670.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26936.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24922.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18334.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47805.exe
        7⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53090.exe
        8⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22409.exe
        8⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40611.exe
        8⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13305.exe
        7⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19073.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50634.exe
        7⤵
        
        PID:2436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46586.exe
        6⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49350.exe
        7⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6172.exe
        7⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27815.exe
        7⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16434.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43148.exe
        6⤵
        
        PID:2528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10114.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50044.exe
        6⤵
        
        PID:4508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40517.exe
        6⤵
        
        PID:5776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23818.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-914.exe
        6⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45088.exe
        7⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25000.exe
        7⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52844.exe
        7⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-181.exe
        7⤵
        
        PID:5924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40772.exe
        6⤵
        
        PID:2940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39284.exe
        6⤵
        
        PID:3692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58709.exe
        6⤵
        
        PID:4652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57053.exe
        6⤵
        
        PID:5788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52706.exe
        5⤵
        
        PID:3012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9826.exe
        6⤵
        
        PID:1616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2065.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55586.exe
        6⤵
        
        PID:5376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21832.exe
        5⤵
        
        PID:3296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54721.exe
        5⤵
        
        PID:4612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7832.exe
        5⤵
        
        PID:5916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27334.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27334.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50721.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-914.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43284.exe
        7⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22409.exe
        7⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22437.exe
        7⤵
        
        PID:964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20164.exe
        6⤵
        
        PID:3456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57521.exe
        6⤵
        
        PID:4552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2991.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46586.exe
        5⤵
        
        PID:2488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44507.exe
        6⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64222.exe
        7⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59736.exe
        7⤵
        
        PID:5700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22834.exe
        6⤵
        
        PID:5320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47806.exe
        6⤵
        
        PID:6084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2929.exe
        5⤵
        
        PID:3544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63386.exe
        5⤵
        
        PID:4436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24367.exe
        5⤵
        
        PID:5800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32691.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32691.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41637.exe
        5⤵
        
        PID:1908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42849.exe
        6⤵
        
        PID:2532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32334.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58709.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57053.exe
        6⤵
        
        PID:5740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64587.exe
        5⤵
        
        PID:1512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38200.exe
        5⤵
        
        PID:4092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25015.exe
        5⤵
        
        PID:4376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3102.exe
        5⤵
        
        PID:5576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19742.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19742.exe
      4⤵
      PID:2680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13324.exe
        5⤵
        
        PID:3920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22409.exe
        5⤵
        
        PID:4736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22437.exe
        5⤵
        
        PID:5284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13167.exe
      4⤵
      PID:3348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38185.exe
      4⤵
      PID:4536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15922.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15922.exe
      4⤵
      PID:5676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20805.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20805.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58964.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58964.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50721.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47072.exe
        6⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34684.exe
        7⤵
        
        PID:5912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53376.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4195.exe
        6⤵
        
        PID:4852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-181.exe
        6⤵
        
        PID:5760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50134.exe
        5⤵
        
        PID:2504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21663.exe
        6⤵
        
        PID:5584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1574.exe
        5⤵
        
        PID:3836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10060.exe
        5⤵
        
        PID:4816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57053.exe
        5⤵
        
        PID:5968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18956.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18956.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-914.exe
        5⤵
        
        PID:2256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21621.exe
        6⤵
        
        PID:4348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62371.exe
        6⤵
        
        PID:5656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46039.exe
        5⤵
        
        PID:3504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57521.exe
        5⤵
        
        PID:4460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36922.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60321.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60321.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2459.exe
        5⤵
        
        PID:1000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60727.exe
        5⤵
        
        PID:3596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44386.exe
        5⤵
        
        PID:5632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9561.exe
      4⤵
      PID:2804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35702.exe
      4⤵
      PID:3800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33508.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33508.exe
      4⤵
      PID:4444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57583.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57583.exe
      4⤵
      PID:5784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49483.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49483.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25895.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25895.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-914.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8195.exe
        6⤵
        
        PID:4288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35985.exe
        6⤵
        
        PID:5356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46039.exe
        5⤵
        
        PID:3476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57521.exe
        5⤵
        
        PID:4572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33033.exe
        5⤵
        
        PID:5864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55468.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55468.exe
      4⤵
      PID:3004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49278.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56051.exe
        5⤵
        
        PID:3468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52844.exe
        5⤵
        
        PID:4692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-181.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43148.exe
      4⤵
      PID:2664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10114.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10114.exe
      4⤵
      PID:3816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19073.exe
      4⤵
      PID:5028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29988.exe
      4⤵
      PID:5532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41791.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41791.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28886.exe
      4⤵
      PID:2320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4249.exe
      4⤵
      PID:3784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58709.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58709.exe
      4⤵
      PID:4620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57053.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57053.exe
      4⤵
      PID:6012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53597.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53597.exe
    3⤵
    PID:2604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36466.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36466.exe
    3⤵
    PID:3332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63610.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63610.exe
    3⤵
    PID:5072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58838.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58838.exe
    3⤵
    PID:5480
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4035.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4035.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48485.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48485.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45791.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45791.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24792.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60416.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24918.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48874.exe
        8⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25548.exe
        8⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21873.exe
        8⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55189.exe
        8⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11100.exe
        7⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54048.exe
        7⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27739.exe
        7⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46524.exe
        7⤵
        
        PID:5464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52032.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-914.exe
        7⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19756.exe
        8⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15005.exe
        8⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54731.exe
        7⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57521.exe
        7⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36922.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3666.exe
        6⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2232.exe
        7⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57521.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39094.exe
        7⤵
        
        PID:5956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13167.exe
        6⤵
        
        PID:3336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38185.exe
        6⤵
        
        PID:4488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60393.exe
        6⤵
        
        PID:5840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4814.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3978.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57949.exe
        7⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12632.exe
        8⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25000.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27815.exe
        8⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28303.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33000.exe
        7⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38736.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27739.exe
        7⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37810.exe
        7⤵
        
        PID:6128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
        6⤵
        
        PID:2268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38736.exe
        6⤵
        
        PID:2824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27739.exe
        6⤵
        
        PID:4952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16565.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24210.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26864.exe
        6⤵
        
        PID:2276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10848.exe
        6⤵
        
        PID:4196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10818.exe
        6⤵
        
        PID:5336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18126.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36483.exe
        5⤵
        
        PID:3700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2538.exe
        5⤵
        
        PID:5088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20167.exe
        5⤵
        
        PID:5528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23893.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23893.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55650.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60299.exe
        6⤵
        Executes dropped EXE
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18916.exe
        7⤵
        
        PID:288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25548.exe
        7⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27815.exe
        7⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28303.exe
        7⤵
        
        PID:5416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2527.exe
        6⤵
        
        PID:616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe
        6⤵
        
        PID:3904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27739.exe
        6⤵
        
        PID:5096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19637.exe
        6⤵
        
        PID:5292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58991.exe
        5⤵
        
        PID:912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36515.exe
        6⤵
        
        PID:1800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25000.exe
        6⤵
        
        PID:3432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52844.exe
        6⤵
        
        PID:4684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-181.exe
        6⤵
        
        PID:5988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24240.exe
        5⤵
        
        PID:2816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44601.exe
        5⤵
        
        PID:3488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25015.exe
        5⤵
        
        PID:4320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3102.exe
        5⤵
        
        PID:5600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33100.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31654.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51803.exe
        6⤵
        
        PID:1424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25548.exe
        6⤵
        
        PID:3756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27815.exe
        6⤵
        
        PID:4264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28303.exe
        6⤵
        
        PID:5404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10641.exe
        5⤵
        
        PID:2300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38319.exe
        5⤵
        
        PID:3636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50044.exe
        5⤵
        
        PID:4404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40517.exe
        5⤵
        
        PID:6044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57751.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57751.exe
      4⤵
      PID:2232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49350.exe
        5⤵
        
        PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6172.exe
        5⤵
        
        PID:3632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52844.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-181.exe
        5⤵
        
        PID:5996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40420.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40420.exe
      4⤵
      PID:2096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-572.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-572.exe
      4⤵
      PID:3640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19603.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19603.exe
      4⤵
      PID:5056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25523.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25523.exe
      4⤵
      PID:5540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11556.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11556.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34662.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34662.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40933.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52562.exe
        6⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30966.exe
        7⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23785.exe
        7⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27739.exe
        7⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19637.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14219.exe
        6⤵
        
        PID:1928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17457.exe
        6⤵
        
        PID:3308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58709.exe
        6⤵
        
        PID:4468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57053.exe
        6⤵
        
        PID:6004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39227.exe
        5⤵
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49350.exe
        6⤵
        
        PID:900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6172.exe
        6⤵
        
        PID:3660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27815.exe
        6⤵
        
        PID:4208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15239.exe
        6⤵
        
        PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21832.exe
        5⤵
        
        PID:3404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54721.exe
        5⤵
        
        PID:4520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37453.exe
        5⤵
        
        PID:5748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56480.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59093.exe
        5⤵
        
        PID:1492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13909.exe
        6⤵
        
        PID:3952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27739.exe
        6⤵
        
        PID:4996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57053.exe
        6⤵
        
        PID:5628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15967.exe
        5⤵
        
        PID:3388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63386.exe
        5⤵
        
        PID:4448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43610.exe
        5⤵
        
        PID:5764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49891.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49891.exe
      4⤵
      PID:1912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49350.exe
        5⤵
        
        PID:2700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50335.exe
        5⤵
        
        PID:3284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9070.exe
        5⤵
        
        PID:5188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49013.exe
      4⤵
      PID:2900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1449.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1449.exe
      4⤵
      PID:3384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33508.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33508.exe
      4⤵
      PID:4420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57583.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57583.exe
      4⤵
      PID:5876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40701.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40701.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40933.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40933.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43543.exe
        5⤵
        
        PID:784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60519.exe
        6⤵
        
        PID:2204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52482.exe
        6⤵
        
        PID:3888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27815.exe
        6⤵
        
        PID:4392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28303.exe
        6⤵
        
        PID:5256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34914.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64802.exe
        5⤵
        
        PID:4248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17168.exe
        5⤵
        
        PID:5468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32696.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32696.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18042.exe
        5⤵
        
        PID:348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4249.exe
        5⤵
        
        PID:3572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27739.exe
        5⤵
        
        PID:4976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57053.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27033.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1449.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1449.exe
      4⤵
      PID:3796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2538.exe
      4⤵
      PID:5036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47054.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47054.exe
      4⤵
      PID:5504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21342.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21342.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46586.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46586.exe
      4⤵
      PID:320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31685.exe
        5⤵
        
        PID:4048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2836.exe
        5⤵
        
        PID:5496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59774.exe
      4⤵
      PID:3492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63386.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63386.exe
      4⤵
      PID:4560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59863.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43656.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43656.exe
    3⤵
    PID:2696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36396.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36396.exe
      4⤵
      PID:1696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37169.exe
      4⤵
      PID:3576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27815.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27815.exe
      4⤵
      PID:4300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28303.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28303.exe
      4⤵
      PID:5328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35172.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35172.exe
    3⤵
    PID:2236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37014.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37014.exe
    3⤵
    PID:3680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63610.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63610.exe
    3⤵
    PID:4932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58838.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58838.exe
    3⤵
    PID:5184
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28405.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28405.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43347.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43347.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49748.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49748.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50721.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47072.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58078.exe
        7⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46186.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53376.exe
        6⤵
        
        PID:3808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4195.exe
        6⤵
        
        PID:4860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28303.exe
        6⤵
        
        PID:5388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33278.exe
        5⤵
        
        PID:2812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36515.exe
        6⤵
        
        PID:1528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25000.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55586.exe
        6⤵
        
        PID:5364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13167.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38185.exe
        5⤵
        
        PID:4528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65270.exe
        5⤵
        
        PID:6112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48121.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48121.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49628.exe
        5⤵
        
        PID:2244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4249.exe
        5⤵
        
        PID:3728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27739.exe
        5⤵
        
        PID:5012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46524.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26907.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26907.exe
      4⤵
      PID:1484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1449.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1449.exe
      4⤵
      PID:3716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2538.exe
      4⤵
      PID:4912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20167.exe
      4⤵
      PID:5232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38574.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38574.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16310.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44257.exe
        5⤵
        
        PID:2844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49350.exe
        6⤵
        
        PID:2732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6172.exe
        6⤵
        
        PID:3676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27815.exe
        6⤵
        
        PID:4240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15239.exe
        6⤵
        
        PID:6140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29412.exe
        5⤵
        
        PID:2044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4249.exe
        5⤵
        
        PID:3724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33681.exe
        5⤵
        
        PID:4228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19637.exe
        5⤵
        
        PID:5432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8906.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8906.exe
      4⤵
      PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38038.exe
        5⤵
        
        PID:2344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18718.exe
        5⤵
        
        PID:4000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52844.exe
        5⤵
        
        PID:4660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-181.exe
        5⤵
        
        PID:5820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3696.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3696.exe
      4⤵
      PID:1180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44368.exe
      4⤵
      PID:3964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50044.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50044.exe
      4⤵
      PID:4456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40517.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40517.exe
      4⤵
      PID:6036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6583.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6583.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20008.exe
      4⤵
      PID:2184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9826.exe
        5⤵
        
        PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24767.exe
        5⤵
        
        PID:4004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52844.exe
        5⤵
        
        PID:4700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-181.exe
        5⤵
        
        PID:5948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10771.exe
      4⤵
      PID:380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56360.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56360.exe
      4⤵
      PID:3972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13071.exe
      4⤵
      PID:5220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39141.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39141.exe
      4⤵
      PID:6060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35127.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35127.exe
    3⤵
    PID:2996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42600.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42600.exe
      4⤵
      PID:3844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22409.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22409.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10569.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10569.exe
      4⤵
      PID:6076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13167.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13167.exe
    3⤵
    PID:3356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38185.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38185.exe
    3⤵
    PID:4592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24898.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24898.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5880
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26671.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26671.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64989.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64989.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18334.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18334.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15180.exe
        5⤵
        
        PID:2056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4249.exe
        5⤵
        
        PID:3740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58709.exe
        5⤵
        
        PID:4712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57053.exe
        5⤵
        
        PID:6052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53743.exe
      4⤵
      PID:2728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38736.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38736.exe
      4⤵
      PID:2012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31133.exe
      4⤵
      PID:4100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46524.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46524.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23818.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23818.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59379.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59379.exe
      4⤵
      PID:1032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41747.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
        5⤵
        
        PID:2392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59853.exe
        5⤵
        
        PID:5720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10771.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21355.exe
      4⤵
      PID:4332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33703.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31619.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31619.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34085.exe
      4⤵
      PID:1888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3722.exe
      4⤵
      PID:3100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27815.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27815.exe
      4⤵
      PID:4368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15239.exe
      4⤵
      PID:5212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49085.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49085.exe
    3⤵
    PID:2364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17107.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17107.exe
    3⤵
    PID:3656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2538.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2538.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47054.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47054.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5448
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40818.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40818.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41136.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41136.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47781.exe
      4⤵
      PID:1196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14861.exe
        5⤵
        
        PID:3980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
        5⤵
        
        PID:4776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59853.exe
        5⤵
        
        PID:5952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13909.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13909.exe
      4⤵
      PID:3944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33681.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33681.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19637.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19637.exe
      4⤵
      PID:5408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21771.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21771.exe
    3⤵
    PID:1964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52561.exe
      4⤵
      PID:2792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63386.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63386.exe
      4⤵
      PID:4512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30428.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30428.exe
      4⤵
      PID:6096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15967.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15967.exe
    3⤵
    PID:3376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63386.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63386.exe
    3⤵
    PID:4544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13651.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13651.exe
    3⤵
    PID:5904
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38067.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38067.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14041.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14041.exe
    3⤵
    PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57548.exe
      4⤵
      PID:3764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55997.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23905.exe
      4⤵
      PID:5216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29109.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29109.exe
    3⤵
    PID:3708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4195.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4195.exe
    3⤵
    PID:4844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-181.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-181.exe
    3⤵
    PID:5812
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49549.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49549.exe
  2⤵
  PID:692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32253.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32253.exe
    3⤵
    PID:3928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
    3⤵
    PID:3048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59853.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59853.exe
    3⤵
    PID:6028
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43310.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43310.exe
  2⤵
  PID:3828
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40596.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40596.exe
  2⤵
  PID:4824
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34917.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34917.exe
  2⤵
  PID:5704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1339.exe

Filesize
468KB

MD5
08d0db9e2c9657a05b6c833a52315a62

SHA1
c0724e456a02e0729929706c0ebf495413559d52

SHA256
1046b0368103df005194a3fc79076b62603f917e5ab4bd72973f1b727eceebfa

SHA512
3de64c477b37d1fdc406e905ddd25dc3cd42b044cb2cc4470e83a99a142f78e24a3e684cef0bacc004287ef98adebfe3ac57a990ac30b8c792a661a0d02de9c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14670.exe

Filesize
468KB

MD5
5d4e613625d98e1039f162376bd93b30

SHA1
f07a2f9d9deb98c8c26a145b2a7931ec2f2d6237

SHA256
53232f763d760f3bac7451c0c7ea9549df18dfcd467540e9f7d07a4f08019357

SHA512
5c83262879d24f2b4d245a47c32817e19e19605fac39175d5ed9ad6e6e26277871465331ac1297eb97dce4a62af1cdfb2fbc9a9b151f00a8f07fd222a0a027b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14796.exe

Filesize
468KB

MD5
ce23c1bad97f0e44d4d91c006b2a1e62

SHA1
0690413b701c03f9a4af7f106eb18185c4716fe3

SHA256
f754305b4b8829b16473af6d9d27fc9d6aae433aa5751a9f1aebf92c9e53ae93

SHA512
c2ab6f9c6890a36dd2bb29e1c21b7aa8ff10309522b4a58cf37ef78a7c12b477e76093db0ce1930bc7049a4fba1c3b687b703662d282ba8556424b059745e3e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23893.exe

Filesize
468KB

MD5
a9dca96abb12657e4e50789701c7bca7

SHA1
06346caf79a0f60d6c6908a4a3db4f34722a5c92

SHA256
d1efde5240329f61b1c85b29663c0302968603236fe48c377539b4106a37fb20

SHA512
c363d92e02321ecc730066faa6fce39646b136c6bf5444a0f01856a208fbbfae7461e09f4370b8d31e6b7b309615c78b7f66e603a9df8817e4fd628dd486aa1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26936.exe

Filesize
468KB

MD5
daae601764973524f205deafcae03879

SHA1
e2bd414d31ae95e02de6fb97e2c022a8d878471a

SHA256
2871d16b267f202512fabb22884d766b5631543b3dfc2d158bed6e51db6fa32d

SHA512
5c1eedf6acdcb155701da0e4016d4fde7688f293cbeab1d91ed6593cf6181debaf05a467e40a7bd60570b5dc5c48f855e8f46b30547e5f1aee00d2e7148db71f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35172.exe

Filesize
468KB

MD5
2032ff7ff14a3a99b10cde031bfd77c9

SHA1
fb50bf949d307cf064233d82d6306a86383e368b

SHA256
15664d455582fe15e8015ce5ded1592ddf43037a48d96e86077a6fc34b416d0f

SHA512
05bddf74a761dccd1f5cdc370cd54c3b8884a073dcad9436000d11bc50e9ed6bf3de3577369bd82cad1f4e5fd8c6313ebe2e5d4cfb0365df406da3a8ddb1b9bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4035.exe

Filesize
468KB

MD5
79d082462d9cdb5ae9cf1a7b17011474

SHA1
5ee911e09bb00766b00464bdae00c9a31484b39e

SHA256
59ac3361a5d784d8af88fa3320ed62fac5c6ccdf40f14be27ee5802ff7f906bb

SHA512
706a11e58457ce1ddb580a42a588d049757f92d953585c52a70869ee0cc5bc0fa5a4618391fa054ba3e819a206ccdd6e404cfae57894e94987e62d11860db3cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43347.exe

Filesize
468KB

MD5
18790b85a1c57efee2b9d8f4aba64e30

SHA1
c5c296a730d26d6aed2d4b06a575089afde8a9d3

SHA256
04584a0ae99d695970961221fdfaf4e43c3f988833e97155cb8ec3480bddc94b

SHA512
82503487e923c70d0ae7b079354d8bfd535ad423e6b340376ea84578bc0711b1cca33c540c6c2bce56f9f094e4a3b5ae723773f1ccce6fd79e133b2c303799db

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11556.exe

Filesize
468KB

MD5
0b1d4a7e78f2fc2f8abfc4282b558fa4

SHA1
9db909893d0edb660670fc8d9dac7ac91a87fc73

SHA256
7c8cc3f4ca239e0ebbf7744ba1c1186b0c952a2a3dce03a17982b17f23820c53

SHA512
4553cf75fd79f29f8eea6de1b5afba4201a8f615085502ff20bdf7ff255df300b7be04976e24e3a7b057d5c8aacb6d038cbf8bdb0a4e9e9cc993cd06939808f2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18619.exe

Filesize
468KB

MD5
be64449bebf8a38469de1a76f0fbbaf2

SHA1
818604008940b48c11297fbf0b7df94c4416f66a

SHA256
70f394efe95caeca0fa7ea61ecf78c9d0eb4af62a15a2fd23351f530c2498933

SHA512
834186ac47d8a1639224296ebb0a8b8fdc48389226e7a98f8a97084ca08a02441e86f1d7bce71823c80caba913f6af3bfaffda3abf80ed8151ca930e8ffb9077

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20805.exe

Filesize
468KB

MD5
bd1351ad42f8382f27660e81be7d359c

SHA1
e5aeb9c6cef60835b2ad56a304550ce16386c749

SHA256
05f63bde8fb7a611ef7daae0ceb43963808025f63cce082ca3b410f5f8ca2657

SHA512
f45d149c5fb962eaf8add5657733e9ccc93150c90a71598a45ac9d23faa9d8434aa4f007861198fc768d8b4d2fb7967b4e9807a735375f493bd3e266600a0daa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24792.exe

Filesize
468KB

MD5
6c6e52b3dae931254cb5b13d56fa784c

SHA1
c22facad7bafb82462753bf069bf84e353fb8b58

SHA256
5a09e0a182a8ccb64aba0477cf6c87067849fbc2b474946a07f88235b29388aa

SHA512
04ff0e90a68da20c6734b64568202a72b15d655097dbdb7622c151338e2eacea2b6c32c8ffcedb0c6f1afde68c92243bbdae5ec8b470bd4c252128dafc13212b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26671.exe

Filesize
468KB

MD5
b909ae08d181d407c6b9a434f2cbdb94

SHA1
34af6a78527ea99294916b43168894bcee32d2c1

SHA256
85d85a79d7916e6c3ec3c64670fe1abd0b06182df4a2dba2626e04f723de08fb

SHA512
3fc0d32654ac82dd16e4fc48551b15ff35703b93eae97c3e8fd8caadc0f38a87e4521756209cc8db4fd6ab7ece7f301c4973857296649c4d08685bff2d1bb899

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28405.exe

Filesize
468KB

MD5
51ff2c4f3ff5b7856ac1d9c44b0f87f5

SHA1
10cfd52377e51ecf756cecd077e23a501fbf86af

SHA256
b491daf3eb321a4b2db8bde26082a04c94aa2949f59a5140a5162569cb7cbbff

SHA512
570a1799fb2a7b5fb22d243dc2014e6338732b33056cdef6000e5cb6591bf5fd9bc63b88ca926cb447d2bd1bbe2619d85838750c96eaca844cbc46cdd6e01552

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34662.exe

Filesize
468KB

MD5
09574ed0df263c538c11b1a8e45d0ded

SHA1
7fa4adaa30a6b35c10da912009668b944b5e7e24

SHA256
d860275020160fa68d150cfc7acf856c7f8ceacca22a699315f4265a8ccd87b4

SHA512
e0111a8ca636abd32585d4aa868adbc77eccd1d4038d757604581deb92a18dafee3d098199383217ca5059a9ec4f2e7764971a554e162cc12cf578efb89babb8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40701.exe

Filesize
468KB

MD5
652432579cbdaa278e4208ec1f0901cf

SHA1
b962c18203863dbc93da2bd51035d4acaf1e22a4

SHA256
d400ad10ab363d23ceaf201f62e5327cdc2a896bbcf0770a16016bedb6c09bc3

SHA512
b2f6ab6fbd889f121dbf51a53c897a963024eb1eacc0f8bb0bbdde8d281830ccee5e7739ff0bab5a1d766d37e68c1d5361c4e301947845185c9de09576713d69

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45791.exe

Filesize
468KB

MD5
21cb756b20c6bb159487a37d420dd543

SHA1
4999db1d4914271b253958d07ecc0aa2922a240e

SHA256
6fb8ec1fba6eda9bb816b9699f76e1b9a89afc96b779dd5157219b78a0fd543b

SHA512
41602ca730801f6a4ec13a8fe0f88c5192255e10a3f7100d6db519ce23f0bf4a98de72a11f4d81a137c758c477d00c22c633790c66c825d7a788ba1c187b3492

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48485.exe

Filesize
468KB

MD5
ebdf23aa8f592465d605abf944ccfe1b

SHA1
71aa5400e2b2803445f78ee6afb0b8e3108e680a

SHA256
fa48808b0366123f0e22838f7be6ae7c1bca78bcadc37f3ee00d916ece2ff363

SHA512
03067cfa2d757954a77fcf450840fbf0f24000da7a40b75d2b9d1a8db302ec80652de854446918068b525aeec2c8690f65cd89278465dd8809d1533f888d8412

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55395.exe

Filesize
468KB

MD5
38f22cf38da5eca90b50db5f0b26176a

SHA1
7ea6a287befe035204169c5a1d264df487595f56

SHA256
50db4203657fa959114673ead6dccb3105408a4b4a8631a8ce7d8a024f5ff617

SHA512
c8ccc0d37bcd328f6b6bfe71e4dc4f5bf6799dc2efd7448f36c185de14bcfc447a2a995079a40fa89c3943c3da018844a8595e15381f1f994a4bc3b6e2eec1f9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7070.exe

Filesize
468KB

MD5
72ac6770d932cbc9cb46d417103767fb

SHA1
ec5ece12706dfe85bafb8aa51592da862e31a4a3

SHA256
7eae94c8948e49640266ee8fc8704dcfebd0bb4696f47357e670933e7946860f

SHA512
c712e6ce63f8dec7ef41fb8e1fa08ac6c92cedcb30ca6081f07e6b6d13831753ca18d068f01b4f6d6c0bd481927133ebb1b5234f70a0e8be60c77136e50a992a

Download Submit