411f1a705f28025166ac4f4ed4cdffda1d75e2f4fefbbe5ee958da5d8a06d1d7

Analysis

max time kernel
120s
max time network
18s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
13/10/2024, 22:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

411f1a705f28025166ac4f4ed4cdffda1d75e2f4fefbbe5ee958da5d8a06d1d7N.exe
Size

468KB
MD5

b37dbd17f77112b5a3bac64e021d06a0
SHA1

5cf1b9418be12409f979e6d17b5d5e3139f0ab89
SHA256

411f1a705f28025166ac4f4ed4cdffda1d75e2f4fefbbe5ee958da5d8a06d1d7
SHA512

7863df2a19e0f4d13d0e8e91b47d386f40d15a6908eae39404f560eb33a1f4c98991c9e277e1e8c125ea0c0c78f5410963435ef341155f261b4ae9f725e11e70
SSDEEP

3072:KHyTogYnIo5pCbYVPz4jef8/dRDvk0pXcmHe6Vw/8Yk85MibkIlN:KHmomopCWPEjef5Ymz8YNqibk

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2236	Unicorn-4328.exe
2972	Unicorn-24832.exe
3008	Unicorn-882.exe
2804	Unicorn-16555.exe
2720	Unicorn-28898.exe
2828	Unicorn-45890.exe
2772	Unicorn-218.exe
1576	Unicorn-45958.exe
1580	Unicorn-38667.exe
2960	Unicorn-32536.exe
2532	Unicorn-5480.exe
1692	Unicorn-9009.exe
3056	Unicorn-8744.exe
2300	Unicorn-15786.exe
1240	Unicorn-2548.exe
840	Unicorn-33296.exe
2144	Unicorn-61884.exe
2076	Unicorn-23544.exe
2556	Unicorn-10545.exe
580	Unicorn-60301.exe
2612	Unicorn-57700.exe
2692	Unicorn-24744.exe
932	Unicorn-28919.exe
2528	Unicorn-32611.exe
2540	Unicorn-34785.exe
764	Unicorn-35050.exe
1548	Unicorn-35050.exe
1700	Unicorn-26066.exe
1288	Unicorn-24749.exe
2012	Unicorn-47193.exe
1676	Unicorn-51177.exe
1276	Unicorn-57883.exe
1716	Unicorn-44048.exe
2368	Unicorn-8490.exe
1572	Unicorn-56876.exe
2968	Unicorn-58267.exe
2264	Unicorn-33571.exe
2844	Unicorn-13705.exe
1380	Unicorn-33571.exe
2832	Unicorn-33571.exe
2284	Unicorn-8874.exe
2760	Unicorn-23819.exe
2748	Unicorn-33384.exe
2576	Unicorn-2029.exe
2888	Unicorn-21629.exe
752	Unicorn-12143.exe
968	Unicorn-32009.exe
2956	Unicorn-41858.exe
2416	Unicorn-7312.exe
1396	Unicorn-7312.exe
2932	Unicorn-60497.exe
1952	Unicorn-17233.exe
2704	Unicorn-7888.exe
1812	Unicorn-60196.exe
892	Unicorn-49798.exe
2272	Unicorn-41530.exe
1980	Unicorn-47660.exe
2192	Unicorn-43576.exe
2456	Unicorn-61593.exe
2580	Unicorn-25656.exe
2168	Unicorn-52320.exe
1872	Unicorn-42568.exe
2408	Unicorn-33846.exe
1516	Unicorn-54821.exe

Loads dropped DLL 64 IoCs

pid	Process
2904	411f1a705f28025166ac4f4ed4cdffda1d75e2f4fefbbe5ee958da5d8a06d1d7N.exe
2904	411f1a705f28025166ac4f4ed4cdffda1d75e2f4fefbbe5ee958da5d8a06d1d7N.exe
2904	411f1a705f28025166ac4f4ed4cdffda1d75e2f4fefbbe5ee958da5d8a06d1d7N.exe
2236	Unicorn-4328.exe
2236	Unicorn-4328.exe
2904	411f1a705f28025166ac4f4ed4cdffda1d75e2f4fefbbe5ee958da5d8a06d1d7N.exe
2972	Unicorn-24832.exe
2972	Unicorn-24832.exe
2236	Unicorn-4328.exe
3008	Unicorn-882.exe
2904	411f1a705f28025166ac4f4ed4cdffda1d75e2f4fefbbe5ee958da5d8a06d1d7N.exe
2904	411f1a705f28025166ac4f4ed4cdffda1d75e2f4fefbbe5ee958da5d8a06d1d7N.exe
3008	Unicorn-882.exe
2236	Unicorn-4328.exe
2828	Unicorn-45890.exe
2828	Unicorn-45890.exe
2720	Unicorn-28898.exe
2720	Unicorn-28898.exe
2972	Unicorn-24832.exe
2972	Unicorn-24832.exe
2236	Unicorn-4328.exe
2236	Unicorn-4328.exe
2904	411f1a705f28025166ac4f4ed4cdffda1d75e2f4fefbbe5ee958da5d8a06d1d7N.exe
2772	Unicorn-218.exe
3008	Unicorn-882.exe
2904	411f1a705f28025166ac4f4ed4cdffda1d75e2f4fefbbe5ee958da5d8a06d1d7N.exe
3008	Unicorn-882.exe
2772	Unicorn-218.exe
2804	Unicorn-16555.exe
2804	Unicorn-16555.exe
1576	Unicorn-45958.exe
1576	Unicorn-45958.exe
1580	Unicorn-38667.exe
2828	Unicorn-45890.exe
2828	Unicorn-45890.exe
1580	Unicorn-38667.exe
2532	Unicorn-5480.exe
2532	Unicorn-5480.exe
2720	Unicorn-28898.exe
2720	Unicorn-28898.exe
2972	Unicorn-24832.exe
2960	Unicorn-32536.exe
2972	Unicorn-24832.exe
2960	Unicorn-32536.exe
3008	Unicorn-882.exe
3008	Unicorn-882.exe
3056	Unicorn-8744.exe
2236	Unicorn-4328.exe
3056	Unicorn-8744.exe
2236	Unicorn-4328.exe
1692	Unicorn-9009.exe
2300	Unicorn-15786.exe
1692	Unicorn-9009.exe
2300	Unicorn-15786.exe
2772	Unicorn-218.exe
2772	Unicorn-218.exe
2904	411f1a705f28025166ac4f4ed4cdffda1d75e2f4fefbbe5ee958da5d8a06d1d7N.exe
2904	411f1a705f28025166ac4f4ed4cdffda1d75e2f4fefbbe5ee958da5d8a06d1d7N.exe
1240	Unicorn-2548.exe
1240	Unicorn-2548.exe
2804	Unicorn-16555.exe
2804	Unicorn-16555.exe
840	Unicorn-33296.exe
840	Unicorn-33296.exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37031.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36932.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8153.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64232.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58209.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8350.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43327.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59208.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37852.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1337.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34785.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25656.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26153.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10025.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1495.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24599.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62815.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13420.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23338.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41673.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9009.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24744.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22272.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52450.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41673.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44515.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36730.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33706.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34761.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18844.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42284.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64232.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28919.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26579.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32445.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12844.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42854.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36544.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17255.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24120.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24749.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2220.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43161.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23338.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53918.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2349.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8744.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6580.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8085.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57297.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31209.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8490.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28818.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19472.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29428.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14672.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5774.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15230.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38807.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18188.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41903.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41858.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26446.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13150.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2904	411f1a705f28025166ac4f4ed4cdffda1d75e2f4fefbbe5ee958da5d8a06d1d7N.exe
2236	Unicorn-4328.exe
2972	Unicorn-24832.exe
3008	Unicorn-882.exe
2828	Unicorn-45890.exe
2804	Unicorn-16555.exe
2720	Unicorn-28898.exe
2772	Unicorn-218.exe
1576	Unicorn-45958.exe
1580	Unicorn-38667.exe
1692	Unicorn-9009.exe
2532	Unicorn-5480.exe
3056	Unicorn-8744.exe
2960	Unicorn-32536.exe
2300	Unicorn-15786.exe
1240	Unicorn-2548.exe
840	Unicorn-33296.exe
2144	Unicorn-61884.exe
2556	Unicorn-10545.exe
2076	Unicorn-23544.exe
580	Unicorn-60301.exe
2528	Unicorn-32611.exe
2692	Unicorn-24744.exe
2540	Unicorn-34785.exe
2612	Unicorn-57700.exe
1548	Unicorn-35050.exe
932	Unicorn-28919.exe
764	Unicorn-35050.exe
1288	Unicorn-24749.exe
1700	Unicorn-26066.exe
2012	Unicorn-47193.exe
1676	Unicorn-51177.exe
1276	Unicorn-57883.exe
1716	Unicorn-44048.exe
2368	Unicorn-8490.exe
1572	Unicorn-56876.exe
2264	Unicorn-33571.exe
1380	Unicorn-33571.exe
2832	Unicorn-33571.exe
2844	Unicorn-13705.exe
2968	Unicorn-58267.exe
2284	Unicorn-8874.exe
2760	Unicorn-23819.exe
2748	Unicorn-33384.exe
2576	Unicorn-2029.exe
2888	Unicorn-21629.exe
968	Unicorn-32009.exe
752	Unicorn-12143.exe
2956	Unicorn-41858.exe
2416	Unicorn-7312.exe
1396	Unicorn-7312.exe
2932	Unicorn-60497.exe
2704	Unicorn-7888.exe
1952	Unicorn-17233.exe
2272	Unicorn-41530.exe
2192	Unicorn-43576.exe
892	Unicorn-49798.exe
1980	Unicorn-47660.exe
1812	Unicorn-60196.exe
2456	Unicorn-61593.exe
2580	Unicorn-25656.exe
2168	Unicorn-52320.exe
1872	Unicorn-42568.exe
572	Unicorn-64380.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2904 wrote to memory of 2236	2904	411f1a705f28025166ac4f4ed4cdffda1d75e2f4fefbbe5ee958da5d8a06d1d7N.exe	29
PID 2904 wrote to memory of 2236	2904	411f1a705f28025166ac4f4ed4cdffda1d75e2f4fefbbe5ee958da5d8a06d1d7N.exe	29
PID 2904 wrote to memory of 2236	2904	411f1a705f28025166ac4f4ed4cdffda1d75e2f4fefbbe5ee958da5d8a06d1d7N.exe	29
PID 2904 wrote to memory of 2236	2904	411f1a705f28025166ac4f4ed4cdffda1d75e2f4fefbbe5ee958da5d8a06d1d7N.exe	29
PID 2236 wrote to memory of 2972	2236	Unicorn-4328.exe	31
PID 2236 wrote to memory of 2972	2236	Unicorn-4328.exe	31
PID 2236 wrote to memory of 2972	2236	Unicorn-4328.exe	31
PID 2236 wrote to memory of 2972	2236	Unicorn-4328.exe	31
PID 2904 wrote to memory of 3008	2904	411f1a705f28025166ac4f4ed4cdffda1d75e2f4fefbbe5ee958da5d8a06d1d7N.exe	30
PID 2904 wrote to memory of 3008	2904	411f1a705f28025166ac4f4ed4cdffda1d75e2f4fefbbe5ee958da5d8a06d1d7N.exe	30
PID 2904 wrote to memory of 3008	2904	411f1a705f28025166ac4f4ed4cdffda1d75e2f4fefbbe5ee958da5d8a06d1d7N.exe	30
PID 2904 wrote to memory of 3008	2904	411f1a705f28025166ac4f4ed4cdffda1d75e2f4fefbbe5ee958da5d8a06d1d7N.exe	30
PID 2972 wrote to memory of 2804	2972	Unicorn-24832.exe	32
PID 2972 wrote to memory of 2804	2972	Unicorn-24832.exe	32
PID 2972 wrote to memory of 2804	2972	Unicorn-24832.exe	32
PID 2972 wrote to memory of 2804	2972	Unicorn-24832.exe	32
PID 2904 wrote to memory of 2720	2904	411f1a705f28025166ac4f4ed4cdffda1d75e2f4fefbbe5ee958da5d8a06d1d7N.exe	35
PID 2904 wrote to memory of 2720	2904	411f1a705f28025166ac4f4ed4cdffda1d75e2f4fefbbe5ee958da5d8a06d1d7N.exe	35
PID 2904 wrote to memory of 2720	2904	411f1a705f28025166ac4f4ed4cdffda1d75e2f4fefbbe5ee958da5d8a06d1d7N.exe	35
PID 2904 wrote to memory of 2720	2904	411f1a705f28025166ac4f4ed4cdffda1d75e2f4fefbbe5ee958da5d8a06d1d7N.exe	35
PID 3008 wrote to memory of 2772	3008	Unicorn-882.exe	34
PID 3008 wrote to memory of 2772	3008	Unicorn-882.exe	34
PID 3008 wrote to memory of 2772	3008	Unicorn-882.exe	34
PID 3008 wrote to memory of 2772	3008	Unicorn-882.exe	34
PID 2236 wrote to memory of 2828	2236	Unicorn-4328.exe	33
PID 2236 wrote to memory of 2828	2236	Unicorn-4328.exe	33
PID 2236 wrote to memory of 2828	2236	Unicorn-4328.exe	33
PID 2236 wrote to memory of 2828	2236	Unicorn-4328.exe	33
PID 2828 wrote to memory of 1576	2828	Unicorn-45890.exe	36
PID 2828 wrote to memory of 1576	2828	Unicorn-45890.exe	36
PID 2828 wrote to memory of 1576	2828	Unicorn-45890.exe	36
PID 2828 wrote to memory of 1576	2828	Unicorn-45890.exe	36
PID 2720 wrote to memory of 1580	2720	Unicorn-28898.exe	37
PID 2720 wrote to memory of 1580	2720	Unicorn-28898.exe	37
PID 2720 wrote to memory of 1580	2720	Unicorn-28898.exe	37
PID 2720 wrote to memory of 1580	2720	Unicorn-28898.exe	37
PID 2972 wrote to memory of 2532	2972	Unicorn-24832.exe	38
PID 2972 wrote to memory of 2532	2972	Unicorn-24832.exe	38
PID 2972 wrote to memory of 2532	2972	Unicorn-24832.exe	38
PID 2972 wrote to memory of 2532	2972	Unicorn-24832.exe	38
PID 2236 wrote to memory of 2960	2236	Unicorn-4328.exe	39
PID 2236 wrote to memory of 2960	2236	Unicorn-4328.exe	39
PID 2236 wrote to memory of 2960	2236	Unicorn-4328.exe	39
PID 2236 wrote to memory of 2960	2236	Unicorn-4328.exe	39
PID 2904 wrote to memory of 3056	2904	411f1a705f28025166ac4f4ed4cdffda1d75e2f4fefbbe5ee958da5d8a06d1d7N.exe	40
PID 2904 wrote to memory of 3056	2904	411f1a705f28025166ac4f4ed4cdffda1d75e2f4fefbbe5ee958da5d8a06d1d7N.exe	40
PID 2904 wrote to memory of 3056	2904	411f1a705f28025166ac4f4ed4cdffda1d75e2f4fefbbe5ee958da5d8a06d1d7N.exe	40
PID 2904 wrote to memory of 3056	2904	411f1a705f28025166ac4f4ed4cdffda1d75e2f4fefbbe5ee958da5d8a06d1d7N.exe	40
PID 3008 wrote to memory of 2300	3008	Unicorn-882.exe	42
PID 3008 wrote to memory of 2300	3008	Unicorn-882.exe	42
PID 3008 wrote to memory of 2300	3008	Unicorn-882.exe	42
PID 3008 wrote to memory of 2300	3008	Unicorn-882.exe	42
PID 2772 wrote to memory of 1692	2772	Unicorn-218.exe	41
PID 2772 wrote to memory of 1692	2772	Unicorn-218.exe	41
PID 2772 wrote to memory of 1692	2772	Unicorn-218.exe	41
PID 2772 wrote to memory of 1692	2772	Unicorn-218.exe	41
PID 2804 wrote to memory of 1240	2804	Unicorn-16555.exe	43
PID 2804 wrote to memory of 1240	2804	Unicorn-16555.exe	43
PID 2804 wrote to memory of 1240	2804	Unicorn-16555.exe	43
PID 2804 wrote to memory of 1240	2804	Unicorn-16555.exe	43
PID 1576 wrote to memory of 840	1576	Unicorn-45958.exe	44
PID 1576 wrote to memory of 840	1576	Unicorn-45958.exe	44
PID 1576 wrote to memory of 840	1576	Unicorn-45958.exe	44
PID 1576 wrote to memory of 840	1576	Unicorn-45958.exe	44

C:\Users\Admin\AppData\Local\Temp\411f1a705f28025166ac4f4ed4cdffda1d75e2f4fefbbe5ee958da5d8a06d1d7N.exe
"C:\Users\Admin\AppData\Local\Temp\411f1a705f28025166ac4f4ed4cdffda1d75e2f4fefbbe5ee958da5d8a06d1d7N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2904
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4328.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4328.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24832.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24832.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16555.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16555.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2548.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47193.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52320.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17189.exe
        8⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13039.exe
        8⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12844.exe
        7⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45325.exe
        7⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14672.exe
        7⤵
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64232.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42568.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26579.exe
        6⤵
        
        PID:1944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24099.exe
        6⤵
        
        PID:1732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51790.exe
        6⤵
        
        PID:4692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51177.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47660.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44967.exe
        7⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12844.exe
        7⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22272.exe
        7⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23338.exe
        7⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15230.exe
        7⤵
        
        PID:4212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18085.exe
        6⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56778.exe
        7⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17255.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46611.exe
        7⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65203.exe
        7⤵
        
        PID:4732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38038.exe
        6⤵
        
        PID:1188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44941.exe
        6⤵
        
        PID:3236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14672.exe
        6⤵
        
        PID:3180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41673.exe
        6⤵
        
        PID:4908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61593.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39046.exe
        6⤵
        
        PID:1128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11697.exe
        6⤵
        
        PID:2784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24599.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53918.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26342.exe
        6⤵
        
        PID:4752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33706.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7244.exe
        5⤵
        
        PID:316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20002.exe
        5⤵
        
        PID:3748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59208.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23705.exe
        5⤵
        
        PID:4936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5480.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10545.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8874.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42637.exe
        7⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12844.exe
        7⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22272.exe
        7⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23338.exe
        7⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58209.exe
        7⤵
        
        PID:5028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63996.exe
        6⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11962.exe
        7⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57297.exe
        7⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19506.exe
        7⤵
        
        PID:4604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26579.exe
        6⤵
        
        PID:1688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36659.exe
        6⤵
        
        PID:3816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62815.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12143.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53327.exe
        6⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11962.exe
        7⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13664.exe
        7⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56917.exe
        7⤵
        
        PID:4328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58729.exe
        6⤵
        
        PID:2916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3497.exe
        6⤵
        
        PID:3988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23338.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15230.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16226.exe
        5⤵
        
        PID:3000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-872.exe
        5⤵
        
        PID:3248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62015.exe
        5⤵
        
        PID:3088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16702.exe
        5⤵
        
        PID:4808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57700.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57700.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32009.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26446.exe
        6⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59601.exe
        7⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13664.exe
        7⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65085.exe
        7⤵
        
        PID:4320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12844.exe
        6⤵
        
        PID:1148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22272.exe
        6⤵
        
        PID:3868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23338.exe
        6⤵
        
        PID:3524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58209.exe
        6⤵
        
        PID:5016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13150.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37462.exe
        5⤵
        
        PID:3020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36659.exe
        5⤵
        
        PID:3704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50742.exe
        5⤵
        
        PID:3452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51790.exe
        5⤵
        
        PID:4700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41858.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41858.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30525.exe
        5⤵
        
        PID:2248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46809.exe
        5⤵
        
        PID:3260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10588.exe
        5⤵
        
        PID:4192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64232.exe
        5⤵
        
        PID:5100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64957.exe
      4⤵
      PID:1776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13606.exe
      4⤵
      PID:3100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37081.exe
      4⤵
      PID:3732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24489.exe
      4⤵
      PID:4480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45890.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45890.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45958.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45958.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33296.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57883.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33846.exe
        7⤵
        Executes dropped EXE
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12844.exe
        7⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22272.exe
        7⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23338.exe
        7⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15230.exe
        7⤵
        
        PID:5112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44515.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8350.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8951.exe
        7⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23338.exe
        7⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58209.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2220.exe
        6⤵
        
        PID:2464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38807.exe
        6⤵
        
        PID:2668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36550.exe
        6⤵
        
        PID:3500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24120.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44048.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64380.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13420.exe
        7⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45325.exe
        7⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14672.exe
        7⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64232.exe
        7⤵
        
        PID:3116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54022.exe
        6⤵
        
        PID:2524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58406.exe
        6⤵
        
        PID:3408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63674.exe
        6⤵
        
        PID:3196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36544.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26153.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32445.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19472.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63674.exe
        5⤵
        
        PID:4140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15760.exe
        5⤵
        
        PID:5064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23544.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7888.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22653.exe
        6⤵
        
        PID:2816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29428.exe
        6⤵
        
        PID:3960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23429.exe
        6⤵
        
        PID:4560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23590.exe
        6⤵
        
        PID:4400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39678.exe
        5⤵
        
        PID:2908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17949.exe
        5⤵
        
        PID:3580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42284.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21369.exe
        5⤵
        
        PID:4220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60196.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60196.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43161.exe
        5⤵
        
        PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46809.exe
        5⤵
        
        PID:3268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64815.exe
        5⤵
        
        PID:3112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15260.exe
        5⤵
        
        PID:4800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8085.exe
      4⤵
      PID:1532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52700.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52700.exe
      4⤵
      PID:3132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20015.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20015.exe
      4⤵
      PID:3560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31209.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32536.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32536.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24744.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24744.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43576.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33016.exe
        6⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45206.exe
        7⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3737.exe
        7⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61009.exe
        7⤵
        
        PID:4964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12844.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22272.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23338.exe
        6⤵
        
        PID:4132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61666.exe
        5⤵
        
        PID:872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26579.exe
        5⤵
        
        PID:944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28138.exe
        5⤵
        
        PID:3776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14672.exe
        5⤵
        
        PID:4124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58075.exe
        5⤵
        
        PID:4352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25656.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25656.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11962.exe
        5⤵
        
        PID:868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13664.exe
        5⤵
        
        PID:4016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14672.exe
        5⤵
        
        PID:3460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64232.exe
        5⤵
        
        PID:3528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26579.exe
      4⤵
      PID:560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50742.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50742.exe
      4⤵
      PID:3384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47514.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47514.exe
      4⤵
      PID:4704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34785.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34785.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33571.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33571.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32092.exe
        5⤵
        
        PID:1476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43161.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44671.exe
        6⤵
        
        PID:3416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62677.exe
        6⤵
        
        PID:3468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41903.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54022.exe
        5⤵
        
        PID:916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58406.exe
        5⤵
        
        PID:3432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3005.exe
        5⤵
        
        PID:3356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33237.exe
        5⤵
        
        PID:4740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6580.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6580.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19929.exe
        5⤵
        
        PID:3588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60345.exe
        5⤵
        
        PID:4372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-431.exe
      4⤵
      PID:1748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18569.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18569.exe
      4⤵
      PID:3884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39260.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39260.exe
      4⤵
      PID:5052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33384.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33384.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41838.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41838.exe
      4⤵
      PID:2604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42854.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42854.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17472.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17472.exe
      4⤵
      PID:3036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1337.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1337.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48421.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48421.exe
    3⤵
    PID:1992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56136.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56136.exe
    3⤵
    PID:3364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38876.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38876.exe
    3⤵
    PID:3352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2818.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2818.exe
    3⤵
    PID:4864
- C:\Users\Admin\AppData\Local\Temp\Unicorn-882.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-882.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-218.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-218.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9009.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9009.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35050.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58267.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18844.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52450.exe
        7⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17563.exe
        7⤵
        
        PID:4464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23295.exe
        6⤵
        
        PID:688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58406.exe
        6⤵
        
        PID:3424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48632.exe
        6⤵
        
        PID:4092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29613.exe
        6⤵
        
        PID:4424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13705.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1765.exe
        6⤵
        
        PID:1936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25724.exe
        6⤵
        
        PID:3692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17472.exe
        6⤵
        
        PID:4056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23896.exe
        6⤵
        
        PID:5096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2220.exe
        5⤵
        
        PID:2016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38807.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5708.exe
        5⤵
        
        PID:3212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31713.exe
        5⤵
        
        PID:4284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26066.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7312.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5216.exe
        6⤵
        
        PID:2120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5774.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54022.exe
        5⤵
        
        PID:2008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55500.exe
        5⤵
        
        PID:3140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45216.exe
        5⤵
        
        PID:3520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14763.exe
        5⤵
        
        PID:4584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60497.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2315.exe
        5⤵
        
        PID:2496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25615.exe
        5⤵
        
        PID:3592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17563.exe
        5⤵
        
        PID:4452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8085.exe
      4⤵
      PID:1364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30141.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30141.exe
      4⤵
      PID:3080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20015.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20015.exe
      4⤵
      PID:3696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46020.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46020.exe
      4⤵
      PID:4620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15786.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15786.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35050.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35050.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33571.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32284.exe
        6⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63685.exe
        7⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29428.exe
        7⤵
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23429.exe
        7⤵
        
        PID:4576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10025.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45325.exe
        6⤵
        
        PID:3756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53918.exe
        6⤵
        
        PID:4292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7520.exe
        6⤵
        
        PID:4888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36730.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18325.exe
        6⤵
        
        PID:856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12844.exe
        6⤵
        
        PID:2060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45325.exe
        6⤵
        
        PID:3716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14672.exe
        6⤵
        
        PID:3876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41673.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12194.exe
        5⤵
        
        PID:2500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43327.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20124.exe
        5⤵
        
        PID:3604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15202.exe
        5⤵
        
        PID:4148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37208.exe
        5⤵
        
        PID:4916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23819.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23819.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11962.exe
        5⤵
        
        PID:2428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29428.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23429.exe
        5⤵
        
        PID:4568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37031.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37031.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64271.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64271.exe
      4⤵
      PID:3376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59877.exe
      4⤵
      PID:1432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55597.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55597.exe
      4⤵
      PID:4792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28919.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28919.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54821.exe
      4⤵
      Executes dropped EXE
      PID:1516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60260.exe
        5⤵
        
        PID:3548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63716.exe
        5⤵
        
        PID:3984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2462.exe
        5⤵
        
        PID:4648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26579.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1495.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1495.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14672.exe
      4⤵
      PID:3860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41673.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41673.exe
      4⤵
      PID:4900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21629.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21629.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60260.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60260.exe
      4⤵
      PID:3536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63716.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63716.exe
      4⤵
      PID:3976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28253.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28253.exe
      4⤵
      PID:4164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64957.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64957.exe
    3⤵
    PID:540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13606.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13606.exe
    3⤵
    PID:3092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37081.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37081.exe
    3⤵
    PID:3824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59299.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59299.exe
    3⤵
    PID:4516
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28898.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28898.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38667.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38667.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61884.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61884.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8490.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26446.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23726.exe
        6⤵
        
        PID:2460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45325.exe
        6⤵
        
        PID:3728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14672.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64232.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28722.exe
        5⤵
        
        PID:468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43161.exe
        6⤵
        
        PID:2600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1740.exe
        6⤵
        
        PID:3476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28954.exe
        6⤵
        
        PID:4492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8085.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18849.exe
        5⤵
        
        PID:3288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45479.exe
        5⤵
        
        PID:4020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37852.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56876.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56876.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8350.exe
        5⤵
        
        PID:1744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44671.exe
        5⤵
        
        PID:3400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57297.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50233.exe
        5⤵
        
        PID:4388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2220.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2220.exe
      4⤵
      PID:1008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38807.exe
      4⤵
      PID:2800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36550.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36550.exe
      4⤵
      PID:3532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63765.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63765.exe
      4⤵
      PID:4472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60301.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60301.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49798.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28818.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4214.exe
        5⤵
        
        PID:3568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36419.exe
        5⤵
        
        PID:4072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13205.exe
        5⤵
        
        PID:4216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12844.exe
      4⤵
      PID:948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59399.exe
        5⤵
        
        PID:3164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2349.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22272.exe
      4⤵
      PID:3896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23338.exe
      4⤵
      PID:4108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41009.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41009.exe
      4⤵
      PID:3544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41530.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41530.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33016.exe
      4⤵
      PID:2572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48008.exe
        5⤵
        
        PID:3480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48942.exe
        5⤵
        
        PID:3444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36038.exe
        5⤵
        
        PID:4820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27234.exe
      4⤵
      PID:2700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36554.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36554.exe
      4⤵
      PID:3160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23338.exe
      4⤵
      PID:3612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8054.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8054.exe
    3⤵
    PID:1184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18844.exe
      4⤵
      PID:796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52450.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52450.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48290.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48290.exe
      4⤵
      PID:4504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34661.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34661.exe
    3⤵
    PID:2256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64536.exe
      4⤵
      PID:3388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51432.exe
      4⤵
      PID:3996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58898.exe
      4⤵
      PID:4412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36932.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36932.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62353.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62353.exe
    3⤵
    PID:3916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8153.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8153.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4852
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8744.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8744.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32611.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32611.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33571.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33571.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18325.exe
        5⤵
        
        PID:2628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5061.exe
        5⤵
        
        PID:2180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19631.exe
        5⤵
        
        PID:3200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21064.exe
        5⤵
        
        PID:4636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60680.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60680.exe
      4⤵
      PID:1036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13149.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13149.exe
      4⤵
      PID:1040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2948.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2948.exe
      4⤵
      PID:4048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14672.exe
      4⤵
      PID:3912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64232.exe
      4⤵
      PID:4156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2029.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2029.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49648.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49648.exe
      4⤵
      PID:3240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12655.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12655.exe
      4⤵
      PID:4364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2220.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2220.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38807.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38807.exe
    3⤵
    PID:2852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36550.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36550.exe
    3⤵
    PID:3600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50763.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50763.exe
    3⤵
    PID:2680
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24749.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24749.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7312.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7312.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13420.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13420.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45325.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45325.exe
      4⤵
      PID:3812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14672.exe
      4⤵
      PID:3880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41673.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41673.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27155.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27155.exe
    3⤵
    PID:2940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36659.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36659.exe
    3⤵
    PID:3720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63674.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63674.exe
    3⤵
    PID:3928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58739.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58739.exe
    3⤵
    PID:4980
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17233.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17233.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13420.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13420.exe
    3⤵
    PID:2176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18188.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18188.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23338.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23338.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41009.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41009.exe
    3⤵
    PID:4304
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34761.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34761.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2848
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36743.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36743.exe
  2⤵
  PID:3276
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35679.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35679.exe
  2⤵
  PID:2156
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49996.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49996.exe
  2⤵
  PID:4784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12194.exe

Filesize
468KB

MD5
853ad9397960df4181a0188de64e09bb

SHA1
a4862f6060781b3e1ea8c3abc899d929bfc8cfc7

SHA256
931ced6fa24e46207ebb9e21de1e7538e0692fead75221ff461f6c4421c09b6d

SHA512
f0d70cc2e89fc8a73e99166916997f148fc2a668948183f16bbcdd63f59a601f543fda9ab0938283d8abaaacb9b3fe36452904926d1a1a9de23704f19b4b4863

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-218.exe

Filesize
468KB

MD5
2c35c243c844bd167fb5ff4f2835211b

SHA1
54ab4365f9680faf3071693b13b965c27ee1f1c6

SHA256
277bc9cae4ae57123e33dbf443314d9d2e4394b6ef3e5ce0d1d09910fc57d651

SHA512
a10456c85b87568ec0f9b67aabb720f038f8c855cb3491c60c7f69cb7310716144da972ce41dbfc3303604a7f07571c69453fee3a71b400ca9e0d471fe3a8dbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23544.exe

Filesize
468KB

MD5
5d5f46b4798991fd98f4156671be9e55

SHA1
0ca6272612683790b7ca7e3c033eef9c7a734bae

SHA256
132b5e3479ece02b196ed6b166c6d61b86de8227390fc0c5cb2755b71cf8ac86

SHA512
03650a916271a60a7e33113991b038df4fab9d6dbfb80d3ec35a97bebae84206226162bf6f22c4ee90cabbfb816f99434ea3c1b2c6e8aa0637835416ffa0100c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38667.exe

Filesize
468KB

MD5
ee192859433b760b055ce6609be5dab3

SHA1
66907f84e11cb8eb987b4de5cb9944f650e423f0

SHA256
c74295150e1e7c29d00093890e654d037212cb1664908717ece11c8761a0b8d5

SHA512
0aff69fd7c3b0850096b88e6bac9c4868ef537186412e5ef95d35c3febac8229134c5b8cf3970821f090c04c5562c3b7a4ac572a416be34aa508f2a1f99695c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45890.exe

Filesize
468KB

MD5
14310f9ab2bd8b40cae6dc5270e2bc9e

SHA1
2673158b7e84989171231af451424af20f6b4dd3

SHA256
d6006ddd2c797fc9e2a027e3b4e628b0d487384db6c53957ade197d5f3c19b8b

SHA512
7c52661569829cfb1aa1d7f32620677daaee63b6fd40ead7561fa6acfafd1fd9df0459ebe7880cdd8522088f37757e53e5af38b2ba92f8fdd87ebbea2b972d92

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45958.exe

Filesize
468KB

MD5
7c1ceb014d6ca0000aad907fc33f7854

SHA1
894e49aa16c30aad88448384029b704f9a35ef3f

SHA256
4f448eae2342ef71dbb1b0ff542d8c8e1c562e4010a0795a4862abbd6efd9cc1

SHA512
687a8658475c8a793d9ba0e0da10cdc391aa1fccee420f549b2df5f2d5fe02c160162c816a83693e6ba3b8206aeebc4e28dcbe9dddab765af78e8d0809c58ace

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5480.exe

Filesize
468KB

MD5
ec787b5d71f42428c58e4105668a9d86

SHA1
85abde8064ba15dddad6657d79204ab070551f3b

SHA256
bbfba379471a7eb3595a113cd298a36820e634eafce141c00c9136dec530a752

SHA512
00620a0bb851211ff9f4ba1de48212e9c815d91d8502cb10d0766b5e0ff5744e14209889dc02d021d183308fc3ff2b2f65fdcc92029c45b7a0746c724dd5abe4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61884.exe

Filesize
468KB

MD5
4ce723b30670fc812aa05f4c1fefdcb2

SHA1
177c1ef5438b54bc14445ef40ee2904d29e105de

SHA256
3e8e24407b774d885a9edf3b0f21dfde2946b1238f8991211c99262433ccab5a

SHA512
d1e224834c0d250368db8a7476a1ced9944b02e42ccef2b636c03029df56ff33a0fc58827e1dc7422010eea4207fb60c804351bd4b16e0eb75658706d18b1f23

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15786.exe

Filesize
468KB

MD5
16c8550e0dc3a2e3b0eac07d86bb81a1

SHA1
62227d8a7e86ae90b43546562023a362efedcf40

SHA256
c416fc050ef9518f2f7e89cbf6949c93fce4f16574560f0543c72593627ffb04

SHA512
c92cde83c567e5c2b41f04daebcecf3aefdcd4cbdc24f128d3dcde1bbb37bc19df60bfb9233f648b60112205f12bbc9a956589c265882ff494f26f99b9aafc8d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16555.exe

Filesize
468KB

MD5
4f2089ead8cadcd39636e388f8abc6f9

SHA1
d7257175cd721b37e955668952877d65c2eefa46

SHA256
508263d841df3b585252b78481dd4572ca7ace8d14a517e84519e68a88ef8154

SHA512
f349f9e0bb846223bf358e2ecdb1d6d5116dc7bab280cfd2d3e10286b2f0c8e6bb22f14a9284b3a2f4776801578cfdde2bf77843c80ff533d1d11366c439b204

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24832.exe

Filesize
468KB

MD5
e3b44282ef9f57ce498aff623534fd0f

SHA1
527877d24ee6af868ed29841e335122f457c3446

SHA256
af25a8fb0b75b8ddd41257d77870cafa66eaac01c25c613c9f7065f4427cb00d

SHA512
4c23a7abd42908b38fd902a921ed3e993d1013f8fba783650c0923d1de41d5e3fc52a18d758bc74578a3dddf918026a6274a3c38aebb950cefa70422873e2aa6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2548.exe

Filesize
468KB

MD5
0336649deceea77fa263a1f08e048f44

SHA1
014e02a7c92a6a13e4c49cd6031a5284329f5389

SHA256
3d4dd8fd1dc0e0486ab93e6a31cca8108916a9517e3a291e8ce91d2ce6f1202d

SHA512
9abc1069ef7c638cd3bdd3d3c039a7eb9f2904138d4b161b687d56b7f20370dea20b543f9c741b9310fef73b05e0e3df6c4f005f1157e00be86d032dfcbc2fbc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28898.exe

Filesize
468KB

MD5
0bdd5fa1507474c749bfa5efc3a7549a

SHA1
85943bde86d71f23d80fdc9039d60f03e8c7b740

SHA256
28dd726c33abbdfd9db3a07010272a1c84d15180094c73174eb22ab897dfeed1

SHA512
1b83ce5b9eb3a47fe050c402a5181609b49b12965d96f7e2fdaa58f9d1a75c65b6e62cd1faddf5786b4909c448fb518dc2284de1f383c9ad546816024a746594

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32536.exe

Filesize
468KB

MD5
c88ea243b7ef809233b9775c9dddca58

SHA1
d24a8a440709c566eab3d191a78bbee374dd85f8

SHA256
15ed2f31ac38ff06a6d54abe2fb57c778c88ce6fe54bb1e6e5b7739eee456ad7

SHA512
b5bbbe564110d5c8d883e4bd26b687833246f0223864591f19a3c122d1f2c1b03a9c808bdbd0e067d9e1b1f74784ab218f5f7a9bdb3f85d8b961e66b92a0511c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33296.exe

Filesize
468KB

MD5
06ab8de0ac3dd18ea6f36a698afb85ad

SHA1
4de839376c82b850d809784e20cd097f7764edc2

SHA256
983b67f3de19a89fe963d105df3e27448520739dc5b6cc75ac681c753725b7c6

SHA512
3d155d907300c0a91d6f9ff0bd87c72695e7e3379d2ccbdff3b2f9f787e8b0d21c3ae20a77d60a772a2229dffd40d65eb73ff038f8e84e73a3549137895a1744

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4328.exe

Filesize
468KB

MD5
8095ec6dc17792187e30d7b83c5463d0

SHA1
38e0725eca2cda879a0a621fd084b05a14076502

SHA256
f9afd24702ce6734df3fa643e38c3dfe652be53c3be178495bbb7c4aa61c10d8

SHA512
b9e52bf852ed7229a17c3a2c4a4037d16d60a55d1d94b698c72b8b64d7c39b30cbdc69b23e7c555d7dd85c9510470a47ea93ee9e9e9a82ef6c4bc55910a6405f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8744.exe

Filesize
468KB

MD5
ed807e04084b8c9bdb6f7d12ca5af3a2

SHA1
a8f1badb2d2707db010d967b300d1ac1ac17b6ab

SHA256
f120c1ab11a3d7964cb3307b476a24f5c6aa5e8b9998992c27336c3a35f87214

SHA512
d86a8fc48f974e48650d6ef4d4b2da4eb976f84d16a4ae5291971944a9e467467c835307e956007f486a02121c2a95202a0618d8c506401bac8c8856b45c3b1a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-882.exe

Filesize
468KB

MD5
cb554c84ddc1754942411e9555534714

SHA1
ded199fee7968daa9a79a88bf85d580524b3b699

SHA256
f2b99e49d5dd050184c85a006221203c536f71015c983240fa08505b1fddd219

SHA512
7859b4f491e3ad019938a63c2fb35cea2ec9cbcb7b988382db417434c86ed85c2cdd0e3d33d48e5d1eebf9b0c29745b57e6e9d8f57095a8cc588c401f1a2002b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9009.exe

Filesize
468KB

MD5
741e4352269f438f771b218d468e9ffd

SHA1
6773f8a2c5ba4ff21be563b69b9db64b7735f785

SHA256
33ed798ccddc580fede478c2cc8c224e7c546c6b5f6e5882e0ffeac45b6cf272

SHA512
0dfeae814667d5d829e59d4c82b32f566b4456e1798c04eef28717953070953be04820504bc87a6e5afc404e0319d3dd43a34da4f3f113cfc8bf1092503533a1

Download Submit