582e0bdb2e29741b749f32c11c0994c8d28545e0af6abb0c8e6ce5f6690baa08

Analysis

max time kernel
114s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
19/11/2024, 16:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

582e0bdb2e29741b749f32c11c0994c8d28545e0af6abb0c8e6ce5f6690baa08.exe
Size

468KB
MD5

66775f6d3e34c975fea516830b7c9836
SHA1

044853334b7ffd1ba284d8060f71adff63a7c898
SHA256

582e0bdb2e29741b749f32c11c0994c8d28545e0af6abb0c8e6ce5f6690baa08
SHA512

3471ed74b2cfc5d3df0355764bf854cc6f8413455715b16c2d9b3412fc73362e25bcf62d14c1ae191c222afe71c8600d71e4d6f602723664c277e4e258b91951
SSDEEP

3072:4belouxaIU57tbYZPznfmbfD/n2DnWIHihmyeQVDJf440kiIuxClQR:4b4oEc7tCPjfmbftatGf4x7Iuxz

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1228	Unicorn-44025.exe
3036	Unicorn-11710.exe
3024	Unicorn-20433.exe
2296	Unicorn-56976.exe
2828	Unicorn-63106.exe
3064	Unicorn-34518.exe
2884	Unicorn-47517.exe
320	Unicorn-6936.exe
1540	Unicorn-51487.exe
1164	Unicorn-47668.exe
2512	Unicorn-32078.exe
2236	Unicorn-51944.exe
1708	Unicorn-32078.exe
2432	Unicorn-54174.exe
2956	Unicorn-47860.exe
1312	Unicorn-49095.exe
2592	Unicorn-54118.exe
1424	Unicorn-61731.exe
2080	Unicorn-16807.exe
2388	Unicorn-40988.exe
1972	Unicorn-22051.exe
2300	Unicorn-49671.exe
1776	Unicorn-51150.exe
1056	Unicorn-4409.exe
2404	Unicorn-20367.exe
1620	Unicorn-29298.exe
1564	Unicorn-5348.exe
832	Unicorn-49142.exe
2448	Unicorn-61129.exe
2060	Unicorn-38928.exe
2576	Unicorn-46402.exe
1936	Unicorn-13708.exe
1048	Unicorn-50761.exe
1600	Unicorn-55784.exe
2004	Unicorn-51124.exe
3028	Unicorn-9728.exe
2556	Unicorn-54851.exe
2776	Unicorn-59697.exe
1744	Unicorn-55540.exe
2936	Unicorn-55805.exe
2800	Unicorn-57267.exe
2844	Unicorn-63397.exe
1892	Unicorn-8970.exe
1784	Unicorn-58628.exe
1732	Unicorn-10942.exe
2328	Unicorn-26724.exe
2856	Unicorn-55867.exe
1124	Unicorn-55867.exe
2240	Unicorn-10195.exe
1136	Unicorn-10195.exe
1904	Unicorn-10195.exe
1548	Unicorn-10195.exe
2232	Unicorn-18362.exe
580	Unicorn-37890.exe
2020	Unicorn-7263.exe
2312	Unicorn-45674.exe
2632	Unicorn-2603.exe
2360	Unicorn-27191.exe
2084	Unicorn-27191.exe
2608	Unicorn-21060.exe
2568	Unicorn-53174.exe
456	Unicorn-53174.exe
584	Unicorn-51341.exe
2708	Unicorn-24498.exe

Loads dropped DLL 64 IoCs

pid	Process
2380	582e0bdb2e29741b749f32c11c0994c8d28545e0af6abb0c8e6ce5f6690baa08.exe
2380	582e0bdb2e29741b749f32c11c0994c8d28545e0af6abb0c8e6ce5f6690baa08.exe
1228	Unicorn-44025.exe
1228	Unicorn-44025.exe
2380	582e0bdb2e29741b749f32c11c0994c8d28545e0af6abb0c8e6ce5f6690baa08.exe
2380	582e0bdb2e29741b749f32c11c0994c8d28545e0af6abb0c8e6ce5f6690baa08.exe
3024	Unicorn-20433.exe
2380	582e0bdb2e29741b749f32c11c0994c8d28545e0af6abb0c8e6ce5f6690baa08.exe
2380	582e0bdb2e29741b749f32c11c0994c8d28545e0af6abb0c8e6ce5f6690baa08.exe
3036	Unicorn-11710.exe
3036	Unicorn-11710.exe
3024	Unicorn-20433.exe
1228	Unicorn-44025.exe
1228	Unicorn-44025.exe
2296	Unicorn-56976.exe
2296	Unicorn-56976.exe
2380	582e0bdb2e29741b749f32c11c0994c8d28545e0af6abb0c8e6ce5f6690baa08.exe
2828	Unicorn-63106.exe
2380	582e0bdb2e29741b749f32c11c0994c8d28545e0af6abb0c8e6ce5f6690baa08.exe
2828	Unicorn-63106.exe
3036	Unicorn-11710.exe
3024	Unicorn-20433.exe
3024	Unicorn-20433.exe
3064	Unicorn-34518.exe
2884	Unicorn-47517.exe
3064	Unicorn-34518.exe
1228	Unicorn-44025.exe
3036	Unicorn-11710.exe
1228	Unicorn-44025.exe
2884	Unicorn-47517.exe
320	Unicorn-6936.exe
320	Unicorn-6936.exe
2296	Unicorn-56976.exe
2296	Unicorn-56976.exe
2236	Unicorn-51944.exe
2236	Unicorn-51944.exe
3064	Unicorn-34518.exe
2512	Unicorn-32078.exe
3064	Unicorn-34518.exe
2512	Unicorn-32078.exe
2956	Unicorn-47860.exe
3024	Unicorn-20433.exe
3024	Unicorn-20433.exe
2956	Unicorn-47860.exe
2884	Unicorn-47517.exe
2884	Unicorn-47517.exe
1540	Unicorn-51487.exe
1540	Unicorn-51487.exe
2380	582e0bdb2e29741b749f32c11c0994c8d28545e0af6abb0c8e6ce5f6690baa08.exe
2380	582e0bdb2e29741b749f32c11c0994c8d28545e0af6abb0c8e6ce5f6690baa08.exe
2432	Unicorn-54174.exe
2432	Unicorn-54174.exe
2828	Unicorn-63106.exe
2828	Unicorn-63106.exe
1708	Unicorn-32078.exe
1708	Unicorn-32078.exe
1228	Unicorn-44025.exe
1228	Unicorn-44025.exe
3036	Unicorn-11710.exe
3036	Unicorn-11710.exe
1312	Unicorn-49095.exe
1312	Unicorn-49095.exe
320	Unicorn-6936.exe
320	Unicorn-6936.exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61731.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14173.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54793.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43327.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3525.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27551.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	582e0bdb2e29741b749f32c11c0994c8d28545e0af6abb0c8e6ce5f6690baa08.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35181.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15120.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53584.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56339.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35338.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22051.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40781.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7720.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62928.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25425.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59139.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40483.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40010.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51487.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49095.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26724.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21060.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3812.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51717.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58923.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58267.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39803.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65004.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15083.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60647.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27551.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19290.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61105.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7412.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53619.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45227.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56674.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5097.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44087.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54517.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14138.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13533.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37077.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24553.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3203.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23749.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62928.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8890.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13708.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45674.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22464.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60647.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17211.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22973.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54086.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14315.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45951.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1887.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40483.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57391.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43327.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52752.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2380	582e0bdb2e29741b749f32c11c0994c8d28545e0af6abb0c8e6ce5f6690baa08.exe
1228	Unicorn-44025.exe
3024	Unicorn-20433.exe
3036	Unicorn-11710.exe
2296	Unicorn-56976.exe
2828	Unicorn-63106.exe
3064	Unicorn-34518.exe
2884	Unicorn-47517.exe
320	Unicorn-6936.exe
1540	Unicorn-51487.exe
2956	Unicorn-47860.exe
2432	Unicorn-54174.exe
2512	Unicorn-32078.exe
1164	Unicorn-47668.exe
1708	Unicorn-32078.exe
2236	Unicorn-51944.exe
1312	Unicorn-49095.exe
2592	Unicorn-54118.exe
1424	Unicorn-61731.exe
1776	Unicorn-51150.exe
1056	Unicorn-4409.exe
1972	Unicorn-22051.exe
2080	Unicorn-16807.exe
2388	Unicorn-40988.exe
2448	Unicorn-61129.exe
2300	Unicorn-49671.exe
832	Unicorn-49142.exe
1620	Unicorn-29298.exe
2404	Unicorn-20367.exe
1564	Unicorn-5348.exe
2060	Unicorn-38928.exe
2576	Unicorn-46402.exe
1936	Unicorn-13708.exe
1048	Unicorn-50761.exe
1600	Unicorn-55784.exe
2004	Unicorn-51124.exe
3028	Unicorn-9728.exe
2556	Unicorn-54851.exe
2776	Unicorn-59697.exe
1744	Unicorn-55540.exe
2936	Unicorn-55805.exe
1784	Unicorn-58628.exe
2844	Unicorn-63397.exe
2800	Unicorn-57267.exe
1892	Unicorn-8970.exe
2328	Unicorn-26724.exe
1732	Unicorn-10942.exe
1124	Unicorn-55867.exe
2240	Unicorn-10195.exe
1904	Unicorn-10195.exe
2856	Unicorn-55867.exe
1136	Unicorn-10195.exe
1548	Unicorn-10195.exe
2232	Unicorn-18362.exe
580	Unicorn-37890.exe
2312	Unicorn-45674.exe
2020	Unicorn-7263.exe
2632	Unicorn-2603.exe
2084	Unicorn-27191.exe
2360	Unicorn-27191.exe
2608	Unicorn-21060.exe
456	Unicorn-53174.exe
584	Unicorn-51341.exe
2708	Unicorn-24498.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 1228	2380	582e0bdb2e29741b749f32c11c0994c8d28545e0af6abb0c8e6ce5f6690baa08.exe	30
PID 2380 wrote to memory of 1228	2380	582e0bdb2e29741b749f32c11c0994c8d28545e0af6abb0c8e6ce5f6690baa08.exe	30
PID 2380 wrote to memory of 1228	2380	582e0bdb2e29741b749f32c11c0994c8d28545e0af6abb0c8e6ce5f6690baa08.exe	30
PID 2380 wrote to memory of 1228	2380	582e0bdb2e29741b749f32c11c0994c8d28545e0af6abb0c8e6ce5f6690baa08.exe	30
PID 1228 wrote to memory of 3036	1228	Unicorn-44025.exe	31
PID 1228 wrote to memory of 3036	1228	Unicorn-44025.exe	31
PID 1228 wrote to memory of 3036	1228	Unicorn-44025.exe	31
PID 1228 wrote to memory of 3036	1228	Unicorn-44025.exe	31
PID 2380 wrote to memory of 3024	2380	582e0bdb2e29741b749f32c11c0994c8d28545e0af6abb0c8e6ce5f6690baa08.exe	32
PID 2380 wrote to memory of 3024	2380	582e0bdb2e29741b749f32c11c0994c8d28545e0af6abb0c8e6ce5f6690baa08.exe	32
PID 2380 wrote to memory of 3024	2380	582e0bdb2e29741b749f32c11c0994c8d28545e0af6abb0c8e6ce5f6690baa08.exe	32
PID 2380 wrote to memory of 3024	2380	582e0bdb2e29741b749f32c11c0994c8d28545e0af6abb0c8e6ce5f6690baa08.exe	32
PID 2380 wrote to memory of 2296	2380	582e0bdb2e29741b749f32c11c0994c8d28545e0af6abb0c8e6ce5f6690baa08.exe	34
PID 2380 wrote to memory of 2296	2380	582e0bdb2e29741b749f32c11c0994c8d28545e0af6abb0c8e6ce5f6690baa08.exe	34
PID 2380 wrote to memory of 2296	2380	582e0bdb2e29741b749f32c11c0994c8d28545e0af6abb0c8e6ce5f6690baa08.exe	34
PID 2380 wrote to memory of 2296	2380	582e0bdb2e29741b749f32c11c0994c8d28545e0af6abb0c8e6ce5f6690baa08.exe	34
PID 3036 wrote to memory of 2828	3036	Unicorn-11710.exe	35
PID 3036 wrote to memory of 2828	3036	Unicorn-11710.exe	35
PID 3036 wrote to memory of 2828	3036	Unicorn-11710.exe	35
PID 3036 wrote to memory of 2828	3036	Unicorn-11710.exe	35
PID 3024 wrote to memory of 3064	3024	Unicorn-20433.exe	33
PID 3024 wrote to memory of 3064	3024	Unicorn-20433.exe	33
PID 3024 wrote to memory of 3064	3024	Unicorn-20433.exe	33
PID 3024 wrote to memory of 3064	3024	Unicorn-20433.exe	33
PID 1228 wrote to memory of 2884	1228	Unicorn-44025.exe	36
PID 1228 wrote to memory of 2884	1228	Unicorn-44025.exe	36
PID 1228 wrote to memory of 2884	1228	Unicorn-44025.exe	36
PID 1228 wrote to memory of 2884	1228	Unicorn-44025.exe	36
PID 2296 wrote to memory of 320	2296	Unicorn-56976.exe	37
PID 2296 wrote to memory of 320	2296	Unicorn-56976.exe	37
PID 2296 wrote to memory of 320	2296	Unicorn-56976.exe	37
PID 2296 wrote to memory of 320	2296	Unicorn-56976.exe	37
PID 2380 wrote to memory of 1540	2380	582e0bdb2e29741b749f32c11c0994c8d28545e0af6abb0c8e6ce5f6690baa08.exe	38
PID 2380 wrote to memory of 1540	2380	582e0bdb2e29741b749f32c11c0994c8d28545e0af6abb0c8e6ce5f6690baa08.exe	38
PID 2380 wrote to memory of 1540	2380	582e0bdb2e29741b749f32c11c0994c8d28545e0af6abb0c8e6ce5f6690baa08.exe	38
PID 2380 wrote to memory of 1540	2380	582e0bdb2e29741b749f32c11c0994c8d28545e0af6abb0c8e6ce5f6690baa08.exe	38
PID 2828 wrote to memory of 1164	2828	Unicorn-63106.exe	39
PID 2828 wrote to memory of 1164	2828	Unicorn-63106.exe	39
PID 2828 wrote to memory of 1164	2828	Unicorn-63106.exe	39
PID 2828 wrote to memory of 1164	2828	Unicorn-63106.exe	39
PID 3024 wrote to memory of 2512	3024	Unicorn-20433.exe	41
PID 3024 wrote to memory of 2512	3024	Unicorn-20433.exe	41
PID 3024 wrote to memory of 2512	3024	Unicorn-20433.exe	41
PID 3024 wrote to memory of 2512	3024	Unicorn-20433.exe	41
PID 3064 wrote to memory of 2236	3064	Unicorn-34518.exe	42
PID 3064 wrote to memory of 2236	3064	Unicorn-34518.exe	42
PID 3064 wrote to memory of 2236	3064	Unicorn-34518.exe	42
PID 3064 wrote to memory of 2236	3064	Unicorn-34518.exe	42
PID 3036 wrote to memory of 1708	3036	Unicorn-11710.exe	40
PID 3036 wrote to memory of 1708	3036	Unicorn-11710.exe	40
PID 3036 wrote to memory of 1708	3036	Unicorn-11710.exe	40
PID 3036 wrote to memory of 1708	3036	Unicorn-11710.exe	40
PID 1228 wrote to memory of 2432	1228	Unicorn-44025.exe	44
PID 1228 wrote to memory of 2432	1228	Unicorn-44025.exe	44
PID 1228 wrote to memory of 2432	1228	Unicorn-44025.exe	44
PID 1228 wrote to memory of 2432	1228	Unicorn-44025.exe	44
PID 2884 wrote to memory of 2956	2884	Unicorn-47517.exe	43
PID 2884 wrote to memory of 2956	2884	Unicorn-47517.exe	43
PID 2884 wrote to memory of 2956	2884	Unicorn-47517.exe	43
PID 2884 wrote to memory of 2956	2884	Unicorn-47517.exe	43
PID 320 wrote to memory of 1312	320	Unicorn-6936.exe	45
PID 320 wrote to memory of 1312	320	Unicorn-6936.exe	45
PID 320 wrote to memory of 1312	320	Unicorn-6936.exe	45
PID 320 wrote to memory of 1312	320	Unicorn-6936.exe	45

C:\Users\Admin\AppData\Local\Temp\582e0bdb2e29741b749f32c11c0994c8d28545e0af6abb0c8e6ce5f6690baa08.exe
"C:\Users\Admin\AppData\Local\Temp\582e0bdb2e29741b749f32c11c0994c8d28545e0af6abb0c8e6ce5f6690baa08.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44025.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44025.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11710.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11710.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63106.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63106.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47668.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51124.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58050.exe
        7⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16275.exe
        7⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36193.exe
        7⤵
        
        PID:4488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54517.exe
        6⤵
        
        PID:1688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65211.exe
        6⤵
        
        PID:924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54263.exe
        6⤵
        
        PID:3924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27551.exe
        6⤵
        
        PID:2848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45951.exe
        6⤵
        
        PID:3524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5348.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1887.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-172.exe
        7⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18832.exe
        7⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55902.exe
        7⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35825.exe
        7⤵
        
        PID:4304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30646.exe
        6⤵
        
        PID:2880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25822.exe
        6⤵
        
        PID:2892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18880.exe
        6⤵
        
        PID:3484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3016.exe
        6⤵
        
        PID:4556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21060.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60647.exe
        6⤵
        
        PID:2188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45611.exe
        6⤵
        
        PID:2248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57063.exe
        6⤵
        
        PID:3736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14315.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60382.exe
        5⤵
        
        PID:944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56546.exe
        5⤵
        
        PID:432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37727.exe
        5⤵
        
        PID:3760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56869.exe
        5⤵
        
        PID:3172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24420.exe
        5⤵
        
        PID:5000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32078.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32078.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49142.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58628.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60977.exe
        7⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13857.exe
        7⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54495.exe
        7⤵
        
        PID:3548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1433.exe
        6⤵
        
        PID:2364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56674.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51721.exe
        6⤵
        
        PID:3396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23953.exe
        6⤵
        
        PID:4240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10942.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24553.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43327.exe
        6⤵
        
        PID:3824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46887.exe
        6⤵
        
        PID:3436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54086.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54517.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65211.exe
        5⤵
        
        PID:1700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54263.exe
        5⤵
        
        PID:3984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27551.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45951.exe
        5⤵
        
        PID:4128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38928.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38928.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59697.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60647.exe
        6⤵
        
        PID:2568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45227.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57063.exe
        6⤵
        
        PID:3744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14315.exe
        6⤵
        
        PID:4456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40781.exe
        5⤵
        
        PID:1336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49918.exe
        5⤵
        
        PID:3664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58923.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27551.exe
        5⤵
        
        PID:3088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45951.exe
        5⤵
        
        PID:4116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55540.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55540.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60647.exe
        5⤵
        
        PID:1988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45013.exe
        5⤵
        
        PID:3716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60397.exe
        5⤵
        
        PID:3076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55917.exe
        5⤵
        
        PID:4736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51717.exe
      4⤵
      PID:1644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31458.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31458.exe
      4⤵
      PID:2764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54793.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35338.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51362.exe
      4⤵
      PID:5016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47517.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47517.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47860.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47860.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49671.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61446.exe
        6⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22464.exe
        7⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36399.exe
        7⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52320.exe
        7⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52752.exe
        7⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3678.exe
        7⤵
        
        PID:5024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27294.exe
        6⤵
        
        PID:2476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59346.exe
        6⤵
        
        PID:2532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62928.exe
        6⤵
        
        PID:3860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10992.exe
        6⤵
        
        PID:4512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1015.exe
        5⤵
        
        PID:768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7720.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33441.exe
        6⤵
        
        PID:3232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3525.exe
        6⤵
        
        PID:3132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64284.exe
        6⤵
        
        PID:4704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61105.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22804.exe
        5⤵
        
        PID:3948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28300.exe
        5⤵
        
        PID:360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47748.exe
        5⤵
        
        PID:4680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51150.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51150.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36942.exe
        5⤵
        
        PID:532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60647.exe
        6⤵
        
        PID:1768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37058.exe
        6⤵
        
        PID:2540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3525.exe
        6⤵
        
        PID:3164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15083.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40781.exe
        5⤵
        
        PID:2180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49918.exe
        5⤵
        
        PID:3656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58923.exe
        5⤵
        
        PID:3192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27551.exe
        5⤵
        
        PID:3624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45951.exe
        5⤵
        
        PID:4136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47423.exe
      4⤵
      PID:1932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5534.exe
        5⤵
        
        PID:4572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1433.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1433.exe
      4⤵
      PID:2164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14138.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14138.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56114.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56114.exe
      4⤵
      PID:3280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15613.exe
      4⤵
      PID:4836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54174.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54174.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29298.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29298.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26724.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60647.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32760.exe
        6⤵
        
        PID:3724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35876.exe
        6⤵
        
        PID:3296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44087.exe
        6⤵
        
        PID:4296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13509.exe
        6⤵
        
        PID:4660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40781.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58962.exe
        5⤵
        
        PID:2076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62928.exe
        5⤵
        
        PID:3848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44087.exe
        5⤵
        
        PID:4264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13509.exe
        5⤵
        
        PID:4656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55867.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47007.exe
        5⤵
        
        PID:2896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5097.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58267.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53619.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58300.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58300.exe
      4⤵
      PID:2052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4142.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4142.exe
      4⤵
      PID:2636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54263.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54263.exe
      4⤵
      PID:4000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27551.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27551.exe
      4⤵
      PID:3628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45951.exe
      4⤵
      PID:4140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61129.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61129.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9728.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18764.exe
        5⤵
        
        PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22973.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62928.exe
        5⤵
        
        PID:3856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44087.exe
        5⤵
        
        PID:4280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13509.exe
        5⤵
        
        PID:4672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31762.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31762.exe
      4⤵
      PID:2016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54219.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54219.exe
      4⤵
      PID:1440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58185.exe
      4⤵
      PID:3332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44087.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44087.exe
      4⤵
      PID:4316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25761.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25761.exe
      4⤵
      PID:4776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54851.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54851.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16385.exe
      4⤵
      PID:2392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43327.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43327.exe
      4⤵
      PID:3816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36193.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36193.exe
      4⤵
      PID:4504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35181.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35181.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48524.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48524.exe
    3⤵
    PID:2316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33262.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33262.exe
    3⤵
    PID:3696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17751.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17751.exe
    3⤵
    PID:3356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23285.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23285.exe
    3⤵
    PID:4164
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20433.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20433.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34518.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34518.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51944.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51944.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61731.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50761.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27191.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63197.exe
        8⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7412.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17211.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60197.exe
        7⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38808.exe
        7⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44087.exe
        7⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25761.exe
        7⤵
        
        PID:4700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53174.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37077.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14173.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24774.exe
        7⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52752.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45421.exe
        7⤵
        
        PID:4252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30946.exe
        6⤵
        
        PID:772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4993.exe
        6⤵
        
        PID:3440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54263.exe
        6⤵
        
        PID:3788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27551.exe
        6⤵
        
        PID:1728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45951.exe
        6⤵
        
        PID:608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55784.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60647.exe
        6⤵
        
        PID:1940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37058.exe
        6⤵
        
        PID:2588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25425.exe
        6⤵
        
        PID:336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28418.exe
        6⤵
        
        PID:4216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54517.exe
        5⤵
        
        PID:1240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65211.exe
        5⤵
        
        PID:2212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54263.exe
        5⤵
        
        PID:3968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27551.exe
        5⤵
        
        PID:4108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45951.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40988.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7263.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49500.exe
        5⤵
        
        PID:2580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51453.exe
        5⤵
        
        PID:3388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62928.exe
        5⤵
        
        PID:3884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44087.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49524.exe
        5⤵
        
        PID:4208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45674.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24498.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56541.exe
        6⤵
        
        PID:5100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63540.exe
        5⤵
        
        PID:1504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44053.exe
        5⤵
        
        PID:3680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2051.exe
        5⤵
        
        PID:3180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44087.exe
        5⤵
        
        PID:4288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13509.exe
        5⤵
        
        PID:4648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3812.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3812.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6703.exe
        5⤵
        
        PID:1516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40483.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19948.exe
        5⤵
        
        PID:3260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65004.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45421.exe
        5⤵
        
        PID:4212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13533.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22631.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22631.exe
      4⤵
      PID:2624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21762.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21762.exe
      4⤵
      PID:3228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23086.exe
      4⤵
      PID:3212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19085.exe
      4⤵
      PID:4536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32078.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32078.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16807.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10195.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22464.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40483.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24032.exe
        6⤵
        
        PID:3216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52752.exe
        6⤵
        
        PID:784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3678.exe
        6⤵
        
        PID:5040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40781.exe
        5⤵
        
        PID:524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49918.exe
        5⤵
        
        PID:3672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58923.exe
        5⤵
        
        PID:1912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27551.exe
        5⤵
        
        PID:3404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45951.exe
        5⤵
        
        PID:5112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51341.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36812.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36812.exe
      4⤵
      PID:2176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61865.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61865.exe
      4⤵
      PID:3456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60927.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60927.exe
      4⤵
      PID:4088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59427.exe
      4⤵
      PID:4584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22051.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22051.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63397.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63397.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57391.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43327.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59139.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7961.exe
        5⤵
        
        PID:5048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1782.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1782.exe
      4⤵
      PID:836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57318.exe
      4⤵
      PID:3376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54263.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54263.exe
      4⤵
      PID:3916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39803.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39803.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45951.exe
      4⤵
      PID:3912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8970.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8970.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60647.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60647.exe
      4⤵
      PID:2440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-110.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-110.exe
      4⤵
      PID:2952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3525.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15083.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15083.exe
      4⤵
      PID:4852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51717.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51717.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40010.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40010.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39396.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39396.exe
    3⤵
    PID:3904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54284.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54284.exe
    3⤵
    PID:4820
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56976.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56976.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6936.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6936.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49095.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49095.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46402.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27191.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13235.exe
        7⤵
        
        PID:4808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61105.exe
        6⤵
        
        PID:804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22804.exe
        6⤵
        
        PID:3960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7112.exe
        6⤵
        
        PID:3324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64085.exe
        6⤵
        
        PID:4744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53174.exe
        5⤵
        Executes dropped EXE
        
        PID:2568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6499.exe
        5⤵
        
        PID:3000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2316.exe
        6⤵
        
        PID:3148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42471.exe
        6⤵
        
        PID:4344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61433.exe
        6⤵
        
        PID:4760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5242.exe
        5⤵
        
        PID:2228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54979.exe
        5⤵
        
        PID:3928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43861.exe
        5⤵
        
        PID:3256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64814.exe
        5⤵
        
        PID:4616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13708.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10195.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57967.exe
        6⤵
        
        PID:3196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43327.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36193.exe
        6⤵
        
        PID:4496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61861.exe
        5⤵
        
        PID:1632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19849.exe
        5⤵
        
        PID:1956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62928.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56339.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28885.exe
        5⤵
        
        PID:4148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37890.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50512.exe
        5⤵
        
        PID:2224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23415.exe
        5⤵
        
        PID:1648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18832.exe
        5⤵
        
        PID:3116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34283.exe
        5⤵
        
        PID:3472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44954.exe
        5⤵
        
        PID:4188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21658.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21658.exe
      4⤵
      PID:2284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7454.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7454.exe
      4⤵
      PID:2640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60927.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60927.exe
      4⤵
      PID:4048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43283.exe
      4⤵
      PID:4692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54118.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54118.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55805.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55805.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15120.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6114.exe
        5⤵
        
        PID:2840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57063.exe
        5⤵
        
        PID:3752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52752.exe
        5⤵
        
        PID:3512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56963.exe
        5⤵
        
        PID:5056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40781.exe
      4⤵
      PID:1928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50794.exe
      4⤵
      PID:2044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62928.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62928.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44087.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44087.exe
      4⤵
      PID:4324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25761.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25761.exe
      4⤵
      PID:4768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57267.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57267.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49936.exe
      4⤵
      PID:872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44137.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44137.exe
      4⤵
      PID:2036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3503.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3503.exe
      4⤵
      PID:3420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52752.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52752.exe
      4⤵
      PID:4064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45421.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45421.exe
      4⤵
      PID:4184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17958.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17958.exe
    3⤵
    PID:2872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2124.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2124.exe
      4⤵
      PID:4020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17115.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17115.exe
      4⤵
      PID:4468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15191.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15191.exe
    3⤵
    PID:2888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3581.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3581.exe
    3⤵
    PID:3152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34508.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34508.exe
    3⤵
    PID:3544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14825.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14825.exe
    3⤵
    PID:3452
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51487.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51487.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4409.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4409.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10195.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39073.exe
        5⤵
        
        PID:928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33151.exe
        5⤵
        
        PID:2996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48221.exe
        5⤵
        
        PID:3372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37164.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37164.exe
      4⤵
      PID:1760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34241.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34241.exe
      4⤵
      PID:3868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27210.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27210.exe
      4⤵
      PID:3284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27551.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27551.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45951.exe
      4⤵
      PID:3908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55867.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55867.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1698.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1698.exe
      4⤵
      PID:1816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3203.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3203.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9912.exe
      4⤵
      PID:3384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23749.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23749.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63152.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63152.exe
    3⤵
    PID:1252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25715.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25715.exe
    3⤵
    PID:1472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54263.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54263.exe
    3⤵
    PID:3992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27551.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27551.exe
    3⤵
    PID:4100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45951.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45951.exe
    3⤵
    PID:4124
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20367.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20367.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10195.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10195.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53584.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53584.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26756.exe
      4⤵
      PID:3344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8890.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45484.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45484.exe
      4⤵
      PID:4224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40781.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40781.exe
    3⤵
    PID:2108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13845.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13845.exe
    3⤵
    PID:2772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62928.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62928.exe
    3⤵
    PID:3844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44087.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44087.exe
    3⤵
    PID:4332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25761.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25761.exe
    3⤵
    PID:4720
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18362.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18362.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60647.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60647.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45611.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45611.exe
    3⤵
    PID:1724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25425.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25425.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19290.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19290.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4256
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52247.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52247.exe
  2⤵
  PID:952
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35545.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35545.exe
  2⤵
  PID:1944
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27927.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27927.exe
  2⤵
  PID:3704
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21951.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21951.exe
  2⤵
  PID:3612
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61086.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61086.exe
  2⤵
  PID:5092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-20433.exe

Filesize
468KB

MD5
899df19c0307bd1b86678dcea6bc15aa

SHA1
424b6dd2fe52ec484bb0472857fb2127d1402251

SHA256
f8cb38954f8cf4c24b6536ada66256f438835d8943deef59095f501f4d8dcd5b

SHA512
5c9a5b60eb9d868fb0ddbfcd78d85fcaf845fe246cd564e5e5e9c23dd2c39561371f6be4b2a58086ece586a5d28fdcb6eb37edf4acf5057beb8da1f7f2e2b102

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5534.exe

Filesize
468KB

MD5
0278ed2a18ff22a61aaa955b74cfbf8a

SHA1
ab9049e9c9547407cf7f443f0e954dd6451191ae

SHA256
317e19aa67f5f48b0db2ea4d3f3e6a296778d46bc6b622acd1f92c505ee9825f

SHA512
6acf0942f15a9a71d557a6872658b3476c41399ec77805af73d584fe2d02762cc6480a03855ad9d4b20c95833003cdafccb275bc3886eba122623768fcf44f26

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56976.exe

Filesize
468KB

MD5
41eb5c1154ddf28d29ae32e339cda178

SHA1
841deade1c9255627b3645fc1087c0e82a10efab

SHA256
43069a4fdee8660ee8385ae06e6c4481c020cf5d1f80f4668b13fbb007884ead

SHA512
90c47516b2172429aec28f2b919392c3ba71d57c61846a81125cd12bc2c9c6c0686963ed61d975812a49bdcdae89b1f1183813f92d319ef06085086db92ddc53

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11710.exe

Filesize
468KB

MD5
883ddcbaa05abc124132a4dd80f9e7d5

SHA1
efeb0823386674a6a212e032972f0a521d443d92

SHA256
9cd17bdd09b3d9013c88edbc1b32572071bd83bd75ada7de74b0623a63c98aee

SHA512
6cded373009231b0af6f549b4db453937936bbca8e33ae2f992824cb518937f4796c79780d37550a09d9158197086d82f66c1309689138a49fd613a698033b73

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32078.exe

Filesize
468KB

MD5
d80e43e8a7cb9adb54e540758137b6b7

SHA1
3af85f32935169d357bfd54d64808f79dace658b

SHA256
66a5ffa085c97306959c5575becb27256472982da9f5a421b0891b72a1a3bcf1

SHA512
4ef9b1c96d85fd81cdafc1f1902086a2193a725b3c795e9706b1b295412885989cd0019e01579dd48ba36157a9f5955807b6913c506be635dfeaef5f6b8672d2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34518.exe

Filesize
468KB

MD5
adc57b58a231418c185098c60f926831

SHA1
bb124537bffdbf2a0a7ba074563cbf0cb4f7983a

SHA256
c97197ed8bb90a9bc6729fa1d49148421372eac67be9e6eebf626c62ef331304

SHA512
5fb4f21ecb0712ce2a155a1488cb3b094eed0c04d08e218d629f49e3f58525ba57e431dc7ac630f716a0cf656536ed5a7ad927ea075290cfc83e726f5d1a46b5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44025.exe

Filesize
468KB

MD5
b4f3f81a1ea9e6d9a47eb7a62557a667

SHA1
d83ac31a5ffcbc527a251c8ac54368f19311a949

SHA256
346d124ebab19f5eff65bf3993433c602cf4ec43155f7db18f8cf2bdd42fc910

SHA512
61aaad14b3abf677b9b93705eb4ef0b54a04cc40c604ccc6305328c5a58fad21771babf1ee46c2657adc14e2bb3c089ed677bb0716cb603ae65deee8b7afce82

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47517.exe

Filesize
468KB

MD5
9d23095da73170f2c695f87f8b6135d4

SHA1
1a6ba12417a15cebabf42609a39fbacac4f01b7b

SHA256
79d1440eb2afa5e352c9183b6d6976a7e8f7f969e9facf659414832851516ad2

SHA512
61642ca9e2ea59a775833e94224ba075be689eae7a2d9a040c0f0780137d895362b7882441c9bfe3643355aa092d48bd84e0f3e3211d0dce389124c129b5fda0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47668.exe

Filesize
468KB

MD5
5a99d223daf17a1fc672d2198adbc12f

SHA1
3bc14b6b92943686ced63e504008698fb17c7a66

SHA256
45ab81878c0a1560e82979cdbab88c6c1f908d2d326fda62bd1a96c7591a6086

SHA512
ad96b8cd5c1eba10d8bca6a7180cb1f2c37aa7ce0504c1833d0b14a234c6f158b363c2ffbf5297cdfced5ee80dbb5514c823b7702898ec37815a978f8fe630af

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47860.exe

Filesize
468KB

MD5
7381707b079fbe56ba7798ca0dfe7bf2

SHA1
f29184b1f74283655251212f240b8820a3b96e08

SHA256
2aac9e9c9324002b4ce476bacb3abab1aa3adb02c7c2ba05a4bdf9c40f59bdef

SHA512
5867ac06cada4f9a571d9cd28187ed5cb7d8e8fe596aeef3bdc1aeace9748e2d168b2b4b09d3e4939e569a78b194b177e298574c2b8e88d92d8ef0eec0a1cc4d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49095.exe

Filesize
468KB

MD5
0f1f183a001263252fe204565a599c3a

SHA1
8288bb394aeeccedd8d4061497ebe367a855abf9

SHA256
06ba5b15d2ed8b38a3c8b4c4c0f931fdb95ff8a3de3d0fa1ffdc120473955e72

SHA512
060ea70f3b4dfaed1bfca85a23e30c7083b14337e78ece72794a35052b52b8c56769db5add65f16e7583d2ba6819a84bfa1cc2b11c67ba425ca548c7c68a9504

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51487.exe

Filesize
468KB

MD5
7d3c08e5085236221e078dd2913eeaa4

SHA1
8dc1147de61d212f4f48730df76d41a9fbcba733

SHA256
2d4e27a2f0c7eac339415b2b23fabc850b9498edd05e6251752ac65e5c33c4e3

SHA512
9c9c62d509d0abedd435f6c66571ce3020701c8beb666875b6c8a30a17ebb44948620cfec2e331f0c57bea55705c0737848e53396503818645dd9fe860e4e5a6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51944.exe

Filesize
468KB

MD5
c65cb2122e31012f5750bd30f6314159

SHA1
17bab7e3df36339e4d52bb40266cb218fbe7bbb8

SHA256
16c21c691858db241fc1f0686442239e53db90ae7eb28600cabb4d0da58f3dee

SHA512
e98917e07a663f72a668b9b6ce56ddc8e436b473804b9c3add823a30cc79b91a132a41f59ce696ba1aff64cfe28bb2fec7701664b2167324149b8085f3e626a0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54118.exe

Filesize
468KB

MD5
16f4d613cdbec0a28ffc1133839e8c88

SHA1
4afdc9c4d4178518ae130435c4b93005a25502ac

SHA256
766cf39bf2f8480cf31e948113b35cedf2297016c2692b2207632dcaa885490a

SHA512
98ef2552b69e6715af437c81a793a4559259ce6fd4455adb86bb19e55aacd8f768196a273833af8442d004e525167e4027f33b30a009b8a26ddc2ef7ad1447f9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54174.exe

Filesize
468KB

MD5
18f827e62efc6d328f763d0c9df34f6b

SHA1
5de02bd062e6fcdb56e7fb5c4dbe0bf5b5a77b12

SHA256
4205e9d56d7e1e221e0c2c48a45cb4d96ab562eb02b172020d3ea8994d915cbc

SHA512
c05f89c7f478e0bf767b30ee4412cce9d17a2bd53a704a04f09e797e60ddc7912fa388cced6a584071b7e0e62e4d80af1ff12f464d7b338ea56e2c17fdb83888

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61731.exe

Filesize
468KB

MD5
a1e8f3d77171dde08b3ac2fc55050ccd

SHA1
46685ab8213c406410f6a8fe1bcf9b7d0d1e40ae

SHA256
3fdece65fd53721541c2ef35dfdf9b34e69a50b83f6a4797d90a13f595ef0dd3

SHA512
efc892650f605ee567a6088e56ff56092f02184938bc38e565535c4ef296be70a67814df0629e89fd88c68fbca2f0a55fb7ed80f10527ecc19d7b3cba2b64485

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63106.exe

Filesize
468KB

MD5
abb6f884581f0201d53e7ed55d1955ad

SHA1
b732a64418753b27504820c2d70517d6bf588ea8

SHA256
3601134e5451264b7b2c17da9d5648258fbbbe979b20b7bda67db6442e696e4a

SHA512
4a434b36eb9a8866590f94a8e6daaa7a9a1915ecb52465e114df6be8390cb52d5ddb54884d32c5f278dc280e8dbf7c321ac579441e152394bd3e8f904a9b3ac2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6936.exe

Filesize
468KB

MD5
b8f817ee513dc208e2f5813817deb4e8

SHA1
e3a5da7c5fedb1d517a55856a23fcef23772df4a

SHA256
2d9978fc20b3b8c8b3d030bd03439470d1050bc18379f27684bcd6b8bac3b490

SHA512
bec54947e1dfc535c0d22a513ecaacdc03309002ed2ef7c76f0aaa56c2eb36ecd485b82643b6f5eda5989d727610f67446b68fed2e96d74c37144068e5f9fd65

Download Submit