abbdf3a438a82af830ffe8ba66bd62089e08f521dd49bb8afd3ae4cfca5a679f

Analysis

max time kernel
149s
max time network
127s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
13/10/2024, 01:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

abbdf3a438a82af830ffe8ba66bd62089e08f521dd49bb8afd3ae4cfca5a679f.exe
Size

468KB
MD5

c2e087e01f1aaa5358b822eddd5cbc0a
SHA1

1abbea7addb21e70f5b288848d35189ee59fffca
SHA256

abbdf3a438a82af830ffe8ba66bd62089e08f521dd49bb8afd3ae4cfca5a679f
SHA512

dfeb5ace261ea43036c79c88377d6a3a3e73dede9c070c3fc3a50f018e82b08491dfe946f4cbc6f9f2fa3235f72aa4bf8ddb29f0e4520f963ef0bfa2876908fc
SSDEEP

3072:4belogxaIU57tbY/PzcfmbfD/n2DnsIH9QmyeQVqAi52kki3uxulA:4b4oCc7t8P4fmbfra7wi5X73ux

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2856	Unicorn-21028.exe
2768	Unicorn-51251.exe
2672	Unicorn-49367.exe
1780	Unicorn-35279.exe
2756	Unicorn-48361.exe
2680	Unicorn-2689.exe
2620	Unicorn-60477.exe
3036	Unicorn-42433.exe
2916	Unicorn-11908.exe
2904	Unicorn-30046.exe
1208	Unicorn-7098.exe
2444	Unicorn-52770.exe
2376	Unicorn-40876.exe
2980	Unicorn-41141.exe
568	Unicorn-35010.exe
2064	Unicorn-39792.exe
1912	Unicorn-35411.exe
3012	Unicorn-21204.exe
2352	Unicorn-42775.exe
364	Unicorn-46030.exe
1980	Unicorn-26142.exe
1732	Unicorn-13549.exe
1256	Unicorn-47986.exe
1516	Unicorn-35179.exe
2016	Unicorn-32875.exe
1656	Unicorn-26744.exe
2360	Unicorn-6246.exe
812	Unicorn-60848.exe
2056	Unicorn-15176.exe
1248	Unicorn-15176.exe
1072	Unicorn-15871.exe
1712	Unicorn-14081.exe
1936	Unicorn-34859.exe
2240	Unicorn-54917.exe
2284	Unicorn-62134.exe
2760	Unicorn-53739.exe
2844	Unicorn-58674.exe
2952	Unicorn-59982.exe
2572	Unicorn-40479.exe
2632	Unicorn-45265.exe
2116	Unicorn-32961.exe
1156	Unicorn-20237.exe
2684	Unicorn-1487.exe
2472	Unicorn-1487.exe
2676	Unicorn-47159.exe
3040	Unicorn-40246.exe
700	Unicorn-14067.exe
1400	Unicorn-22998.exe
2968	Unicorn-57818.exe
2260	Unicorn-43641.exe
624	Unicorn-54720.exe
1148	Unicorn-15868.exe
2396	Unicorn-33714.exe
1052	Unicorn-8248.exe
2184	Unicorn-15301.exe
368	Unicorn-65042.exe
2200	Unicorn-48021.exe
1964	Unicorn-33138.exe
2080	Unicorn-6708.exe
1392	Unicorn-1128.exe
1388	Unicorn-1128.exe
1608	Unicorn-52930.exe
1800	Unicorn-32251.exe
2024	Unicorn-14727.exe

Loads dropped DLL 64 IoCs

pid	Process
2880	abbdf3a438a82af830ffe8ba66bd62089e08f521dd49bb8afd3ae4cfca5a679f.exe
2880	abbdf3a438a82af830ffe8ba66bd62089e08f521dd49bb8afd3ae4cfca5a679f.exe
2856	Unicorn-21028.exe
2856	Unicorn-21028.exe
2880	abbdf3a438a82af830ffe8ba66bd62089e08f521dd49bb8afd3ae4cfca5a679f.exe
2880	abbdf3a438a82af830ffe8ba66bd62089e08f521dd49bb8afd3ae4cfca5a679f.exe
2768	Unicorn-51251.exe
2768	Unicorn-51251.exe
2856	Unicorn-21028.exe
2856	Unicorn-21028.exe
2672	Unicorn-49367.exe
2880	abbdf3a438a82af830ffe8ba66bd62089e08f521dd49bb8afd3ae4cfca5a679f.exe
2672	Unicorn-49367.exe
2880	abbdf3a438a82af830ffe8ba66bd62089e08f521dd49bb8afd3ae4cfca5a679f.exe
1780	Unicorn-35279.exe
1780	Unicorn-35279.exe
2768	Unicorn-51251.exe
2768	Unicorn-51251.exe
2680	Unicorn-2689.exe
2680	Unicorn-2689.exe
2672	Unicorn-49367.exe
2620	Unicorn-60477.exe
2620	Unicorn-60477.exe
2672	Unicorn-49367.exe
2880	abbdf3a438a82af830ffe8ba66bd62089e08f521dd49bb8afd3ae4cfca5a679f.exe
2756	Unicorn-48361.exe
2880	abbdf3a438a82af830ffe8ba66bd62089e08f521dd49bb8afd3ae4cfca5a679f.exe
2756	Unicorn-48361.exe
2856	Unicorn-21028.exe
2856	Unicorn-21028.exe
3036	Unicorn-42433.exe
3036	Unicorn-42433.exe
1780	Unicorn-35279.exe
1780	Unicorn-35279.exe
2904	Unicorn-30046.exe
2904	Unicorn-30046.exe
2680	Unicorn-2689.exe
2680	Unicorn-2689.exe
2916	Unicorn-11908.exe
2916	Unicorn-11908.exe
2768	Unicorn-51251.exe
2768	Unicorn-51251.exe
1208	Unicorn-7098.exe
1208	Unicorn-7098.exe
2620	Unicorn-60477.exe
2620	Unicorn-60477.exe
2444	Unicorn-52770.exe
2444	Unicorn-52770.exe
2672	Unicorn-49367.exe
2980	Unicorn-41141.exe
2672	Unicorn-49367.exe
2980	Unicorn-41141.exe
2880	abbdf3a438a82af830ffe8ba66bd62089e08f521dd49bb8afd3ae4cfca5a679f.exe
2880	abbdf3a438a82af830ffe8ba66bd62089e08f521dd49bb8afd3ae4cfca5a679f.exe
2756	Unicorn-48361.exe
2756	Unicorn-48361.exe
568	Unicorn-35010.exe
2376	Unicorn-40876.exe
568	Unicorn-35010.exe
2376	Unicorn-40876.exe
2856	Unicorn-21028.exe
2856	Unicorn-21028.exe
2064	Unicorn-39792.exe
2064	Unicorn-39792.exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46681.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53271.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28764.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32961.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9071.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41976.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54720.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32799.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43763.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57049.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52301.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27874.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38718.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-508.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30713.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41317.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64231.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18669.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14729.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9166.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47841.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54917.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25964.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56569.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34859.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18669.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34246.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13034.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14169.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53187.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4964.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8834.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53148.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64490.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62783.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32125.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18647.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58984.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38617.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35299.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20237.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44483.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12782.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12615.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15301.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8248.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8893.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32717.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14169.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47159.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59772.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38862.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12615.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54540.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10534.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65166.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46291.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58463.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31458.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55805.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10004.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19372.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46030.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65042.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2880	abbdf3a438a82af830ffe8ba66bd62089e08f521dd49bb8afd3ae4cfca5a679f.exe
2856	Unicorn-21028.exe
2768	Unicorn-51251.exe
2672	Unicorn-49367.exe
1780	Unicorn-35279.exe
2756	Unicorn-48361.exe
2680	Unicorn-2689.exe
2620	Unicorn-60477.exe
3036	Unicorn-42433.exe
2916	Unicorn-11908.exe
2904	Unicorn-30046.exe
1208	Unicorn-7098.exe
2444	Unicorn-52770.exe
2376	Unicorn-40876.exe
2980	Unicorn-41141.exe
568	Unicorn-35010.exe
2064	Unicorn-39792.exe
1912	Unicorn-35411.exe
3012	Unicorn-21204.exe
2352	Unicorn-42775.exe
364	Unicorn-46030.exe
1980	Unicorn-26142.exe
1732	Unicorn-13549.exe
1516	Unicorn-35179.exe
1256	Unicorn-47986.exe
2016	Unicorn-32875.exe
2360	Unicorn-6246.exe
2056	Unicorn-15176.exe
1248	Unicorn-15176.exe
812	Unicorn-60848.exe
1072	Unicorn-15871.exe
1656	Unicorn-26744.exe
2240	Unicorn-54917.exe
2284	Unicorn-62134.exe
1712	Unicorn-14081.exe
1936	Unicorn-34859.exe
2760	Unicorn-53739.exe
2844	Unicorn-58674.exe
2952	Unicorn-59982.exe
2572	Unicorn-40479.exe
2632	Unicorn-45265.exe
1156	Unicorn-20237.exe
2116	Unicorn-32961.exe
2676	Unicorn-47159.exe
2684	Unicorn-1487.exe
2472	Unicorn-1487.exe
700	Unicorn-14067.exe
2968	Unicorn-57818.exe
3040	Unicorn-40246.exe
1400	Unicorn-22998.exe
2260	Unicorn-43641.exe
624	Unicorn-54720.exe
1148	Unicorn-15868.exe
1052	Unicorn-8248.exe
2396	Unicorn-33714.exe
2184	Unicorn-15301.exe
368	Unicorn-65042.exe
2200	Unicorn-48021.exe
1964	Unicorn-33138.exe
2080	Unicorn-6708.exe
1392	Unicorn-1128.exe
1608	Unicorn-52930.exe
1388	Unicorn-1128.exe
1800	Unicorn-32251.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2880 wrote to memory of 2856	2880	abbdf3a438a82af830ffe8ba66bd62089e08f521dd49bb8afd3ae4cfca5a679f.exe	30
PID 2880 wrote to memory of 2856	2880	abbdf3a438a82af830ffe8ba66bd62089e08f521dd49bb8afd3ae4cfca5a679f.exe	30
PID 2880 wrote to memory of 2856	2880	abbdf3a438a82af830ffe8ba66bd62089e08f521dd49bb8afd3ae4cfca5a679f.exe	30
PID 2880 wrote to memory of 2856	2880	abbdf3a438a82af830ffe8ba66bd62089e08f521dd49bb8afd3ae4cfca5a679f.exe	30
PID 2856 wrote to memory of 2768	2856	Unicorn-21028.exe	31
PID 2856 wrote to memory of 2768	2856	Unicorn-21028.exe	31
PID 2856 wrote to memory of 2768	2856	Unicorn-21028.exe	31
PID 2856 wrote to memory of 2768	2856	Unicorn-21028.exe	31
PID 2880 wrote to memory of 2672	2880	abbdf3a438a82af830ffe8ba66bd62089e08f521dd49bb8afd3ae4cfca5a679f.exe	32
PID 2880 wrote to memory of 2672	2880	abbdf3a438a82af830ffe8ba66bd62089e08f521dd49bb8afd3ae4cfca5a679f.exe	32
PID 2880 wrote to memory of 2672	2880	abbdf3a438a82af830ffe8ba66bd62089e08f521dd49bb8afd3ae4cfca5a679f.exe	32
PID 2880 wrote to memory of 2672	2880	abbdf3a438a82af830ffe8ba66bd62089e08f521dd49bb8afd3ae4cfca5a679f.exe	32
PID 2768 wrote to memory of 1780	2768	Unicorn-51251.exe	33
PID 2768 wrote to memory of 1780	2768	Unicorn-51251.exe	33
PID 2768 wrote to memory of 1780	2768	Unicorn-51251.exe	33
PID 2768 wrote to memory of 1780	2768	Unicorn-51251.exe	33
PID 2856 wrote to memory of 2756	2856	Unicorn-21028.exe	34
PID 2856 wrote to memory of 2756	2856	Unicorn-21028.exe	34
PID 2856 wrote to memory of 2756	2856	Unicorn-21028.exe	34
PID 2856 wrote to memory of 2756	2856	Unicorn-21028.exe	34
PID 2672 wrote to memory of 2680	2672	Unicorn-49367.exe	35
PID 2672 wrote to memory of 2680	2672	Unicorn-49367.exe	35
PID 2672 wrote to memory of 2680	2672	Unicorn-49367.exe	35
PID 2672 wrote to memory of 2680	2672	Unicorn-49367.exe	35
PID 2880 wrote to memory of 2620	2880	abbdf3a438a82af830ffe8ba66bd62089e08f521dd49bb8afd3ae4cfca5a679f.exe	36
PID 2880 wrote to memory of 2620	2880	abbdf3a438a82af830ffe8ba66bd62089e08f521dd49bb8afd3ae4cfca5a679f.exe	36
PID 2880 wrote to memory of 2620	2880	abbdf3a438a82af830ffe8ba66bd62089e08f521dd49bb8afd3ae4cfca5a679f.exe	36
PID 2880 wrote to memory of 2620	2880	abbdf3a438a82af830ffe8ba66bd62089e08f521dd49bb8afd3ae4cfca5a679f.exe	36
PID 1780 wrote to memory of 3036	1780	Unicorn-35279.exe	37
PID 1780 wrote to memory of 3036	1780	Unicorn-35279.exe	37
PID 1780 wrote to memory of 3036	1780	Unicorn-35279.exe	37
PID 1780 wrote to memory of 3036	1780	Unicorn-35279.exe	37
PID 2768 wrote to memory of 2916	2768	Unicorn-51251.exe	38
PID 2768 wrote to memory of 2916	2768	Unicorn-51251.exe	38
PID 2768 wrote to memory of 2916	2768	Unicorn-51251.exe	38
PID 2768 wrote to memory of 2916	2768	Unicorn-51251.exe	38
PID 2680 wrote to memory of 2904	2680	Unicorn-2689.exe	39
PID 2680 wrote to memory of 2904	2680	Unicorn-2689.exe	39
PID 2680 wrote to memory of 2904	2680	Unicorn-2689.exe	39
PID 2680 wrote to memory of 2904	2680	Unicorn-2689.exe	39
PID 2620 wrote to memory of 1208	2620	Unicorn-60477.exe	41
PID 2620 wrote to memory of 1208	2620	Unicorn-60477.exe	41
PID 2620 wrote to memory of 1208	2620	Unicorn-60477.exe	41
PID 2620 wrote to memory of 1208	2620	Unicorn-60477.exe	41
PID 2672 wrote to memory of 2444	2672	Unicorn-49367.exe	40
PID 2672 wrote to memory of 2444	2672	Unicorn-49367.exe	40
PID 2672 wrote to memory of 2444	2672	Unicorn-49367.exe	40
PID 2672 wrote to memory of 2444	2672	Unicorn-49367.exe	40
PID 2880 wrote to memory of 2376	2880	abbdf3a438a82af830ffe8ba66bd62089e08f521dd49bb8afd3ae4cfca5a679f.exe	42
PID 2880 wrote to memory of 2376	2880	abbdf3a438a82af830ffe8ba66bd62089e08f521dd49bb8afd3ae4cfca5a679f.exe	42
PID 2880 wrote to memory of 2376	2880	abbdf3a438a82af830ffe8ba66bd62089e08f521dd49bb8afd3ae4cfca5a679f.exe	42
PID 2880 wrote to memory of 2376	2880	abbdf3a438a82af830ffe8ba66bd62089e08f521dd49bb8afd3ae4cfca5a679f.exe	42
PID 2756 wrote to memory of 2980	2756	Unicorn-48361.exe	43
PID 2756 wrote to memory of 2980	2756	Unicorn-48361.exe	43
PID 2756 wrote to memory of 2980	2756	Unicorn-48361.exe	43
PID 2756 wrote to memory of 2980	2756	Unicorn-48361.exe	43
PID 2856 wrote to memory of 568	2856	Unicorn-21028.exe	44
PID 2856 wrote to memory of 568	2856	Unicorn-21028.exe	44
PID 2856 wrote to memory of 568	2856	Unicorn-21028.exe	44
PID 2856 wrote to memory of 568	2856	Unicorn-21028.exe	44
PID 3036 wrote to memory of 2064	3036	Unicorn-42433.exe	45
PID 3036 wrote to memory of 2064	3036	Unicorn-42433.exe	45
PID 3036 wrote to memory of 2064	3036	Unicorn-42433.exe	45
PID 3036 wrote to memory of 2064	3036	Unicorn-42433.exe	45

C:\Users\Admin\AppData\Local\Temp\abbdf3a438a82af830ffe8ba66bd62089e08f521dd49bb8afd3ae4cfca5a679f.exe
"C:\Users\Admin\AppData\Local\Temp\abbdf3a438a82af830ffe8ba66bd62089e08f521dd49bb8afd3ae4cfca5a679f.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2880
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21028.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21028.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51251.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51251.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35279.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35279.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42433.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39792.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14081.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33138.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28937.exe
        9⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24969.exe
        9⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37825.exe
        9⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18669.exe
        9⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25964.exe
        9⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18634.exe
        9⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9071.exe
        8⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12430.exe
        8⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11977.exe
        8⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10004.exe
        8⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9429.exe
        8⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35700.exe
        8⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60986.exe
        7⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37657.exe
        8⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38862.exe
        8⤵
        
        PID:456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
        8⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2442.exe
        8⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14153.exe
        8⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18634.exe
        8⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34678.exe
        7⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49798.exe
        7⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15419.exe
        7⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54540.exe
        7⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65166.exe
        7⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13034.exe
        7⤵
        
        PID:4852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34859.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52301.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38862.exe
        7⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
        7⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2442.exe
        7⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14729.exe
        7⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1585.exe
        7⤵
        
        PID:5564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18490.exe
        6⤵
        
        PID:2508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58463.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9982.exe
        6⤵
        
        PID:3476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57833.exe
        6⤵
        
        PID:3536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26495.exe
        6⤵
        
        PID:4992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
        6⤵
        
        PID:6056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35411.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54917.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33714.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16934.exe
        8⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47455.exe
        8⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58582.exe
        8⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18669.exe
        8⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14729.exe
        8⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26155.exe
        8⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30575.exe
        7⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35938.exe
        7⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-280.exe
        7⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10534.exe
        7⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4964.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8834.exe
        7⤵
        
        PID:5992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15301.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65276.exe
        7⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33547.exe
        7⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47140.exe
        7⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18669.exe
        7⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14729.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18634.exe
        7⤵
        
        PID:5408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22806.exe
        6⤵
        
        PID:1060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1518.exe
        6⤵
        
        PID:288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23301.exe
        6⤵
        
        PID:3248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59006.exe
        6⤵
        
        PID:4212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15259.exe
        6⤵
        
        PID:4424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24512.exe
        6⤵
        
        PID:5436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62134.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26115.exe
        6⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7599.exe
        7⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38862.exe
        7⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
        7⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56028.exe
        7⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25964.exe
        7⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53604.exe
        7⤵
        
        PID:5628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42492.exe
        6⤵
        
        PID:2036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52598.exe
        6⤵
        
        PID:2132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47370.exe
        6⤵
        
        PID:3968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59006.exe
        6⤵
        
        PID:4100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15259.exe
        6⤵
        
        PID:4548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
        6⤵
        
        PID:6032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59394.exe
        5⤵
        
        PID:2804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37657.exe
        6⤵
        
        PID:632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38862.exe
        6⤵
        
        PID:1612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56028.exe
        6⤵
        
        PID:3488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25964.exe
        6⤵
        
        PID:5060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59634.exe
        6⤵
        
        PID:5664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26012.exe
        5⤵
        
        PID:112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33262.exe
        5⤵
        
        PID:1348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10512.exe
        5⤵
        
        PID:3428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53367.exe
        5⤵
        
        PID:3436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65166.exe
        5⤵
        
        PID:4928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13034.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11908.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11908.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46030.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43641.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28937.exe
        7⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60968.exe
        7⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6750.exe
        7⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27712.exe
        7⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9544.exe
        7⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
        7⤵
        
        PID:6128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9071.exe
        6⤵
        
        PID:1068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61190.exe
        6⤵
        
        PID:2512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12615.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10004.exe
        6⤵
        
        PID:3916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29925.exe
        6⤵
        
        PID:4952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35700.exe
        6⤵
        
        PID:5900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54720.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60256.exe
        6⤵
        
        PID:5100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19298.exe
        6⤵
        
        PID:4324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25390.exe
        6⤵
        
        PID:5700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21909.exe
        5⤵
        
        PID:2580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3752.exe
        5⤵
        
        PID:3876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17345.exe
        5⤵
        
        PID:3908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54540.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26629.exe
        5⤵
        
        PID:4860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50835.exe
        5⤵
        
        PID:5232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26142.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26142.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45265.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20858.exe
        6⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13197.exe
        7⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33547.exe
        7⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60653.exe
        7⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18669.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14729.exe
        7⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3175.exe
        7⤵
        
        PID:5176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23173.exe
        6⤵
        
        PID:680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29887.exe
        6⤵
        
        PID:3976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30520.exe
        6⤵
        
        PID:3992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59006.exe
        6⤵
        
        PID:3984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26495.exe
        6⤵
        
        PID:4932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
        6⤵
        
        PID:6088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7785.exe
        5⤵
        
        PID:580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26072.exe
        6⤵
        
        PID:1464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52786.exe
        6⤵
        
        PID:948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
        6⤵
        
        PID:3704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2442.exe
        6⤵
        
        PID:3344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14729.exe
        6⤵
        
        PID:4444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18634.exe
        6⤵
        
        PID:5356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38499.exe
        5⤵
        
        PID:1828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31458.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30834.exe
        5⤵
        
        PID:3964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10534.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59265.exe
        5⤵
        
        PID:4468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8834.exe
        5⤵
        
        PID:6112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32961.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32961.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-488.exe
        5⤵
        
        PID:2464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49349.exe
        5⤵
        
        PID:3320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39169.exe
        5⤵
        
        PID:3828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18669.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14729.exe
        5⤵
        
        PID:4476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18634.exe
        5⤵
        
        PID:5316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20006.exe
      4⤵
      PID:2988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58632.exe
      4⤵
      PID:3272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3842.exe
      4⤵
      PID:3580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54540.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54540.exe
      4⤵
      PID:1480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65166.exe
      4⤵
      PID:4916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13034.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13034.exe
      4⤵
      PID:5144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48361.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48361.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41141.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41141.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32875.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6708.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30713.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5062.exe
        7⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8893.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6960.exe
        7⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19372.exe
        7⤵
        
        PID:5220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19154.exe
        6⤵
        
        PID:1124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9166.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12615.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38718.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52829.exe
        6⤵
        
        PID:4524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
        6⤵
        
        PID:5876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52930.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40955.exe
        6⤵
        
        PID:2412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60968.exe
        6⤵
        
        PID:2796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26101.exe
        6⤵
        
        PID:3348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18669.exe
        6⤵
        
        PID:4148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25964.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53995.exe
        6⤵
        
        PID:5640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39433.exe
        5⤵
        
        PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15031.exe
        5⤵
        
        PID:2688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23301.exe
        5⤵
        
        PID:3300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59006.exe
        5⤵
        
        PID:3464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32717.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
        5⤵
        
        PID:6104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65042.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14752.exe
        6⤵
        
        PID:1128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30068.exe
        6⤵
        
        PID:4080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24296.exe
        6⤵
        
        PID:308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10691.exe
        6⤵
        
        PID:4328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34246.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
        6⤵
        
        PID:5892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8049.exe
        5⤵
        
        PID:2128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64490.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15997.exe
        5⤵
        
        PID:3132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22806.exe
        5⤵
        
        PID:4564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46765.exe
        5⤵
        
        PID:5292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63909.exe
        5⤵
        
        PID:5976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1128.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
        5⤵
        
        PID:3596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57888.exe
        5⤵
        
        PID:4824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60196.exe
        5⤵
        
        PID:5112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4993.exe
        5⤵
        
        PID:5668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25668.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25668.exe
      4⤵
      PID:2112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39289.exe
      4⤵
      PID:3160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16527.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16527.exe
      4⤵
      PID:3184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19109.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19109.exe
      4⤵
      PID:4576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48690.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48690.exe
      4⤵
      PID:5444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35010.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35010.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15176.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27651.exe
        5⤵
        
        PID:1548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27874.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5880.exe
        6⤵
        
        PID:3900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12804.exe
        6⤵
        
        PID:3960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34630.exe
        6⤵
        
        PID:4968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35169.exe
        6⤵
        
        PID:6024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6067.exe
        5⤵
        
        PID:1944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47283.exe
        5⤵
        
        PID:3804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-981.exe
        5⤵
        
        PID:3308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10004.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33836.exe
        5⤵
        
        PID:5028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
        5⤵
        
        PID:6120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46291.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46291.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60324.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60324.exe
      4⤵
      PID:2384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53148.exe
      4⤵
      PID:3796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57853.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57853.exe
      4⤵
      PID:3360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59006.exe
      4⤵
      PID:4228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15259.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15259.exe
      4⤵
      PID:4556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
      4⤵
      PID:6080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15871.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15871.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1487.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1487.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65084.exe
        5⤵
        
        PID:1792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33547.exe
        5⤵
        
        PID:3740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60077.exe
        5⤵
        
        PID:2364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55254.exe
        5⤵
        
        PID:4780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34995.exe
        5⤵
        
        PID:2440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35700.exe
        5⤵
        
        PID:5984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62605.exe
      4⤵
      PID:2812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63084.exe
      4⤵
      PID:3312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11977.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11977.exe
      4⤵
      PID:3624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10004.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10004.exe
      4⤵
      PID:4196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63731.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63731.exe
      4⤵
      PID:4684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35700.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35700.exe
      4⤵
      PID:5812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14067.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14067.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53557.exe
      4⤵
      PID:2380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38862.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
      4⤵
      PID:3688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31958.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31958.exe
      4⤵
      PID:4648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1985.exe
      4⤵
      PID:5396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26747.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26747.exe
    3⤵
    PID:1684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50328.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50328.exe
    3⤵
    PID:2736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54518.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54518.exe
    3⤵
    PID:3400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61546.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61546.exe
    3⤵
    PID:1688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58131.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58131.exe
    3⤵
    PID:4480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50835.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50835.exe
    3⤵
    PID:5236
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49367.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49367.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2689.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2689.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30046.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30046.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21204.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53739.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19150.exe
        7⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16456.exe
        8⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18782.exe
        8⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57049.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53187.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20644.exe
        8⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32799.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53148.exe
        7⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57277.exe
        7⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59006.exe
        7⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26495.exe
        7⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
        7⤵
        
        PID:6072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59772.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30575.exe
        6⤵
        
        PID:1940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39455.exe
        6⤵
        
        PID:3264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16527.exe
        6⤵
        
        PID:3180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18175.exe
        6⤵
        
        PID:4676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13361.exe
        6⤵
        
        PID:5520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58674.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48021.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30483.exe
        7⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35299.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22172.exe
        7⤵
        
        PID:5156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43409.exe
        6⤵
        
        PID:1288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47283.exe
        6⤵
        
        PID:3812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15229.exe
        6⤵
        
        PID:4004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55095.exe
        6⤵
        
        PID:4500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46765.exe
        6⤵
        
        PID:5284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63909.exe
        6⤵
        
        PID:5844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1128.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60822.exe
        6⤵
        
        PID:472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58728.exe
        7⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7344.exe
        7⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49141.exe
        7⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10691.exe
        7⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9544.exe
        7⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
        7⤵
        
        PID:6040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38862.exe
        6⤵
        
        PID:2280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
        6⤵
        
        PID:3716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2442.exe
        6⤵
        
        PID:2440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3894.exe
        6⤵
        
        PID:4664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34227.exe
        6⤵
        
        PID:4728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35700.exe
        6⤵
        
        PID:5128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45072.exe
        5⤵
        
        PID:832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49798.exe
        5⤵
        
        PID:3004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46312.exe
        5⤵
        
        PID:3888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49205.exe
        5⤵
        
        PID:4280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3829.exe
        5⤵
        
        PID:4976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56569.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42775.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42775.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59982.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4553.exe
        6⤵
        
        PID:2492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38862.exe
        6⤵
        
        PID:1568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
        6⤵
        
        PID:3640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31958.exe
        6⤵
        
        PID:4632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23926.exe
        6⤵
        
        PID:5008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35700.exe
        6⤵
        
        PID:5800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53271.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52598.exe
        5⤵
        
        PID:2532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18647.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42080.exe
        5⤵
        
        PID:1372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49295.exe
        5⤵
        
        PID:5012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
        5⤵
        
        PID:6096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40479.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21212.exe
        5⤵
        
        PID:556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38862.exe
        5⤵
        
        PID:1992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
        5⤵
        
        PID:3696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2442.exe
        5⤵
        
        PID:3100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14729.exe
        5⤵
        
        PID:4484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18634.exe
        5⤵
        
        PID:5348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53292.exe
      4⤵
      PID:2368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55368.exe
      4⤵
      PID:3092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4480.exe
      4⤵
      PID:3256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54540.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54540.exe
      4⤵
      PID:4180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65166.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13034.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13034.exe
      4⤵
      PID:4744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52770.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52770.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35179.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35179.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20237.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46681.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24262.exe
        7⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33817.exe
        7⤵
        
        PID:5612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38862.exe
        6⤵
        
        PID:2148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
        6⤵
        
        PID:3656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31958.exe
        6⤵
        
        PID:4640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28976.exe
        6⤵
        
        PID:5248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63909.exe
        6⤵
        
        PID:5200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24101.exe
        5⤵
        
        PID:1264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52598.exe
        5⤵
        
        PID:1984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62637.exe
        5⤵
        
        PID:4016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59006.exe
        5⤵
        
        PID:3592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26495.exe
        5⤵
        
        PID:4876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49529.exe
        5⤵
        
        PID:5652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47159.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47159.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-670.exe
        5⤵
        
        PID:3220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32125.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-508.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1055.exe
        5⤵
        
        PID:5552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10803.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10803.exe
      4⤵
      PID:2356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3412.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3412.exe
      4⤵
      PID:3288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3312.exe
      4⤵
      PID:3540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59006.exe
      4⤵
      PID:4140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15259.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15259.exe
      4⤵
      PID:4532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26744.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26744.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5871.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5871.exe
      4⤵
      PID:2500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38862.exe
      4⤵
      PID:108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
      4⤵
      PID:3588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2442.exe
      4⤵
      PID:3124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45410.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45410.exe
      4⤵
      PID:4752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5523.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5523.exe
      4⤵
      PID:5632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56836.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56836.exe
    3⤵
    PID:2336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49798.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49798.exe
    3⤵
    PID:1204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58984.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58984.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9361.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9361.exe
    3⤵
    PID:4024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58689.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58689.exe
    3⤵
    PID:3168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8834.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8834.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4672
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60477.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60477.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7098.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7098.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13549.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13549.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1487.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7038.exe
        6⤵
        
        PID:4460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50243.exe
        6⤵
        
        PID:3192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38162.exe
        6⤵
        
        PID:5168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9071.exe
        5⤵
        
        PID:2640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12238.exe
        5⤵
        
        PID:3204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14826.exe
        5⤵
        
        PID:3484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27757.exe
        5⤵
        
        PID:4356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37131.exe
        5⤵
        
        PID:4740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61792.exe
        5⤵
        
        PID:5768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40246.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-519.exe
        5⤵
        
        PID:4076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64606.exe
        5⤵
        
        PID:3416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28764.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43835.exe
        5⤵
        
        PID:6000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22806.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22806.exe
      4⤵
      PID:2144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15031.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15031.exe
      4⤵
      PID:2852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13649.exe
      4⤵
      PID:3456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59006.exe
      4⤵
      PID:4124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26495.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26495.exe
      4⤵
      PID:4944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47986.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47986.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32251.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32251.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43495.exe
        5⤵
        
        PID:3924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64606.exe
        5⤵
        
        PID:4188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57430.exe
        5⤵
        
        PID:4872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35169.exe
        5⤵
        
        PID:5852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6067.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6067.exe
      4⤵
      PID:964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47283.exe
      4⤵
      PID:3788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15229.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15229.exe
      4⤵
      PID:3956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39219.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39219.exe
      4⤵
      PID:4760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
      4⤵
      PID:5784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14727.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14727.exe
    3⤵
    - Executes dropped EXE
    PID:2024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58728.exe
      4⤵
      PID:332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44890.exe
      4⤵
      PID:3148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18797.exe
      4⤵
      PID:1668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47841.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14315.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14315.exe
      4⤵
      PID:5512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25668.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25668.exe
    3⤵
    PID:2648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44483.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44483.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41317.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41317.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10534.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10534.exe
    3⤵
    PID:4252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59265.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59265.exe
    3⤵
    PID:4384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8834.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8834.exe
    3⤵
    PID:5824
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40876.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40876.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15176.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15176.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22998.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22998.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36797.exe
        5⤵
        
        PID:3552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38617.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39718.exe
        5⤵
        
        PID:4816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43835.exe
        5⤵
        
        PID:5868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19034.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19034.exe
      4⤵
      PID:3032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53148.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64231.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2591.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2591.exe
      4⤵
      PID:4416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25234.exe
      4⤵
      PID:5340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58573.exe
      4⤵
      PID:5956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57818.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57818.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43763.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43763.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64606.exe
      4⤵
      PID:4204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17529.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17529.exe
      4⤵
      PID:4624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43835.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43835.exe
      4⤵
      PID:6136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24900.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24900.exe
    3⤵
    PID:2060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12790.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12790.exe
    3⤵
    PID:3872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36009.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36009.exe
    3⤵
    PID:4044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53930.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53930.exe
    3⤵
    PID:4700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13034.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13034.exe
    3⤵
    PID:4788
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6246.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6246.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15868.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15868.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49399.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49399.exe
      4⤵
      PID:1836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33547.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33547.exe
      4⤵
      PID:3756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23895.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23895.exe
      4⤵
      PID:4056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7406.exe
      4⤵
      PID:4436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11910.exe
      4⤵
      PID:5256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19902.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19902.exe
      4⤵
      PID:5964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9071.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9071.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55805.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55805.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8595.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8595.exe
    3⤵
    PID:4036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59006.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59006.exe
    3⤵
    PID:4244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15259.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15259.exe
    3⤵
    PID:4540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
    3⤵
    PID:6048
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8248.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8248.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62783.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62783.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5062.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5062.exe
    3⤵
    PID:4072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41976.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41976.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22612.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22612.exe
    3⤵
    PID:5400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19372.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19372.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5940
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20536.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20536.exe
  2⤵
  PID:2700
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53974.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53974.exe
  2⤵
  PID:3232
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45362.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45362.exe
  2⤵
  PID:3512
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53405.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53405.exe
  2⤵
  PID:3332
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57113.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57113.exe
  2⤵
  PID:5068
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32634.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32634.exe
  2⤵
  PID:5188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-19902.exe

Filesize
468KB

MD5
afc5718fc2b3ad9f7b20f7d2ed04dc3c

SHA1
72dac7163c7f3e0534ddcaad0f8e2c562b6e5fb5

SHA256
d34cc271403f7cba96e3eaddc30c642628434be9407fe99e108a4b7f0b5f0086

SHA512
a46faeabd68ad7ab89542be883a5f4443500a886bc5cc82a5ca4f83d054d8c48ade7abfdb77f3463fff556d9e4bfb0978d9e8c64f6c4de325bbf559cdd43f57b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30046.exe

Filesize
468KB

MD5
24d4a0459b0cb195dcbaa3aa6608f5ec

SHA1
8c2a74619000bc3257d1e37e10bce89cddcdb6c3

SHA256
fefa2a12183c06d95d0e25921fce51117da7283f77dc9d9c3d1c41d97bf6d405

SHA512
c96a538545b5c41d595631a2e3ff690b5491d16041d553e3cdfb3957b8349221953c3b5660f95aa6960cea572b3ab758692b2b30e8683cd94b1873cb350267ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35010.exe

Filesize
468KB

MD5
f4345a740057b90a4160226987f58aca

SHA1
7610da78254e51360e9ae747489801e626375757

SHA256
e04de09277fe2b8a6f72680935d4e3c36c898983d1486ece33e4104a9dee6d52

SHA512
a9959ec2b221f66fad069e7d7b485c7bfb9b91eb68727a34d827ac21aa5889632a193dc33ada5fedd2001d9ad4fff020f417cf24b6e34c0872c7a48aa292a20b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41141.exe

Filesize
468KB

MD5
9cf4241fcf3f0e7953dda92464a48a5a

SHA1
d2b08039ed2adb27fe7a2115f245671eefe75c44

SHA256
ff559dd8d31d2c94fbab6c5f013011e7caba3574cd89d4e07c54b36709257557

SHA512
a0e118c43a5b54f465d02faf47d0efca888052f6e51ba481e3b5b47d679784fcbc4b294ea4e6a2288e43ef0028d40f82a5426b2c4a694c90982824a0f4173f10

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4480.exe

Filesize
468KB

MD5
60638b13c11f24e68d4b653675ea2d55

SHA1
0cf3c44b71d6f2873ea109e219cf9b92534c5cf8

SHA256
cf91de3aa5a9fbd7a55032a72cca4c55b7a1ee65e9a6c7779bf67e22a98bc3ae

SHA512
4950b0e3bdd556a80ed6c5a6468c1cd299886351ec23ed7acb01d28d094c407c76f50456c39e0469dc066d740044cee32f4f86b59e01ad38aa8cbdf9f7eb906a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-488.exe

Filesize
468KB

MD5
6bd4e556301f23c2e0e9f1ddc5d21e3f

SHA1
daf94e3f2407d7100399c676ca2633c467275de5

SHA256
bd888f8e49c1a059138dc81ada4ce40d6433af2563a4e4cb979ba6d5084dc02b

SHA512
927eed943d8bea1af0fe33f0d19216fc13950d68511ae448c36b385c1edefd6ba6489b94e0e218e09b7277a770c7d9e518ead78cf8ec2027dc93bb31633cf53c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49367.exe

Filesize
468KB

MD5
510fef02b7c3d53b75ee29fb8db8e04e

SHA1
93d194b97cd7a6c3c81810502ab4768d113ac899

SHA256
629a28f68b2ef7b4ec25b37e32c5f8f2647153806e355ddedbc4160ba42afbfe

SHA512
f43bc61f15a48251a24248a6b02037cdf807f069b9efb4f76f86179a8ffa44cb2c1fda7a8ea86f161798b346e2ee8291bcd5eaef20b4d2929c782584f390f235

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7098.exe

Filesize
468KB

MD5
94a1df5d0b74b18bc58316d77046a763

SHA1
eef693a406d8168b4444e5171e32e299b98c2802

SHA256
c3fd34554dc5b3f906ed1309c0f742d21166bb2a63858bb7e25b4debdbd9def3

SHA512
253a7c42ee290d1d71f4caf16e495b0a61b523c69f3ef16b57e53aaa6b03376934704e6adef8849f44d2be04f8d32ece92ef3bf697320b963af217895f68d715

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11908.exe

Filesize
468KB

MD5
f6ef893609a31370dfdaad2f409b3ff9

SHA1
b078294606adbfbbf1a8527cd12d4bb2cfd06ee6

SHA256
4c7148f3ba923d714fc222d6b9e84381203f9ad317ab4cfd763e247d859720b8

SHA512
df9a034006ccda8a606eccb94b475c67e8d4f553fc590a3094d60d75d00f33e77e4601f684a89be21155746ba22f7cb86e1c583da8d1ea4262360dc395f1b2ec

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21028.exe

Filesize
468KB

MD5
d6fad75ed97ecb01c8eed4f4d3cea74a

SHA1
ff2a0c3cdc480fd409f645683cc33181d7d72981

SHA256
e9351cf6a847e229141544928e80635fa7b2e21f48c70956c457d168e88ea214

SHA512
a434e32863c280a4a868e310340cd04b319db21dd005b680ebf78d0032058e64d002cddcb4203f5bd0579fbb7112011e472c759f37905186f634153024c8de4a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21204.exe

Filesize
468KB

MD5
687eecb0195c595da89ae81ffb3e72e4

SHA1
0b3a04bfba9795a1b1f7db0ad27dde9de1547bd0

SHA256
6d949e80b3bd4f17111000a350b424e31bb781848096c861cdb1f05dec302c28

SHA512
34804b58a1697f774b95335df8c8813527c0ac037b93fca3503d9c8a7c7e86b5bddacd5605732c8c9b08017455c3ee211073ba9a7f2160a9a731a4635ac3ce3e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2689.exe

Filesize
468KB

MD5
9fe17614efe0c7fa52f0e3c4834ca026

SHA1
0e83fd017f72b1be046c5d21e67aa12d7aab70c0

SHA256
3f0d1e9fbd1bbd9332b2e1ab7da74f99d5671a985f0d8a99557bb659aeb7aa0b

SHA512
89ac5299c63a600cc72c631b35a04fa928fa368724885ae86352dbb10bf08ca5e1924ed1df3fe19f070399d5e4362bfa26852b8a73e8dfba0088bc94a1c06373

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35279.exe

Filesize
468KB

MD5
e27429d3411238d8c2365188e33ec312

SHA1
c447e671737d9291905a41b32e82a3c855ca529d

SHA256
a2c2193f5abc0aeabef238dd3d7c06647c186934f34248692be5ca44684f6cd1

SHA512
47597813b4f9e00a1d095c9f8fb61c1f2f9d0f98fd6a79d82a4c91c4e18ca678fbc215c6ae15ba94a392f60598b9aea0cd1475573cb2137efefc5972873876e6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35411.exe

Filesize
468KB

MD5
e43835cbd2bd66909d1ad55c67b258b4

SHA1
91d597a633c582233fc7cead6ba73ae1ea17d013

SHA256
328e6c920565ae4e6023b9007743b66daaaf7e8afee10f47a54fab07944b0bc9

SHA512
5db97aef8872193412d508c8f8e6ff10547a6ab7246d2747712d62a02000b62582b4ed4a2f05f0ea51727b252d1615c9f99f2f1a98d8531c5fe91c20ae5959e4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39792.exe

Filesize
468KB

MD5
ad98e27023e47f386a383fb9846873fd

SHA1
1cb40ab926f87891ea3239556c503e9e20423a2f

SHA256
3c3cd5734a7c08965ee8b98a1fe078b52ca6482e14d39fcbd5ef6115f22160c5

SHA512
ae32949c8048a80176aec7086a15f062143fe7c749db3df7bf6a1cabbd913e13d2d142b8a56c78f819eaf3f5279e6b5843c65e4db147e75c732a2b0056d7d33b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40876.exe

Filesize
468KB

MD5
4965893dd97afc5e5f7ca80a1601e163

SHA1
1b2fa739fbb0bdc17cc51015ca863ce9a4477cf7

SHA256
c18a14bbf0aad4dc9c4e4bce4abfe517e858a417621c3dab13c228632ef8cb37

SHA512
088f92a6ead3fd37cd5101eef487dc0dd73a1b1cb0f9154e1836680b1782ba73afcffd12b062271061274ad01458458cdeb4b018b4b16df0db67b8ad1393b1fe

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42433.exe

Filesize
468KB

MD5
5b3f93cbceb2fb793093f224c67f7278

SHA1
c0b25d2e0d6c4bc111d02afc35870de8176eea9b

SHA256
5d73f7a1103653b405b7501ca5dd62efb666d43dec059820e54a6c3eeb9cd764

SHA512
2567ec5b30ec35d429ddeff6796bb4f522d41729297a3f55f7204ff72f6d1ea1ec0ad8309051043ec398a5fc853a8b3828349bdff7912c7a8f83734aeb8fc5e1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42775.exe

Filesize
468KB

MD5
b420d3f5c601a41b9ac6cbd77699597f

SHA1
64ca6298f2f18a71e61a68f8ad295064c9886ccc

SHA256
770744498f863233d23082d1b0ca2e28ee5c5f928e66b47ec1f87be8b477f156

SHA512
ec262e2638084aecc4bbc04f523096a59cb468786705316ad406d9595bb5870e5b338a39024bf8d09c2b19fa4a5d6a784669bc13b4ab9a7eadd4df2127d2024a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48361.exe

Filesize
468KB

MD5
7d24380c45658cd06e6336ea291e4da9

SHA1
6995508bb14d8419b3d379f751d4a29afb81ec7b

SHA256
59ff96b30ec225b8f1044f0b8a9af596f477adc4e0e6b037c5954e2c8d8ecd8b

SHA512
52244898869d544fdaea7f11adad9971aa3c4814b9d27f1e89ad075dbbefead8d3855075b3cfa2def9e51cad913c4f8d2ecb3eff04111b2d6bba87f5aac2c7ce

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51251.exe

Filesize
468KB

MD5
d86b447e00944e3dd2501bc3f0f4836e

SHA1
c33484b8c10bbe840fdb94b3020b98f166c7711c

SHA256
ecf2e155b628b88f1cf68399f1b75e370064fcecdf061b3772cbe2061decd028

SHA512
da6207668558b41f32563ff5bf4126beea8d9926fdc8171690c6d7ae2ce1cabf7d3d0013f4296e2df88a7e52bc44b5443d29526366f84fefd0027cdfc590efdc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52770.exe

Filesize
468KB

MD5
3fe5d5ee5782153e91431482cb84e1f3

SHA1
cc53a70ef73fcb1fb47d301e37154318b2d4530b

SHA256
f38e69219b8f1663747f8934d311c457d39217f35c6f4030c862e011553e5d2b

SHA512
405a9872dda500e536e743378cb533b8ec8a3b9c27c7759e16b4cb9b807a0141ac28863b9d80fd4b1dbac5a91ec52351ec3e852a40aa56a5fd993d72ede3c416

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60477.exe

Filesize
468KB

MD5
c1be64539258a8c2f8a39c905dc15f60

SHA1
42ef4f9fc1f7d24dafb48936cbfaacd77234f35e

SHA256
7288e9213aa3b8304b11ec202a9011bcff63d7b5bec688aa5454b072a4ae680e

SHA512
a7831464ed4403f5f8be47aac19dbe9088de0a14596359e8fbb6ee5921bc40a6c60f32d671cbca50688adf5b90cfdd0ed419011bd9bf1780765f2fe6a4825aa3

Download Submit