c5e5a9b332a0e60305b3e0557dd138d16afc820cf2a0b44f57bc47e10f7365a6

Analysis

max time kernel
150s
max time network
18s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
15/10/2024, 04:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c5e5a9b332a0e60305b3e0557dd138d16afc820cf2a0b44f57bc47e10f7365a6.exe
Size

468KB
MD5

5c629d05a728dfc16641d40c6390313c
SHA1

a16696fb8f239d3e0799a3fbc66d371b1c79265c
SHA256

c5e5a9b332a0e60305b3e0557dd138d16afc820cf2a0b44f57bc47e10f7365a6
SHA512

67d5b8565b9f0d61baaeebcf33d582d4d3d26c324872029195f4b7dca9c5da66e5e4bf8f523c0a96abfd23b95767ff412602c82d877cbf53d584b9c12f759e47
SSDEEP

3072:4belog4aId57tbYZPzBfmbfD/n2DnbIH/QmyeQVqAu5KkXi3uxulj:4b4oTb7tCPFfmbf8a1wu5Dy3ux

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3068	Unicorn-53044.exe
2212	Unicorn-51067.exe
2928	Unicorn-50553.exe
2996	Unicorn-57393.exe
2896	Unicorn-53781.exe
1384	Unicorn-18891.exe
2772	Unicorn-33190.exe
2428	Unicorn-60548.exe
1488	Unicorn-64995.exe
2092	Unicorn-787.exe
1692	Unicorn-24698.exe
1044	Unicorn-55068.exe
896	Unicorn-30829.exe
3044	Unicorn-29869.exe
2140	Unicorn-50844.exe
456	Unicorn-57803.exe
1976	Unicorn-30153.exe
944	Unicorn-40507.exe
1956	Unicorn-765.exe
888	Unicorn-64840.exe
2380	Unicorn-28446.exe
2004	Unicorn-56480.exe
1980	Unicorn-55520.exe
992	Unicorn-46590.exe
2632	Unicorn-63496.exe
2628	Unicorn-41030.exe
3040	Unicorn-44207.exe
1812	Unicorn-6703.exe
1428	Unicorn-22583.exe
1904	Unicorn-31016.exe
1072	Unicorn-51088.exe
2696	Unicorn-40201.exe
2312	Unicorn-28228.exe
2736	Unicorn-48478.exe
2564	Unicorn-52628.exe
2652	Unicorn-1389.exe
3028	Unicorn-14772.exe
2936	Unicorn-59142.exe
2952	Unicorn-41197.exe
2800	Unicorn-12606.exe
2796	Unicorn-32621.exe
2836	Unicorn-11454.exe
2444	Unicorn-14635.exe
916	Unicorn-52139.exe
2576	Unicorn-6467.exe
2760	Unicorn-54707.exe
736	Unicorn-33393.exe
1444	Unicorn-46732.exe
1260	Unicorn-19082.exe
584	Unicorn-38948.exe
2368	Unicorn-24532.exe
1764	Unicorn-24532.exe
1676	Unicorn-54251.exe
2176	Unicorn-41723.exe
860	Unicorn-9435.exe
2424	Unicorn-63893.exe
2096	Unicorn-31029.exe
1940	Unicorn-6524.exe
672	Unicorn-34152.exe
1992	Unicorn-47888.exe
1052	Unicorn-12968.exe
1732	Unicorn-12968.exe
844	Unicorn-12968.exe
1828	Unicorn-64770.exe

Loads dropped DLL 64 IoCs

pid	Process
2076	c5e5a9b332a0e60305b3e0557dd138d16afc820cf2a0b44f57bc47e10f7365a6.exe
2076	c5e5a9b332a0e60305b3e0557dd138d16afc820cf2a0b44f57bc47e10f7365a6.exe
3068	Unicorn-53044.exe
3068	Unicorn-53044.exe
2076	c5e5a9b332a0e60305b3e0557dd138d16afc820cf2a0b44f57bc47e10f7365a6.exe
2076	c5e5a9b332a0e60305b3e0557dd138d16afc820cf2a0b44f57bc47e10f7365a6.exe
2212	Unicorn-51067.exe
2212	Unicorn-51067.exe
3068	Unicorn-53044.exe
3068	Unicorn-53044.exe
2076	c5e5a9b332a0e60305b3e0557dd138d16afc820cf2a0b44f57bc47e10f7365a6.exe
2076	c5e5a9b332a0e60305b3e0557dd138d16afc820cf2a0b44f57bc47e10f7365a6.exe
2928	Unicorn-50553.exe
2928	Unicorn-50553.exe
2996	Unicorn-57393.exe
2996	Unicorn-57393.exe
2212	Unicorn-51067.exe
2212	Unicorn-51067.exe
2896	Unicorn-53781.exe
2896	Unicorn-53781.exe
3068	Unicorn-53044.exe
2076	c5e5a9b332a0e60305b3e0557dd138d16afc820cf2a0b44f57bc47e10f7365a6.exe
1384	Unicorn-18891.exe
3068	Unicorn-53044.exe
2076	c5e5a9b332a0e60305b3e0557dd138d16afc820cf2a0b44f57bc47e10f7365a6.exe
1384	Unicorn-18891.exe
2772	Unicorn-33190.exe
2772	Unicorn-33190.exe
2928	Unicorn-50553.exe
2928	Unicorn-50553.exe
2428	Unicorn-60548.exe
2428	Unicorn-60548.exe
2996	Unicorn-57393.exe
2996	Unicorn-57393.exe
1488	Unicorn-64995.exe
1488	Unicorn-64995.exe
2212	Unicorn-51067.exe
2212	Unicorn-51067.exe
2092	Unicorn-787.exe
2092	Unicorn-787.exe
2896	Unicorn-53781.exe
2896	Unicorn-53781.exe
1044	Unicorn-55068.exe
1044	Unicorn-55068.exe
2076	c5e5a9b332a0e60305b3e0557dd138d16afc820cf2a0b44f57bc47e10f7365a6.exe
2140	Unicorn-50844.exe
2076	c5e5a9b332a0e60305b3e0557dd138d16afc820cf2a0b44f57bc47e10f7365a6.exe
2140	Unicorn-50844.exe
2928	Unicorn-50553.exe
3044	Unicorn-29869.exe
2928	Unicorn-50553.exe
3044	Unicorn-29869.exe
2772	Unicorn-33190.exe
2772	Unicorn-33190.exe
1692	Unicorn-24698.exe
1692	Unicorn-24698.exe
3068	Unicorn-53044.exe
3068	Unicorn-53044.exe
896	Unicorn-30829.exe
896	Unicorn-30829.exe
1384	Unicorn-18891.exe
1384	Unicorn-18891.exe
456	Unicorn-57803.exe
456	Unicorn-57803.exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35244.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55068.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7061.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29513.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21536.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34152.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61998.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43068.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59013.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55520.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59198.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32313.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-741.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62604.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7503.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51977.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47354.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34694.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14772.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48874.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61935.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35441.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19438.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18833.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51542.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15801.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45102.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7503.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6288.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53322.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22240.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10341.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59013.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2591.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54573.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61812.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59013.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15007.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57879.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21365.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10430.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2640.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2640.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63479.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12606.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12968.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63893.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32565.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47173.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35237.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38045.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15007.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56771.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2591.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57879.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59142.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28444.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54985.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12968.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37280.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6288.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21536.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59013.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23143.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2076	c5e5a9b332a0e60305b3e0557dd138d16afc820cf2a0b44f57bc47e10f7365a6.exe
3068	Unicorn-53044.exe
2212	Unicorn-51067.exe
2928	Unicorn-50553.exe
2996	Unicorn-57393.exe
2896	Unicorn-53781.exe
1384	Unicorn-18891.exe
2772	Unicorn-33190.exe
2428	Unicorn-60548.exe
1488	Unicorn-64995.exe
2092	Unicorn-787.exe
1044	Unicorn-55068.exe
3044	Unicorn-29869.exe
1692	Unicorn-24698.exe
896	Unicorn-30829.exe
2140	Unicorn-50844.exe
456	Unicorn-57803.exe
1976	Unicorn-30153.exe
944	Unicorn-40507.exe
1956	Unicorn-765.exe
888	Unicorn-64840.exe
2004	Unicorn-56480.exe
992	Unicorn-46590.exe
2380	Unicorn-28446.exe
2632	Unicorn-63496.exe
1980	Unicorn-55520.exe
2628	Unicorn-41030.exe
1812	Unicorn-6703.exe
3040	Unicorn-44207.exe
1428	Unicorn-22583.exe
1904	Unicorn-31016.exe
1072	Unicorn-51088.exe
2696	Unicorn-40201.exe
2312	Unicorn-28228.exe
2564	Unicorn-52628.exe
2736	Unicorn-48478.exe
2652	Unicorn-1389.exe
3028	Unicorn-14772.exe
2936	Unicorn-59142.exe
2952	Unicorn-41197.exe
2800	Unicorn-12606.exe
2796	Unicorn-32621.exe
1764	Unicorn-24532.exe
2836	Unicorn-11454.exe
2576	Unicorn-6467.exe
916	Unicorn-52139.exe
2444	Unicorn-14635.exe
2760	Unicorn-54707.exe
1260	Unicorn-19082.exe
2368	Unicorn-24532.exe
736	Unicorn-33393.exe
1444	Unicorn-46732.exe
584	Unicorn-38948.exe
1676	Unicorn-54251.exe
860	Unicorn-9435.exe
2176	Unicorn-41723.exe
2424	Unicorn-63893.exe
1940	Unicorn-6524.exe
2096	Unicorn-31029.exe
1992	Unicorn-47888.exe
672	Unicorn-34152.exe
2364	Unicorn-51807.exe
1604	Unicorn-18833.exe
2264	Unicorn-43446.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2076 wrote to memory of 3068	2076	c5e5a9b332a0e60305b3e0557dd138d16afc820cf2a0b44f57bc47e10f7365a6.exe	30
PID 2076 wrote to memory of 3068	2076	c5e5a9b332a0e60305b3e0557dd138d16afc820cf2a0b44f57bc47e10f7365a6.exe	30
PID 2076 wrote to memory of 3068	2076	c5e5a9b332a0e60305b3e0557dd138d16afc820cf2a0b44f57bc47e10f7365a6.exe	30
PID 2076 wrote to memory of 3068	2076	c5e5a9b332a0e60305b3e0557dd138d16afc820cf2a0b44f57bc47e10f7365a6.exe	30
PID 3068 wrote to memory of 2212	3068	Unicorn-53044.exe	31
PID 3068 wrote to memory of 2212	3068	Unicorn-53044.exe	31
PID 3068 wrote to memory of 2212	3068	Unicorn-53044.exe	31
PID 3068 wrote to memory of 2212	3068	Unicorn-53044.exe	31
PID 2076 wrote to memory of 2928	2076	c5e5a9b332a0e60305b3e0557dd138d16afc820cf2a0b44f57bc47e10f7365a6.exe	32
PID 2076 wrote to memory of 2928	2076	c5e5a9b332a0e60305b3e0557dd138d16afc820cf2a0b44f57bc47e10f7365a6.exe	32
PID 2076 wrote to memory of 2928	2076	c5e5a9b332a0e60305b3e0557dd138d16afc820cf2a0b44f57bc47e10f7365a6.exe	32
PID 2076 wrote to memory of 2928	2076	c5e5a9b332a0e60305b3e0557dd138d16afc820cf2a0b44f57bc47e10f7365a6.exe	32
PID 2212 wrote to memory of 2996	2212	Unicorn-51067.exe	33
PID 2212 wrote to memory of 2996	2212	Unicorn-51067.exe	33
PID 2212 wrote to memory of 2996	2212	Unicorn-51067.exe	33
PID 2212 wrote to memory of 2996	2212	Unicorn-51067.exe	33
PID 3068 wrote to memory of 2896	3068	Unicorn-53044.exe	34
PID 3068 wrote to memory of 2896	3068	Unicorn-53044.exe	34
PID 3068 wrote to memory of 2896	3068	Unicorn-53044.exe	34
PID 3068 wrote to memory of 2896	3068	Unicorn-53044.exe	34
PID 2076 wrote to memory of 1384	2076	c5e5a9b332a0e60305b3e0557dd138d16afc820cf2a0b44f57bc47e10f7365a6.exe	35
PID 2076 wrote to memory of 1384	2076	c5e5a9b332a0e60305b3e0557dd138d16afc820cf2a0b44f57bc47e10f7365a6.exe	35
PID 2076 wrote to memory of 1384	2076	c5e5a9b332a0e60305b3e0557dd138d16afc820cf2a0b44f57bc47e10f7365a6.exe	35
PID 2076 wrote to memory of 1384	2076	c5e5a9b332a0e60305b3e0557dd138d16afc820cf2a0b44f57bc47e10f7365a6.exe	35
PID 2928 wrote to memory of 2772	2928	Unicorn-50553.exe	36
PID 2928 wrote to memory of 2772	2928	Unicorn-50553.exe	36
PID 2928 wrote to memory of 2772	2928	Unicorn-50553.exe	36
PID 2928 wrote to memory of 2772	2928	Unicorn-50553.exe	36
PID 2996 wrote to memory of 2428	2996	Unicorn-57393.exe	37
PID 2996 wrote to memory of 2428	2996	Unicorn-57393.exe	37
PID 2996 wrote to memory of 2428	2996	Unicorn-57393.exe	37
PID 2996 wrote to memory of 2428	2996	Unicorn-57393.exe	37
PID 2212 wrote to memory of 1488	2212	Unicorn-51067.exe	38
PID 2212 wrote to memory of 1488	2212	Unicorn-51067.exe	38
PID 2212 wrote to memory of 1488	2212	Unicorn-51067.exe	38
PID 2212 wrote to memory of 1488	2212	Unicorn-51067.exe	38
PID 2896 wrote to memory of 2092	2896	Unicorn-53781.exe	39
PID 2896 wrote to memory of 2092	2896	Unicorn-53781.exe	39
PID 2896 wrote to memory of 2092	2896	Unicorn-53781.exe	39
PID 2896 wrote to memory of 2092	2896	Unicorn-53781.exe	39
PID 3068 wrote to memory of 1692	3068	Unicorn-53044.exe	40
PID 3068 wrote to memory of 1692	3068	Unicorn-53044.exe	40
PID 3068 wrote to memory of 1692	3068	Unicorn-53044.exe	40
PID 3068 wrote to memory of 1692	3068	Unicorn-53044.exe	40
PID 2076 wrote to memory of 1044	2076	c5e5a9b332a0e60305b3e0557dd138d16afc820cf2a0b44f57bc47e10f7365a6.exe	41
PID 2076 wrote to memory of 1044	2076	c5e5a9b332a0e60305b3e0557dd138d16afc820cf2a0b44f57bc47e10f7365a6.exe	41
PID 2076 wrote to memory of 1044	2076	c5e5a9b332a0e60305b3e0557dd138d16afc820cf2a0b44f57bc47e10f7365a6.exe	41
PID 2076 wrote to memory of 1044	2076	c5e5a9b332a0e60305b3e0557dd138d16afc820cf2a0b44f57bc47e10f7365a6.exe	41
PID 1384 wrote to memory of 896	1384	Unicorn-18891.exe	42
PID 1384 wrote to memory of 896	1384	Unicorn-18891.exe	42
PID 1384 wrote to memory of 896	1384	Unicorn-18891.exe	42
PID 1384 wrote to memory of 896	1384	Unicorn-18891.exe	42
PID 2772 wrote to memory of 3044	2772	Unicorn-33190.exe	43
PID 2772 wrote to memory of 3044	2772	Unicorn-33190.exe	43
PID 2772 wrote to memory of 3044	2772	Unicorn-33190.exe	43
PID 2772 wrote to memory of 3044	2772	Unicorn-33190.exe	43
PID 2928 wrote to memory of 2140	2928	Unicorn-50553.exe	44
PID 2928 wrote to memory of 2140	2928	Unicorn-50553.exe	44
PID 2928 wrote to memory of 2140	2928	Unicorn-50553.exe	44
PID 2928 wrote to memory of 2140	2928	Unicorn-50553.exe	44
PID 2428 wrote to memory of 456	2428	Unicorn-60548.exe	45
PID 2428 wrote to memory of 456	2428	Unicorn-60548.exe	45
PID 2428 wrote to memory of 456	2428	Unicorn-60548.exe	45
PID 2428 wrote to memory of 456	2428	Unicorn-60548.exe	45

C:\Users\Admin\AppData\Local\Temp\c5e5a9b332a0e60305b3e0557dd138d16afc820cf2a0b44f57bc47e10f7365a6.exe
"C:\Users\Admin\AppData\Local\Temp\c5e5a9b332a0e60305b3e0557dd138d16afc820cf2a0b44f57bc47e10f7365a6.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2076
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53044.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53044.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51067.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51067.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57393.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57393.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60548.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57803.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40201.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38948.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54427.exe
        9⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44199.exe
        10⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2640.exe
        10⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47173.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23143.exe
        10⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32885.exe
        9⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16375.exe
        9⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44486.exe
        9⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6309.exe
        9⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36415.exe
        8⤵
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25966.exe
        8⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21536.exe
        8⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4696.exe
        8⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2373.exe
        8⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15007.exe
        8⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54251.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2591.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10430.exe
        8⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55941.exe
        8⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11707.exe
        8⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40255.exe
        8⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15007.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61998.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53767.exe
        7⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29513.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51778.exe
        7⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35775.exe
        7⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59013.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28228.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59783.exe
        7⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37567.exe
        8⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35888.exe
        8⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38045.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23143.exe
        8⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57407.exe
        7⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46649.exe
        7⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8067.exe
        7⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52303.exe
        7⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59013.exe
        7⤵
        
        PID:5496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12968.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8538.exe
        6⤵
        
        PID:836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43068.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61873.exe
        6⤵
        
        PID:4068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5226.exe
        6⤵
        
        PID:4680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30772.exe
        6⤵
        
        PID:5012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53678.exe
        6⤵
        
        PID:6044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30153.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48478.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43446.exe
        7⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2673.exe
        7⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-557.exe
        7⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42740.exe
        7⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28708.exe
        7⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30143.exe
        7⤵
        
        PID:5968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45060.exe
        6⤵
        
        PID:1576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60334.exe
        6⤵
        
        PID:1800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46649.exe
        6⤵
        
        PID:3420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64105.exe
        6⤵
        
        PID:5104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38011.exe
        6⤵
        
        PID:5028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53678.exe
        6⤵
        
        PID:5348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52628.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43446.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65006.exe
        7⤵
        
        PID:5684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2673.exe
        6⤵
        
        PID:2640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51733.exe
        6⤵
        
        PID:3732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12871.exe
        6⤵
        
        PID:3220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37169.exe
        6⤵
        
        PID:4760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52303.exe
        6⤵
        
        PID:4116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59013.exe
        6⤵
        
        PID:5364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42260.exe
        5⤵
        
        PID:2828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35133.exe
        5⤵
        
        PID:2260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47179.exe
        5⤵
        
        PID:3508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3602.exe
        5⤵
        
        PID:3768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-741.exe
        5⤵
        
        PID:4560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57879.exe
        5⤵
        
        PID:5952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64995.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64995.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40507.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1389.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63893.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62928.exe
        8⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53322.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28898.exe
        9⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37199.exe
        9⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23143.exe
        9⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51542.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55314.exe
        8⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24602.exe
        8⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-759.exe
        8⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15007.exe
        8⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3950.exe
        7⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10841.exe
        7⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30113.exe
        7⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25133.exe
        7⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6076.exe
        7⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53678.exe
        7⤵
        
        PID:5904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64770.exe
        6⤵
        Executes dropped EXE
        
        PID:1828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2673.exe
        6⤵
        
        PID:2216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30113.exe
        6⤵
        
        PID:3504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37421.exe
        6⤵
        
        PID:5088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48628.exe
        6⤵
        
        PID:4296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57879.exe
        6⤵
        
        PID:6052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14772.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4848.exe
        6⤵
        
        PID:2304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62643.exe
        6⤵
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45868.exe
        6⤵
        
        PID:3660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21536.exe
        6⤵
        
        PID:3132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27280.exe
        6⤵
        
        PID:4504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15764.exe
        6⤵
        
        PID:5320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4738.exe
        6⤵
        
        PID:5776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6907.exe
        5⤵
        
        PID:2248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21365.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13061.exe
        5⤵
        
        PID:3172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14105.exe
        5⤵
        
        PID:3484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14244.exe
        5⤵
        
        PID:4268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53678.exe
        5⤵
        
        PID:6116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-765.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-765.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59142.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18357.exe
        6⤵
        
        PID:876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20207.exe
        6⤵
        
        PID:3440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56704.exe
        6⤵
        
        PID:3968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60066.exe
        6⤵
        
        PID:3244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18908.exe
        6⤵
        
        PID:4208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63479.exe
        6⤵
        
        PID:5996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52892.exe
        5⤵
        
        PID:3020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24165.exe
        5⤵
        
        PID:1128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27863.exe
        5⤵
        
        PID:3576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-662.exe
        5⤵
        
        PID:4980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17933.exe
        5⤵
        
        PID:4176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59013.exe
        5⤵
        
        PID:5416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41197.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62581.exe
        5⤵
        
        PID:2452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8780.exe
        5⤵
        
        PID:3880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7503.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6288.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35244.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63479.exe
        5⤵
        
        PID:6084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59198.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59198.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28566.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28566.exe
      4⤵
      PID:1636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45503.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45503.exe
      4⤵
      PID:3328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42159.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42159.exe
      4⤵
      PID:4388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-741.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-741.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57879.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57879.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53781.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53781.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-787.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-787.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64840.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12606.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60868.exe
        7⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40733.exe
        7⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49449.exe
        7⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58422.exe
        7⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17396.exe
        7⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15007.exe
        7⤵
        
        PID:5860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42922.exe
        6⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21802.exe
        7⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6262.exe
        7⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44900.exe
        7⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23143.exe
        7⤵
        
        PID:6076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54469.exe
        6⤵
        
        PID:2496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55314.exe
        6⤵
        
        PID:3476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24602.exe
        6⤵
        
        PID:1696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18709.exe
        6⤵
        
        PID:4732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56030.exe
        6⤵
        
        PID:5836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32621.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13633.exe
        6⤵
        
        PID:3316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34985.exe
        6⤵
        
        PID:4820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54573.exe
        6⤵
        
        PID:4108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23143.exe
        6⤵
        
        PID:5392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61998.exe
        5⤵
        
        PID:3032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53767.exe
        5⤵
        
        PID:1408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29513.exe
        5⤵
        
        PID:3624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54985.exe
        5⤵
        
        PID:4148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19438.exe
        5⤵
        
        PID:4180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59013.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28446.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28446.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14635.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2591.exe
        6⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57468.exe
        7⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2640.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54573.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23143.exe
        7⤵
        
        PID:6036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26190.exe
        6⤵
        
        PID:3252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7617.exe
        6⤵
        
        PID:3760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22240.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51773.exe
        6⤵
        
        PID:3972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63479.exe
        6⤵
        
        PID:5940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48263.exe
        5⤵
        
        PID:2904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24165.exe
        5⤵
        
        PID:1500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53638.exe
        5⤵
        
        PID:3368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56124.exe
        5⤵
        
        PID:4628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28006.exe
        5⤵
        
        PID:4936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53678.exe
        5⤵
        
        PID:5412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33393.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33393.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7220.exe
        5⤵
        
        PID:2644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10430.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32396.exe
        5⤵
        
        PID:3208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44079.exe
        5⤵
        
        PID:4224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42476.exe
        5⤵
        
        PID:4204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15007.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2326.exe
      4⤵
      PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45102.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45102.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3741.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3741.exe
      4⤵
      PID:3608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47354.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30772.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30772.exe
      4⤵
      PID:5032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53678.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53678.exe
      4⤵
      PID:5456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24698.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24698.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6703.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34152.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63364.exe
        6⤵
        
        PID:2580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32565.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49449.exe
        6⤵
        
        PID:3404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33268.exe
        6⤵
        
        PID:1376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35244.exe
        6⤵
        
        PID:4664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63479.exe
        6⤵
        
        PID:5520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47914.exe
        5⤵
        
        PID:2668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36305.exe
        5⤵
        
        PID:2136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16555.exe
        5⤵
        
        PID:3844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4069.exe
        5⤵
        
        PID:4696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62604.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60972.exe
        5⤵
        
        PID:5748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52139.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52139.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37567.exe
        5⤵
        
        PID:3264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2640.exe
        5⤵
        
        PID:3312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38621.exe
        5⤵
        
        PID:4908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23143.exe
        5⤵
        
        PID:5884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61998.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61998.exe
      4⤵
      PID:2780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61935.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61935.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28444.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30288.exe
      4⤵
      PID:4356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63606.exe
      4⤵
      PID:4172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53678.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53678.exe
      4⤵
      PID:5432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22583.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22583.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2414.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2414.exe
      4⤵
      PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42119.exe
        5⤵
        
        PID:1760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8637.exe
        5⤵
        
        PID:2416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19355.exe
        5⤵
        
        PID:3832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3539.exe
        5⤵
        
        PID:4736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34308.exe
        5⤵
        
        PID:4848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15007.exe
        5⤵
        
        PID:6012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5044.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5044.exe
      4⤵
      PID:108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28238.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28238.exe
      4⤵
      PID:1080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24723.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24723.exe
      4⤵
      PID:3856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35441.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35441.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35775.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35775.exe
      4⤵
      PID:4568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59013.exe
      4⤵
      PID:5516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10168.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10168.exe
    3⤵
    PID:1948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48874.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48874.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24240.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24240.exe
      4⤵
      PID:2244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32955.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32955.exe
      4⤵
      PID:4960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58170.exe
      4⤵
      PID:5728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40161.exe
      4⤵
      PID:5764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43598.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43598.exe
    3⤵
    PID:3692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57407.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57407.exe
    3⤵
    PID:4052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60233.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60233.exe
    3⤵
    PID:4792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13109.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13109.exe
    3⤵
    PID:4576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30143.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30143.exe
    3⤵
    PID:5484
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50553.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50553.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33190.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33190.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29869.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:3044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63496.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24532.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2591.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48687.exe
        7⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65370.exe
        7⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55489.exe
        7⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35244.exe
        7⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63479.exe
        7⤵
        
        PID:6108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5990.exe
        6⤵
        
        PID:2192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25966.exe
        6⤵
        
        PID:3532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21536.exe
        6⤵
        
        PID:4084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65080.exe
        6⤵
        
        PID:4712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18709.exe
        6⤵
        
        PID:4556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15007.exe
        6⤵
        
        PID:5340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41723.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2591.exe
        6⤵
        
        PID:812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50695.exe
        6⤵
        
        PID:3284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65370.exe
        6⤵
        
        PID:3816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60642.exe
        6⤵
        
        PID:4288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27076.exe
        6⤵
        
        PID:4564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63479.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61998.exe
        5⤵
        
        PID:2868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53767.exe
        5⤵
        
        PID:1624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29513.exe
        5⤵
        
        PID:2624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46624.exe
        5⤵
        
        PID:4460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19438.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59013.exe
        5⤵
        
        PID:5828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44207.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44207.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6524.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47168.exe
        6⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48263.exe
        7⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7061.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19254.exe
        7⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9214.exe
        7⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59542.exe
        7⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59013.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56846.exe
        6⤵
        
        PID:1132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54469.exe
        6⤵
        
        PID:2664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55314.exe
        6⤵
        
        PID:3432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24602.exe
        6⤵
        
        PID:1060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18709.exe
        6⤵
        
        PID:4608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15007.exe
        6⤵
        
        PID:5504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2222.exe
        5⤵
        
        PID:3064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13395.exe
        6⤵
        
        PID:2124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15801.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58764.exe
        6⤵
        
        PID:3948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30890.exe
        6⤵
        
        PID:4604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48369.exe
        6⤵
        
        PID:5736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17495.exe
        6⤵
        
        PID:5756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35107.exe
        5⤵
        
        PID:872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62895.exe
        5⤵
        
        PID:920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21044.exe
        5⤵
        
        PID:1752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35441.exe
        5⤵
        
        PID:4328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35775.exe
        5⤵
        
        PID:4640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59013.exe
        5⤵
        
        PID:6124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12968.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:1052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48742.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48742.exe
      4⤵
      PID:2120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-557.exe
      4⤵
      PID:3792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34183.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34183.exe
      4⤵
      PID:4136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8909.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8909.exe
      4⤵
      PID:4620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57879.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57879.exe
      4⤵
      PID:5420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50844.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50844.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55520.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46732.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43119.exe
        6⤵
        
        PID:3268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24240.exe
        6⤵
        
        PID:3388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32955.exe
        6⤵
        
        PID:4976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59509.exe
        6⤵
        
        PID:5112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14477.exe
        6⤵
        
        PID:6096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62975.exe
        5⤵
        
        PID:2752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27094.exe
        5⤵
        
        PID:3184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52996.exe
        5⤵
        
        PID:3236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30703.exe
        5⤵
        
        PID:5036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42630.exe
        5⤵
        
        PID:4512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59013.exe
        5⤵
        
        PID:5980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19082.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19082.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64641.exe
        5⤵
        
        PID:1968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12231.exe
        5⤵
        
        PID:3516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7503.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22240.exe
        5⤵
        
        PID:3352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35244.exe
        5⤵
        
        PID:4700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63479.exe
        5⤵
        
        PID:5924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8734.exe
      4⤵
      PID:2376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31832.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31832.exe
      4⤵
      PID:3544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12871.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12871.exe
      4⤵
      PID:3192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4497.exe
      4⤵
      PID:4772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35775.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35775.exe
      4⤵
      PID:4544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59013.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41030.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41030.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63700.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63700.exe
      4⤵
      PID:336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21365.exe
      4⤵
      PID:2332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28437.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28437.exe
      4⤵
      PID:3360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52507.exe
      4⤵
      PID:4364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14244.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14244.exe
      4⤵
      PID:4524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53678.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53678.exe
      4⤵
      PID:5536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18833.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18833.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64501.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64501.exe
      4⤵
      PID:2336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32132.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32132.exe
      4⤵
      PID:3652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15671.exe
      4⤵
      PID:4076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6288.exe
      4⤵
      PID:4336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35244.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35244.exe
      4⤵
      PID:4768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63479.exe
      4⤵
      PID:5932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65410.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65410.exe
    3⤵
    PID:1168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26532.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26532.exe
    3⤵
    PID:3680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13401.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13401.exe
    3⤵
    PID:3940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32.exe
    3⤵
    PID:4784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25437.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25437.exe
    3⤵
    PID:2860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57879.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57879.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5472
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18891.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18891.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30829.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30829.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31016.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11454.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48263.exe
        6⤵
        
        PID:2824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42111.exe
        6⤵
        
        PID:3456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21536.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52541.exe
        6⤵
        
        PID:4808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2402.exe
        6⤵
        
        PID:5376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56771.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37515.exe
        5⤵
        
        PID:2464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47902.exe
        5⤵
        
        PID:3084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38179.exe
        5⤵
        
        PID:3628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52541.exe
        5⤵
        
        PID:4780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51374.exe
        5⤵
        
        PID:4396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59013.exe
        5⤵
        
        PID:5296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47888.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47888.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29975.exe
        5⤵
        
        PID:1644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2640.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38621.exe
        5⤵
        
        PID:3996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14974.exe
        5⤵
        
        PID:5792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8538.exe
      4⤵
      PID:1724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43068.exe
      4⤵
      PID:3744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61873.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61873.exe
      4⤵
      PID:3168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27811.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27811.exe
      4⤵
      PID:4472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14244.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14244.exe
      4⤵
      PID:4468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53678.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53678.exe
      4⤵
      PID:5448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51088.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51088.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31029.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31029.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19151.exe
        5⤵
        
        PID:264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56070.exe
        5⤵
        
        PID:3116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38179.exe
        5⤵
        
        PID:3596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13575.exe
        5⤵
        
        PID:3348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35237.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15007.exe
        5⤵
        
        PID:5988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15045.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15045.exe
      4⤵
      PID:376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22372.exe
      4⤵
      PID:2956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33389.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33389.exe
      4⤵
      PID:3868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60709.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60709.exe
      4⤵
      PID:4880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10341.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59013.exe
      4⤵
      PID:5352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12968.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12968.exe
    3⤵
    - Executes dropped EXE
    PID:1732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32408.exe
      4⤵
      PID:3700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32955.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32955.exe
      4⤵
      PID:2200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23402.exe
      4⤵
      PID:5368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1035.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1035.exe
      4⤵
      PID:5816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48742.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48742.exe
    3⤵
    PID:2552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-557.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-557.exe
    3⤵
    PID:3784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30976.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30976.exe
    3⤵
    PID:4192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25437.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25437.exe
    3⤵
    PID:5016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57879.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57879.exe
    3⤵
    PID:5328
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55068.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55068.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56480.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56480.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24532.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24532.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2570.exe
        5⤵
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-368.exe
        6⤵
        
        PID:4840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41881.exe
        6⤵
        
        PID:5592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54475.exe
        5⤵
        
        PID:2540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45868.exe
        5⤵
        
        PID:3668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21536.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63160.exe
        5⤵
        
        PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18709.exe
        5⤵
        
        PID:4676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15007.exe
        5⤵
        
        PID:6004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51807.exe
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:2364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2673.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2673.exe
      4⤵
      PID:2000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57468.exe
        5⤵
        
        PID:3944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2671.exe
        5⤵
        
        PID:4236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61812.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23143.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64962.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64962.exe
      4⤵
      PID:3376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37280.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37280.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63934.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63934.exe
      4⤵
      PID:5004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29843.exe
      4⤵
      PID:4928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53678.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53678.exe
      4⤵
      PID:5316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9435.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9435.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2591.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2591.exe
      4⤵
      PID:2764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21228.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21228.exe
      4⤵
      PID:3204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26794.exe
      4⤵
      PID:3228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6035.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6035.exe
      4⤵
      PID:5020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32471.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32471.exe
      4⤵
      PID:4816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15007.exe
      4⤵
      PID:5852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61998.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61998.exe
    3⤵
    PID:2892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53767.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53767.exe
    3⤵
    PID:1884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29513.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29513.exe
    3⤵
    PID:3616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54985.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54985.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35775.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35775.exe
    3⤵
    PID:4616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59013.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59013.exe
    3⤵
    PID:5868
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46590.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46590.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6467.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6467.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34694.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34694.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29328.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29328.exe
      4⤵
      PID:5644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48263.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48263.exe
    3⤵
    PID:2992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62422.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62422.exe
    3⤵
    PID:3332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5698.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5698.exe
    3⤵
    PID:3808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51977.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51977.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35237.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35237.exe
    3⤵
    PID:5060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15007.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15007.exe
    3⤵
    PID:5444
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54707.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54707.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58891.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58891.exe
    3⤵
    PID:1192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34166.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34166.exe
    3⤵
    PID:3100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32313.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32313.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6288.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6288.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35244.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35244.exe
    3⤵
    PID:2352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63479.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63479.exe
    3⤵
    PID:6068
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59728.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59728.exe
  2⤵
  PID:2188
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24101.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24101.exe
  2⤵
  PID:3092
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3178.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3178.exe
  2⤵
  PID:3604
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5337.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5337.exe
  2⤵
  PID:4164
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1901.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1901.exe
  2⤵
  PID:4952
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50775.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50775.exe
  2⤵
  PID:5560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-18891.exe

Filesize
468KB

MD5
55137410d4dd046ecbb329444c5f02d5

SHA1
a8654a5130793b285e5351147dfaebd1301b2a76

SHA256
ba114a4e6151e05850c802d4694db28d848bb72c5de3feeb7423f008a364bee8

SHA512
7f6708ab149ad66ddf4b5e9e176adafd3f8ccca446e9398db8b758e566f5944572e8880d212f8575e9f061ec788340641c81e84aa32412eadbc0c8a3e31cb7de

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24698.exe

Filesize
468KB

MD5
95405b4b844ef69fafd575a16ae84407

SHA1
d712ad6b5c702cc20f1d176e77c90d121bf35fc5

SHA256
779da869e51f0426cb3b344ae73b8537043f342b3675eb662991c01ba12c3fdc

SHA512
9c7295874109ead5aba4f777f6a391bb62fb09d7078b2ff723a3333504052b93576e7614345f80c3821d00214cdbc199e169853d19fa3fd9c2f1fdcba279e28e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29869.exe

Filesize
468KB

MD5
4655c132d39e2502deab4a31fa34ed90

SHA1
a4e455a58b187c24f4887f4a9b41a307dadadc1d

SHA256
23eee629a0bb6f230dd600a86b6c7f5b4d0f3d9e9116b91f04cf3066c9a24a91

SHA512
1b9ffb1adbee440b07590728cf32220fc29f12175dd2e6d80999aea8064cd9f3375d93d94ce622e00acc5c160a07ee7badd75af29bbb47bd1743138d05ddfcf8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30829.exe

Filesize
468KB

MD5
7e4e6428c0be3fdf4e16df268bba46e2

SHA1
2a022bd0639367d9ae41ed2e7407e4ebc8fcd5bf

SHA256
1f09d029316da20d37731dd507a2d33e34fb7da8417680c46ea7d7195b672a40

SHA512
7a16ce5d2afda5051ea14ad35c62e5ed665f0e900cce0dee46d41b585921fd4a3e21d56d3c72dd117bcb0748b9e2cb49f9be7e0760d588586afa5c45a087bb62

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40507.exe

Filesize
468KB

MD5
293980e57b166d95a8a000e0c5ce06c3

SHA1
8f5c814137962f7bf341dfc842d822c1d50a2a35

SHA256
5947e7b4f81249435e4fda65929ec5a2506809e9da82431196349a46991efc84

SHA512
a35adbfa08b7b5f7b95861322f0ac15e31e58fd5b9dc596940131c8a668a5c0a7f0399ce8ce34ab23da10f3070bedb6c60ca7c5c0c04746c7aad2dad4100c76b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50553.exe

Filesize
468KB

MD5
9bedc503d71da914c0879938848424ca

SHA1
8047d4671f972804c9ce90f7d557e229b7f41ad0

SHA256
3931e0f83499ad7b2e165d7d784d9f843481471e821eeff9d84ec6d2eae0eb7f

SHA512
af7740975707fc75f98be670b8fdb1b6969c40faf2ded67a1fad6832dd8dbf01f6aca5221ac53f712713e11cbf8b89def60904f7158c6b5c0be7d08e698e3feb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50844.exe

Filesize
468KB

MD5
a33f97ef3ae9ead1159ff30ab2ae1fe8

SHA1
a9cbed156a622222ec81d12fbfa88e3ba8abd72a

SHA256
782893ecb864408116b01190c99c91532637a33fbbfd9cc8fa8c6e934c222cfc

SHA512
7ba56da8916460a079fc35ddfa2f8c697491b9d04ef166ce488eee53a3e5af0644271e4994ee08eac9246a1a4eb9d9be1158cf0e2ca461f63029da93edb96c37

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62928.exe

Filesize
468KB

MD5
ef511a52e7fb058f1a17a074d2179f24

SHA1
81cb2c1371c1266e31281a89365a3164b225bdbc

SHA256
a8ec31d225c6ff631ce094ce0785fae55a50b8a01f3cfb9b2da92fc39fc10310

SHA512
a78ce25cade9535aaf62344a0fa08f8591352987fe900ca4056a7b3f010adaaea9a7d660b1597b246dec0636d241fea9f7e2335ee190f66edcce824184091bf3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30153.exe

Filesize
468KB

MD5
22a0ce288beb6c47699ece40de3f072d

SHA1
c2b4271a151dcb16a12791a3f862bb8858eee6b1

SHA256
7b5bec60af083817175504aee15bb40e440b9ffd67e849110f145b3b6ad4b870

SHA512
8b498dd4b0aa4a635675ce2cefc9c39e1f233e94c16372ca2e94e005a64bbd7e99122a123b57a3e51d2ddcc370e380ec73f69e3c69e9a7cceadb3a65e2ac2fe1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33190.exe

Filesize
468KB

MD5
79c639f8e830b40aa88baebdc585199d

SHA1
85c53967f1b6c48ab6c37b9b6a70e5a4420fdc35

SHA256
e57d76972253c986340422ed48a22c7f8456a61a35d6d814ad96352e9ab34d84

SHA512
23d3eb99688047742a3e985481f748aea07bb24920080dae7a8069981d47a2816f8c58cce4fbeb81c397f9b9538ce5058cf45ad169bbd616cd7537b1a3eec8ea

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51067.exe

Filesize
468KB

MD5
a05559cdb39bd364c39059bf89a84704

SHA1
65c1bbda3e8c0464708ceac0fc7bdd955f5b968b

SHA256
b2c02b72c7a215001ee604dedc69244e1bbbf8c315cd58af1aa12e9536a06b94

SHA512
d514992b9ece30cd5e68c1356b265a10860e160b3cec669b28c125d04e5e315dd2df5327c2c45eefed756fc471b32d124710a5ecf02c0905d8047924a9f128d7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53044.exe

Filesize
468KB

MD5
27f0f72b801c5a36f887d7667fd949a9

SHA1
f83e3757a3766eda98eed659e4c03239b04bfc31

SHA256
4122a01487740b94c4d62981b11dd587b2fe22c90217348beb633cdc9249f7ae

SHA512
5656d670239d1bdfaaf6cd7fefe7228584da3ac5a8e9ebc8e91519b7df70065e0d7f5f9684bfb1ed8a2c82d1ad9f408de5ed627c9019dc05f577342bb2c278e9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53781.exe

Filesize
468KB

MD5
939a46f2b71626760e1ed74afebc4057

SHA1
2e043365f3b53279b1601414cc26f84c9b05e60a

SHA256
5261d51116b551f1533f23862f647c34f8068db24c111cfd192d84762124b1a6

SHA512
86c52ca503d2ebbf88a9f3a703a74a0a6df83ea4b4b28203136dbbaf447e3dd6a4a507ebfd6e60136f6071eafebad42fe413c98bae5d766a2a2fd0281ecc8147

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55068.exe

Filesize
468KB

MD5
ec04657c9266f1793d49da21670fb8f5

SHA1
9043c43ca19477a2022c503784641bbd283435a8

SHA256
60373ab08177d5878563c87a17d850cfb61d2018e36bce5a594e73045c529ac2

SHA512
8d6a49998b249d040f6c57eec6a8ef3a720611173b3f3b97cdcd06c6f04b407e8b37587246425bb8daa3b35f6c9e76592aa95fa8b25125ca426aa25f5a32ed47

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57393.exe

Filesize
468KB

MD5
5e650e732f829af77e13cba7b61ae8ee

SHA1
af9f44ded59ec9308d58229c59e46ba3accad308

SHA256
f9a13bafe8bbeda2a79bc9f9f56a9bd0c687119fd07f5553662d1387f7a31f29

SHA512
9d4d10398bf639d53ad042163a3fb10c792350bf7b24ad3f3afd5fd0b6cd753ce6bc899bd3e39551af1bbd8ec6338166d2b437046dc7cc04c1fc43316b3304ad

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57803.exe

Filesize
468KB

MD5
bb5411fea264f2a45a0d192cea9fa39d

SHA1
a2edac2cf3dfb70e70843d1105676998d5961a38

SHA256
1b4a8dcf3a29e8445d010431ce71695f11e136aefcc29741531c020934bbb163

SHA512
da00b409d6b3811647af96f7626496cacca41d765944362e0c011eb3639a6cb640369354dab4a4b9e204dafe54e2ba05739f111e59a992f781cd388f2a87972a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60548.exe

Filesize
468KB

MD5
272ab850352a69195874da0deb724702

SHA1
8638a7714d8082c644ea6d52462986a6600d71c8

SHA256
9c4620f55c5259f66c647b5948ae0b623d30f866a5b40e011722b4f332b89232

SHA512
c582f6b9959acc1b758b2660b3eb1fffac95bcaa0f787f577260de54ef74cee17f7ae76f664c42c5580c234eeced9fa4b5dcfd6b5da7ecf5418fde10df844ea8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64995.exe

Filesize
468KB

MD5
ff5076613e9808df3e97703ebe8cdad6

SHA1
f85b92fb34bb06658aaa2cca771342388b32ad6f

SHA256
5d026ce0bff78818fc22d26212eed08c24f616ab9b2466f9a4d6c0e8d63930f5

SHA512
18bdce81272dd99e2e534e4ad933089ab85b57b49f67ebf3235a52c50802cc767b7d74801304463c7e8fb68013dc95501c4d19423683b0cf2e17c889938ccab4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-765.exe

Filesize
468KB

MD5
6a7814fc5b70b919e6b21ca9edb913fe

SHA1
d8e58242e1828c827c9d595457909072593c0f7b

SHA256
4e92e82016d261c1ea42efc2e372a30f30a7e85d525f7d0e2f51b051908845a6

SHA512
9ef92b7f2b44067c51113aadd417b85670fc25cdd38b7059b50403207726c576a1e567864e008cbe6cbd3b1b1b41099b7e698b49aad8fe12c32c2a6a95183b5a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-787.exe

Filesize
468KB

MD5
c1394575ff0898316aecfa444d49cdea

SHA1
6382bc7570ea9a01d1bb2f945c0e22921842505f

SHA256
e03aed0e322e6758a659e82a2991ce880fc3759879ac629c161f15bcb745d169

SHA512
0db4172f8c7e39e8a5b42d5527cdbbef42ccaed01e1b147ea8b19e7af88efe9732f663d27d2a8e745b23d2dec27d11c07cb741e982f1d05187caa6805b19e180

Download Submit