b3a2c6c8b52584308a6b0ac17692a01a1a7ab8fbe6f3c56b113f3d814942d848

Analysis

max time kernel
113s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
19/11/2024, 16:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b3a2c6c8b52584308a6b0ac17692a01a1a7ab8fbe6f3c56b113f3d814942d848.exe
Size

468KB
MD5

0d54d98a59c9a712cc2bd2dd19adf864
SHA1

b38822e773062635d7346eedbfc3c70deedff577
SHA256

b3a2c6c8b52584308a6b0ac17692a01a1a7ab8fbe6f3c56b113f3d814942d848
SHA512

47a8087fc58bb5cc3a45bf1fc048788a764715d4982eba441a00bd5ead5fea06b56717ff01de50bb44f9a30408835596db0c93021603cf444ade8d67cca6d9c0
SSDEEP

3072:mPdSogdEIc5AHbYgzfjcff8wWaHBHpnLJEHCgdSl0oYL7DoD+jfyP:mPUoE0AHLzrcffPBxh0oiHoD+Q

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2060	Unicorn-49210.exe
1644	Unicorn-11898.exe
3016	Unicorn-4285.exe
2872	Unicorn-27140.exe
2876	Unicorn-45100.exe
3036	Unicorn-60881.exe
1664	Unicorn-55903.exe
2688	Unicorn-16206.exe
436	Unicorn-44965.exe
2588	Unicorn-15822.exe
1616	Unicorn-61493.exe
576	Unicorn-37166.exe
1560	Unicorn-36901.exe
1416	Unicorn-6147.exe
1072	Unicorn-19521.exe
236	Unicorn-36455.exe
2464	Unicorn-13382.exe
3044	Unicorn-18064.exe
2408	Unicorn-13979.exe
1888	Unicorn-46631.exe
2320	Unicorn-17222.exe
1412	Unicorn-17488.exe
960	Unicorn-53674.exe
2224	Unicorn-62604.exe
1440	Unicorn-17680.exe
2976	Unicorn-57434.exe
1404	Unicorn-63564.exe
2276	Unicorn-24761.exe
2024	Unicorn-43891.exe
1332	Unicorn-55204.exe
2628	Unicorn-54227.exe
2052	Unicorn-37005.exe
2324	Unicorn-37559.exe
1724	Unicorn-62085.exe
2164	Unicorn-11030.exe
1192	Unicorn-41281.exe
2512	Unicorn-29029.exe
2816	Unicorn-19708.exe
2900	Unicorn-53288.exe
2768	Unicorn-6325.exe
2528	Unicorn-11104.exe
2920	Unicorn-44234.exe
3064	Unicorn-27898.exe
2744	Unicorn-17107.exe
268	Unicorn-44405.exe
2764	Unicorn-19346.exe
2092	Unicorn-27514.exe
2736	Unicorn-58001.exe
1904	Unicorn-24582.exe
1720	Unicorn-46242.exe
1800	Unicorn-56870.exe
1656	Unicorn-41914.exe
2108	Unicorn-18229.exe
968	Unicorn-38095.exe
1776	Unicorn-42179.exe
1708	Unicorn-42179.exe
2100	Unicorn-4653.exe
3052	Unicorn-26803.exe
824	Unicorn-26538.exe
1712	Unicorn-6937.exe
280	Unicorn-18425.exe
1840	Unicorn-21986.exe
1588	Unicorn-41852.exe
3040	Unicorn-13263.exe

Loads dropped DLL 64 IoCs

pid	Process
2344	b3a2c6c8b52584308a6b0ac17692a01a1a7ab8fbe6f3c56b113f3d814942d848.exe
2344	b3a2c6c8b52584308a6b0ac17692a01a1a7ab8fbe6f3c56b113f3d814942d848.exe
2060	Unicorn-49210.exe
2344	b3a2c6c8b52584308a6b0ac17692a01a1a7ab8fbe6f3c56b113f3d814942d848.exe
2060	Unicorn-49210.exe
2344	b3a2c6c8b52584308a6b0ac17692a01a1a7ab8fbe6f3c56b113f3d814942d848.exe
2060	Unicorn-49210.exe
1644	Unicorn-11898.exe
3016	Unicorn-4285.exe
3016	Unicorn-4285.exe
1644	Unicorn-11898.exe
2060	Unicorn-49210.exe
2344	b3a2c6c8b52584308a6b0ac17692a01a1a7ab8fbe6f3c56b113f3d814942d848.exe
2344	b3a2c6c8b52584308a6b0ac17692a01a1a7ab8fbe6f3c56b113f3d814942d848.exe
3036	Unicorn-60881.exe
3036	Unicorn-60881.exe
3016	Unicorn-4285.exe
3016	Unicorn-4285.exe
1664	Unicorn-55903.exe
1664	Unicorn-55903.exe
1644	Unicorn-11898.exe
1644	Unicorn-11898.exe
2876	Unicorn-45100.exe
2344	b3a2c6c8b52584308a6b0ac17692a01a1a7ab8fbe6f3c56b113f3d814942d848.exe
2344	b3a2c6c8b52584308a6b0ac17692a01a1a7ab8fbe6f3c56b113f3d814942d848.exe
2876	Unicorn-45100.exe
2060	Unicorn-49210.exe
2060	Unicorn-49210.exe
2872	Unicorn-27140.exe
2872	Unicorn-27140.exe
2688	Unicorn-16206.exe
2688	Unicorn-16206.exe
3036	Unicorn-60881.exe
3036	Unicorn-60881.exe
576	Unicorn-37166.exe
576	Unicorn-37166.exe
1416	Unicorn-6147.exe
1416	Unicorn-6147.exe
2876	Unicorn-45100.exe
2876	Unicorn-45100.exe
2060	Unicorn-49210.exe
2060	Unicorn-49210.exe
1560	Unicorn-36901.exe
1560	Unicorn-36901.exe
2344	b3a2c6c8b52584308a6b0ac17692a01a1a7ab8fbe6f3c56b113f3d814942d848.exe
2344	b3a2c6c8b52584308a6b0ac17692a01a1a7ab8fbe6f3c56b113f3d814942d848.exe
1616	Unicorn-61493.exe
1616	Unicorn-61493.exe
436	Unicorn-44965.exe
436	Unicorn-44965.exe
1644	Unicorn-11898.exe
2588	Unicorn-15822.exe
1644	Unicorn-11898.exe
2588	Unicorn-15822.exe
3016	Unicorn-4285.exe
3016	Unicorn-4285.exe
1664	Unicorn-55903.exe
1664	Unicorn-55903.exe
1072	Unicorn-19521.exe
1072	Unicorn-19521.exe
2872	Unicorn-27140.exe
2872	Unicorn-27140.exe
236	Unicorn-36455.exe
236	Unicorn-36455.exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6019.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4547.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10752.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6243.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55204.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47057.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51141.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55114.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4547.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39547.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18119.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47800.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38853.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15314.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42861.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42347.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44767.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42179.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11422.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30964.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41852.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59304.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15889.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13382.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11030.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19708.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55903.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57434.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28166.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7158.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14353.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64872.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23567.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15759.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62604.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38691.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32283.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18546.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16256.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12172.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65146.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23302.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44234.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58292.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30938.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60583.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32359.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61493.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65225.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33077.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10412.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52872.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35945.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58499.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60881.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13263.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57616.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63993.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56870.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21353.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42347.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50655.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4547.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41569.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2344	b3a2c6c8b52584308a6b0ac17692a01a1a7ab8fbe6f3c56b113f3d814942d848.exe
2060	Unicorn-49210.exe
1644	Unicorn-11898.exe
3016	Unicorn-4285.exe
2872	Unicorn-27140.exe
3036	Unicorn-60881.exe
1664	Unicorn-55903.exe
2876	Unicorn-45100.exe
2688	Unicorn-16206.exe
1616	Unicorn-61493.exe
436	Unicorn-44965.exe
1560	Unicorn-36901.exe
1416	Unicorn-6147.exe
2588	Unicorn-15822.exe
576	Unicorn-37166.exe
1072	Unicorn-19521.exe
236	Unicorn-36455.exe
2464	Unicorn-13382.exe
2408	Unicorn-13979.exe
3044	Unicorn-18064.exe
1888	Unicorn-46631.exe
2320	Unicorn-17222.exe
1412	Unicorn-17488.exe
2224	Unicorn-62604.exe
1404	Unicorn-63564.exe
960	Unicorn-53674.exe
1440	Unicorn-17680.exe
2976	Unicorn-57434.exe
2276	Unicorn-24761.exe
2024	Unicorn-43891.exe
1332	Unicorn-55204.exe
2628	Unicorn-54227.exe
2052	Unicorn-37005.exe
2324	Unicorn-37559.exe
1724	Unicorn-62085.exe
2164	Unicorn-11030.exe
1192	Unicorn-41281.exe
2512	Unicorn-29029.exe
2816	Unicorn-19708.exe
2900	Unicorn-53288.exe
2528	Unicorn-11104.exe
2920	Unicorn-44234.exe
2768	Unicorn-6325.exe
3064	Unicorn-27898.exe
2744	Unicorn-17107.exe
268	Unicorn-44405.exe
2764	Unicorn-19346.exe
2092	Unicorn-27514.exe
2736	Unicorn-58001.exe
1904	Unicorn-24582.exe
1720	Unicorn-46242.exe
1800	Unicorn-56870.exe
1708	Unicorn-42179.exe
1656	Unicorn-41914.exe
1776	Unicorn-42179.exe
2108	Unicorn-18229.exe
968	Unicorn-38095.exe
1712	Unicorn-6937.exe
3052	Unicorn-26803.exe
824	Unicorn-26538.exe
2100	Unicorn-4653.exe
1840	Unicorn-21986.exe
1588	Unicorn-41852.exe
280	Unicorn-18425.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2344 wrote to memory of 2060	2344	b3a2c6c8b52584308a6b0ac17692a01a1a7ab8fbe6f3c56b113f3d814942d848.exe	29
PID 2344 wrote to memory of 2060	2344	b3a2c6c8b52584308a6b0ac17692a01a1a7ab8fbe6f3c56b113f3d814942d848.exe	29
PID 2344 wrote to memory of 2060	2344	b3a2c6c8b52584308a6b0ac17692a01a1a7ab8fbe6f3c56b113f3d814942d848.exe	29
PID 2344 wrote to memory of 2060	2344	b3a2c6c8b52584308a6b0ac17692a01a1a7ab8fbe6f3c56b113f3d814942d848.exe	29
PID 2060 wrote to memory of 1644	2060	Unicorn-49210.exe	30
PID 2060 wrote to memory of 1644	2060	Unicorn-49210.exe	30
PID 2060 wrote to memory of 1644	2060	Unicorn-49210.exe	30
PID 2060 wrote to memory of 1644	2060	Unicorn-49210.exe	30
PID 2344 wrote to memory of 3016	2344	b3a2c6c8b52584308a6b0ac17692a01a1a7ab8fbe6f3c56b113f3d814942d848.exe	31
PID 2344 wrote to memory of 3016	2344	b3a2c6c8b52584308a6b0ac17692a01a1a7ab8fbe6f3c56b113f3d814942d848.exe	31
PID 2344 wrote to memory of 3016	2344	b3a2c6c8b52584308a6b0ac17692a01a1a7ab8fbe6f3c56b113f3d814942d848.exe	31
PID 2344 wrote to memory of 3016	2344	b3a2c6c8b52584308a6b0ac17692a01a1a7ab8fbe6f3c56b113f3d814942d848.exe	31
PID 3016 wrote to memory of 3036	3016	Unicorn-4285.exe	34
PID 3016 wrote to memory of 3036	3016	Unicorn-4285.exe	34
PID 3016 wrote to memory of 3036	3016	Unicorn-4285.exe	34
PID 3016 wrote to memory of 3036	3016	Unicorn-4285.exe	34
PID 1644 wrote to memory of 2872	1644	Unicorn-11898.exe	32
PID 1644 wrote to memory of 2872	1644	Unicorn-11898.exe	32
PID 1644 wrote to memory of 2872	1644	Unicorn-11898.exe	32
PID 1644 wrote to memory of 2872	1644	Unicorn-11898.exe	32
PID 2060 wrote to memory of 2876	2060	Unicorn-49210.exe	33
PID 2060 wrote to memory of 2876	2060	Unicorn-49210.exe	33
PID 2060 wrote to memory of 2876	2060	Unicorn-49210.exe	33
PID 2060 wrote to memory of 2876	2060	Unicorn-49210.exe	33
PID 2344 wrote to memory of 1664	2344	b3a2c6c8b52584308a6b0ac17692a01a1a7ab8fbe6f3c56b113f3d814942d848.exe	35
PID 2344 wrote to memory of 1664	2344	b3a2c6c8b52584308a6b0ac17692a01a1a7ab8fbe6f3c56b113f3d814942d848.exe	35
PID 2344 wrote to memory of 1664	2344	b3a2c6c8b52584308a6b0ac17692a01a1a7ab8fbe6f3c56b113f3d814942d848.exe	35
PID 2344 wrote to memory of 1664	2344	b3a2c6c8b52584308a6b0ac17692a01a1a7ab8fbe6f3c56b113f3d814942d848.exe	35
PID 3036 wrote to memory of 2688	3036	Unicorn-60881.exe	36
PID 3036 wrote to memory of 2688	3036	Unicorn-60881.exe	36
PID 3036 wrote to memory of 2688	3036	Unicorn-60881.exe	36
PID 3036 wrote to memory of 2688	3036	Unicorn-60881.exe	36
PID 3016 wrote to memory of 436	3016	Unicorn-4285.exe	37
PID 3016 wrote to memory of 436	3016	Unicorn-4285.exe	37
PID 3016 wrote to memory of 436	3016	Unicorn-4285.exe	37
PID 3016 wrote to memory of 436	3016	Unicorn-4285.exe	37
PID 1664 wrote to memory of 2588	1664	Unicorn-55903.exe	38
PID 1664 wrote to memory of 2588	1664	Unicorn-55903.exe	38
PID 1664 wrote to memory of 2588	1664	Unicorn-55903.exe	38
PID 1664 wrote to memory of 2588	1664	Unicorn-55903.exe	38
PID 1644 wrote to memory of 1616	1644	Unicorn-11898.exe	39
PID 1644 wrote to memory of 1616	1644	Unicorn-11898.exe	39
PID 1644 wrote to memory of 1616	1644	Unicorn-11898.exe	39
PID 1644 wrote to memory of 1616	1644	Unicorn-11898.exe	39
PID 2344 wrote to memory of 1560	2344	b3a2c6c8b52584308a6b0ac17692a01a1a7ab8fbe6f3c56b113f3d814942d848.exe	41
PID 2344 wrote to memory of 1560	2344	b3a2c6c8b52584308a6b0ac17692a01a1a7ab8fbe6f3c56b113f3d814942d848.exe	41
PID 2344 wrote to memory of 1560	2344	b3a2c6c8b52584308a6b0ac17692a01a1a7ab8fbe6f3c56b113f3d814942d848.exe	41
PID 2344 wrote to memory of 1560	2344	b3a2c6c8b52584308a6b0ac17692a01a1a7ab8fbe6f3c56b113f3d814942d848.exe	41
PID 2876 wrote to memory of 576	2876	Unicorn-45100.exe	40
PID 2876 wrote to memory of 576	2876	Unicorn-45100.exe	40
PID 2876 wrote to memory of 576	2876	Unicorn-45100.exe	40
PID 2876 wrote to memory of 576	2876	Unicorn-45100.exe	40
PID 2060 wrote to memory of 1416	2060	Unicorn-49210.exe	42
PID 2060 wrote to memory of 1416	2060	Unicorn-49210.exe	42
PID 2060 wrote to memory of 1416	2060	Unicorn-49210.exe	42
PID 2060 wrote to memory of 1416	2060	Unicorn-49210.exe	42
PID 2872 wrote to memory of 1072	2872	Unicorn-27140.exe	43
PID 2872 wrote to memory of 1072	2872	Unicorn-27140.exe	43
PID 2872 wrote to memory of 1072	2872	Unicorn-27140.exe	43
PID 2872 wrote to memory of 1072	2872	Unicorn-27140.exe	43
PID 2688 wrote to memory of 236	2688	Unicorn-16206.exe	44
PID 2688 wrote to memory of 236	2688	Unicorn-16206.exe	44
PID 2688 wrote to memory of 236	2688	Unicorn-16206.exe	44
PID 2688 wrote to memory of 236	2688	Unicorn-16206.exe	44

C:\Users\Admin\AppData\Local\Temp\b3a2c6c8b52584308a6b0ac17692a01a1a7ab8fbe6f3c56b113f3d814942d848.exe
"C:\Users\Admin\AppData\Local\Temp\b3a2c6c8b52584308a6b0ac17692a01a1a7ab8fbe6f3c56b113f3d814942d848.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2344
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49210.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49210.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11898.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11898.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27140.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19521.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55204.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19346.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32745.exe
        8⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20711.exe
        9⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55114.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1627.exe
        9⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11265.exe
        9⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1421.exe
        8⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56597.exe
        8⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32359.exe
        8⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60684.exe
        8⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18992.exe
        7⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33077.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10766.exe
        7⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2965.exe
        7⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8121.exe
        7⤵
        
        PID:5092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18425.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18021.exe
        7⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18119.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1120.exe
        6⤵
        
        PID:2176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51939.exe
        6⤵
        
        PID:3308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35969.exe
        6⤵
        
        PID:3744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3269.exe
        6⤵
        
        PID:4728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54227.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42179.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24549.exe
        7⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39395.exe
        7⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23302.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-487.exe
        6⤵
        
        PID:932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31194.exe
        6⤵
        
        PID:3380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30086.exe
        6⤵
        
        PID:3124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63993.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41914.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2485.exe
        6⤵
        
        PID:2848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6019.exe
        6⤵
        
        PID:2420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4547.exe
        6⤵
        
        PID:3860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32359.exe
        6⤵
        
        PID:3528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44348.exe
        6⤵
        
        PID:4952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47800.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16947.exe
        5⤵
        
        PID:2788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2277.exe
        5⤵
        
        PID:4004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2693.exe
        5⤵
        
        PID:3796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35590.exe
        5⤵
        
        PID:4124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61493.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61493.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62604.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27898.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14569.exe
        7⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37262.exe
        7⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18559.exe
        7⤵
        
        PID:4512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18114.exe
        6⤵
        
        PID:3060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2000.exe
        6⤵
        
        PID:3172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63366.exe
        6⤵
        
        PID:4032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41963.exe
        6⤵
        
        PID:4252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60996.exe
        6⤵
        
        PID:4160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44405.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61691.exe
        6⤵
        
        PID:1740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6019.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4547.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56863.exe
        6⤵
        
        PID:3452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15759.exe
        6⤵
        
        PID:4604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58742.exe
        5⤵
        
        PID:1420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50565.exe
        5⤵
        
        PID:2968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39547.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15217.exe
        5⤵
        
        PID:4028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36725.exe
        5⤵
        
        PID:5112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57434.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57434.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42179.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54997.exe
        6⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44767.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58467.exe
        7⤵
        
        PID:4444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23432.exe
        6⤵
        
        PID:2924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47007.exe
        6⤵
        
        PID:3644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50636.exe
        6⤵
        
        PID:4112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12649.exe
        6⤵
        
        PID:4620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15156.exe
        5⤵
        
        PID:2412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62462.exe
        5⤵
        
        PID:3540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23693.exe
        5⤵
        
        PID:3704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56593.exe
        5⤵
        
        PID:5104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26538.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11422.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35403.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35403.exe
      4⤵
      PID:3316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53035.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53035.exe
      4⤵
      PID:3736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63420.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63420.exe
      4⤵
      PID:4624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45100.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45100.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37166.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18064.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41281.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26803.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41510.exe
        8⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65368.exe
        8⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22300.exe
        8⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12172.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15156.exe
        7⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59229.exe
        7⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7353.exe
        7⤵
        
        PID:4692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6937.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60238.exe
        7⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6858.exe
        8⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33412.exe
        8⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6019.exe
        7⤵
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4547.exe
        7⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32359.exe
        7⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16494.exe
        7⤵
        
        PID:4940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57616.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29704.exe
        6⤵
        
        PID:2664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1747.exe
        6⤵
        
        PID:3836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19410.exe
        6⤵
        
        PID:3260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12029.exe
        6⤵
        
        PID:4932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19708.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40337.exe
        6⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-861.exe
        7⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23567.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55274.exe
        7⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16256.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52427.exe
        6⤵
        
        PID:1676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10412.exe
        6⤵
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20498.exe
        6⤵
        
        PID:4984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50927.exe
        5⤵
        
        PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58292.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1747.exe
        5⤵
        
        PID:3868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10327.exe
        5⤵
        
        PID:4812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46631.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46631.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29029.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64872.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30964.exe
        6⤵
        
        PID:2232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42347.exe
        6⤵
        
        PID:3420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40418.exe
        6⤵
        
        PID:4048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15759.exe
        6⤵
        
        PID:4588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45007.exe
        5⤵
        
        PID:696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60604.exe
        5⤵
        
        PID:3276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13551.exe
        5⤵
        
        PID:4088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7161.exe
        5⤵
        
        PID:4564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53288.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64872.exe
        5⤵
        
        PID:2284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30964.exe
        5⤵
        
        PID:2084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16162.exe
        5⤵
        
        PID:3564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15266.exe
        5⤵
        
        PID:4836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15314.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42336.exe
      4⤵
      PID:3184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63896.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63896.exe
      4⤵
      PID:4020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37498.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37498.exe
      4⤵
      PID:4272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46574.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46574.exe
      4⤵
      PID:4460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6147.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6147.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13979.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13979.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27514.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41852.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47057.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50655.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61170.exe
        6⤵
        
        PID:3752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2739.exe
        6⤵
        
        PID:4720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21986.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8214.exe
        6⤵
        
        PID:648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22547.exe
        6⤵
        
        PID:544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4547.exe
        6⤵
        
        PID:3908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32359.exe
        6⤵
        
        PID:3600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7591.exe
        6⤵
        
        PID:5068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58742.exe
        5⤵
        
        PID:1536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50565.exe
        5⤵
        
        PID:3008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39547.exe
        5⤵
        
        PID:3376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15217.exe
        5⤵
        
        PID:3672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16289.exe
        5⤵
        
        PID:4548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58001.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58001.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63718.exe
        5⤵
        
        PID:3228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41569.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9431.exe
        5⤵
        
        PID:4552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10849.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10849.exe
      4⤵
      PID:2960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50565.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50565.exe
      4⤵
      PID:780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60583.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60583.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15889.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15889.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51909.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51909.exe
      4⤵
      PID:4376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17222.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17222.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14353.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65146.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38691.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38691.exe
      4⤵
      PID:1956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4547.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4547.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58499.exe
      4⤵
      PID:4244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52291.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52291.exe
      4⤵
      PID:4612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5423.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5423.exe
    3⤵
    PID:3028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64872.exe
      4⤵
      PID:1216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30964.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30964.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42347.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42347.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28166.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36179.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36179.exe
      4⤵
      PID:4896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39406.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39406.exe
    3⤵
    PID:1756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42430.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42430.exe
    3⤵
    PID:2596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18546.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18546.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5417.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5417.exe
    3⤵
    PID:4064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46908.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46908.exe
    3⤵
    PID:4208
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4285.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4285.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60881.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60881.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16206.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16206.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36455.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37005.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24582.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29594.exe
        7⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44700.exe
        7⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48212.exe
        7⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19500.exe
        7⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58256.exe
        7⤵
        
        PID:5036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46242.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52646.exe
        7⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59304.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4547.exe
        7⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32359.exe
        7⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48206.exe
        7⤵
        
        PID:4768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43693.exe
        6⤵
        
        PID:2552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5199.exe
        6⤵
        
        PID:1104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1747.exe
        6⤵
        
        PID:3804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7158.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44878.exe
        6⤵
        
        PID:4944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37559.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26601.exe
        6⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21287.exe
        7⤵
        
        PID:308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42861.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26493.exe
        7⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3812.exe
        7⤵
        
        PID:5012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1421.exe
        6⤵
        
        PID:2652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56597.exe
        6⤵
        
        PID:3556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58499.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56375.exe
        6⤵
        
        PID:4432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26095.exe
        5⤵
        
        PID:1636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25620.exe
        5⤵
        
        PID:1540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1747.exe
        5⤵
        
        PID:3940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6243.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13382.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13382.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62085.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65225.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38691.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4547.exe
        6⤵
        
        PID:3924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44611.exe
        6⤵
        
        PID:3216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3507.exe
        6⤵
        
        PID:4356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1504.exe
        5⤵
        
        PID:2044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42007.exe
        6⤵
        
        PID:4448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52427.exe
        5⤵
        
        PID:2476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10412.exe
        5⤵
        
        PID:3884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23693.exe
        5⤵
        
        PID:2436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40064.exe
        5⤵
        
        PID:4972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11030.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11030.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63111.exe
        5⤵
        
        PID:3492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65083.exe
        5⤵
        
        PID:3692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-854.exe
        5⤵
        
        PID:5060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21353.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21038.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21038.exe
      4⤵
      PID:2308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50749.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50749.exe
      4⤵
      PID:3948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24223.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24223.exe
      4⤵
      PID:3788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48043.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48043.exe
      4⤵
      PID:4384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44965.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44965.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17680.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17680.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13263.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:3040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46144.exe
        6⤵
        
        PID:2800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30964.exe
        6⤵
        
        PID:2516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42347.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15359.exe
        6⤵
        
        PID:4424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56375.exe
        6⤵
        
        PID:4416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51141.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54739.exe
        5⤵
        
        PID:3284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30086.exe
        5⤵
        
        PID:3116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51741.exe
        5⤵
        
        PID:4744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42214.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42214.exe
      4⤵
      PID:1548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38666.exe
        5⤵
        
        PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51136.exe
        5⤵
        
        PID:2296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4547.exe
        5⤵
        
        PID:3844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32359.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19843.exe
        5⤵
        
        PID:4348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-631.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-631.exe
      4⤵
      PID:2720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33788.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33788.exe
      4⤵
      PID:2716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1747.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1747.exe
      4⤵
      PID:3812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31662.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31662.exe
      4⤵
      PID:3300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16289.exe
      4⤵
      PID:4540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24761.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24761.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6325.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6325.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7145.exe
        5⤵
        
        PID:1684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48972.exe
        5⤵
        
        PID:2508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4547.exe
        5⤵
        
        PID:3892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32359.exe
        5⤵
        
        PID:3604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15759.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13045.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13045.exe
      4⤵
      PID:792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19754.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19754.exe
      4⤵
      PID:2644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10412.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10412.exe
      4⤵
      PID:3980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35945.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35945.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44148.exe
      4⤵
      PID:5020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11104.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11104.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39017.exe
      4⤵
      PID:3152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52873.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52873.exe
      4⤵
      PID:4520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55942.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55942.exe
    3⤵
    PID:1204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25364.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25364.exe
    3⤵
    PID:1100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40077.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40077.exe
    3⤵
    PID:3340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10752.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10752.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54960.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54960.exe
    3⤵
    PID:4468
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55903.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55903.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15822.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15822.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63564.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63564.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6953.exe
        5⤵
        
        PID:2648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6019.exe
        5⤵
        
        PID:1580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4547.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58499.exe
        5⤵
        
        PID:4196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60267.exe
        5⤵
        
        PID:5116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63725.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63725.exe
      4⤵
      PID:2836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23838.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23838.exe
      4⤵
      PID:2680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10412.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10412.exe
      4⤵
      PID:3972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23693.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23693.exe
      4⤵
      PID:3640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33560.exe
      4⤵
      PID:4964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43891.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43891.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44234.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7145.exe
        5⤵
        
        PID:2452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6019.exe
        5⤵
        
        PID:1680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4547.exe
        5⤵
        
        PID:3932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58499.exe
        5⤵
        
        PID:4188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47203.exe
        5⤵
        
        PID:4700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62246.exe
      4⤵
      PID:2388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19754.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19754.exe
      4⤵
      PID:2948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10412.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10412.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48198.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48198.exe
      4⤵
      PID:3196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64761.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64761.exe
      4⤵
      PID:4140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17107.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17107.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38853.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38853.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22494.exe
        5⤵
        
        PID:2564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4107.exe
        5⤵
        
        PID:3780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61299.exe
        5⤵
        
        PID:4304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16038.exe
        5⤵
        
        PID:4464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23432.exe
      4⤵
      PID:2988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47007.exe
      4⤵
      PID:3660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1892.exe
        5⤵
        
        PID:4396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61975.exe
        5⤵
        
        PID:4368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50636.exe
      4⤵
      PID:3208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23517.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23517.exe
      4⤵
      PID:4132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64607.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64607.exe
    3⤵
    PID:1592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41900.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41900.exe
    3⤵
    PID:1900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23011.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23011.exe
    3⤵
    PID:3344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32283.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32283.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18687.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18687.exe
    3⤵
    PID:4476
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36901.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36901.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17488.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17488.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56870.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56870.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26713.exe
        5⤵
        
        PID:3128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11305.exe
        5⤵
        
        PID:3716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18559.exe
        5⤵
        
        PID:4536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26963.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26963.exe
      4⤵
      PID:2832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37168.exe
      4⤵
      PID:2912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52872.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41971.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41971.exe
      4⤵
      PID:3212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60267.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60267.exe
      4⤵
      PID:4080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18229.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18229.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1892.exe
      4⤵
      PID:4280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33194.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33194.exe
      4⤵
      PID:4296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14222.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14222.exe
    3⤵
    PID:1828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37060.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37060.exe
    3⤵
    PID:3392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52505.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52505.exe
    3⤵
    PID:3720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51741.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51741.exe
    3⤵
    PID:4736
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53674.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53674.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38095.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38095.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58292.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58292.exe
    3⤵
    PID:2156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1747.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1747.exe
    3⤵
    PID:3820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59029.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59029.exe
    3⤵
    PID:4324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23129.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23129.exe
    3⤵
    PID:4228
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4653.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4653.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57149.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57149.exe
    3⤵
    PID:4580
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11952.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11952.exe
  2⤵
  PID:1572
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30938.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30938.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3332
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26169.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26169.exe
  2⤵
  PID:3748
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9000.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9000.exe
  2⤵
  PID:4636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-16206.exe

Filesize
468KB

MD5
5ad8e3487da688ad02c203909183cc00

SHA1
fbbdd3d35b9c146afb6b04d5e4d5b536e98130f5

SHA256
287a26d2e839eb08270d9ea4aa15d735ec23f0e538f52d15371342ea6b49a6b4

SHA512
aac97406ffbd68071b8f539a363168750c3f076f5b52663fb0ff3a9bc36d9b1501adcf75742a8ec1c1347f089a8719ff23c39ca2661775e13d4b1fee683ef851

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40418.exe

Filesize
468KB

MD5
31bc4a816a6ba0b90688a92ab317cbf6

SHA1
7a53d10988321f7cdf35551417b23e58aedc4074

SHA256
09b276020b90ad8ae91b77f194ee0b780af7c638fcdc648fdec4893826865dc2

SHA512
4580e265a9a9f6ec6e6e4897b98ac38c9c17cad801cee36b3b6654649a5dc9fda74afae6ae192bd8dc6eafb4e00fe753cd38242b8eb39ab3dc85d88a253b9b83

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44965.exe

Filesize
468KB

MD5
a7cddb8dd4a63f35bfa89086e44079fb

SHA1
fd4a8d96561db3b9b6a3aa315f8d026136ecb6d7

SHA256
f5dd67b5756df5612bdf22a7003e4a4c614c9da56d01112f1288ee17cb06531a

SHA512
72a781b0ccee3acacc2acd3261535800305a53c8df0ef98531562375cfb080b489bfcd6973a7abe38e293fa11b4f875259ea5ab0bd9ccbf9f08b0a27ab7ac501

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60881.exe

Filesize
468KB

MD5
856f4e30010cab33831bd96a09ea3794

SHA1
ee60bb065a20d0fae22956f2a7e693550e052789

SHA256
fb3709ea799f55f13a870182bb8ea0670c89c8354d8a95cdad99dff737b2d46e

SHA512
854c10b0e884b8e1571cdcbd93908310aef889f33457ec8006117b582e52bc4877f1cec2a08232392167e3d592fc3e272e518d178ffb43e399c813b8c6da8f77

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11898.exe

Filesize
468KB

MD5
4ab69497804a59f9085b5f20bf1cb13d

SHA1
cd95c83158ac31f201efeeb684bfb85bfd4341ba

SHA256
9c5a5b78a5f99895d9da343099f716cdc85cbd4c0b4c33056ce19f3504a80834

SHA512
afb97b5d93e69133c81c4a3a4553a166c846739e3e4fff686c9790ce1bb3a59f4e9207dbd02fc4a60b7ec27b6ff85382745b4fdce7233f4836e275a3f57e603e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13382.exe

Filesize
468KB

MD5
9ba7ef6960204bb6409524a54727067c

SHA1
4a658b630f4f1f1fd9f836326ffd0502ac0a1daa

SHA256
7151bdd4baf85cd234720eb300dfc5e582fe93ca3697a8a820251eb351a54114

SHA512
226210ef61649fb98b42aad576b6ee45007165e28e6418a95f24e583c52d44c4e5cff71b5ed541dc45baf69cc5dcf9152df109ec569ce86d46126f62304f3883

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15822.exe

Filesize
468KB

MD5
0506fae4b939e728fe80edbb4eaeb0b9

SHA1
c111e085f371784a6850e596d38d033a2b00fd11

SHA256
3f843d59aac1962d10563884e883ad609a04ba44f24399092a2ff0157468bd50

SHA512
4223e7bbb3320b5a4ee8b11a934d7ce11ced11fe675d6c82acd16d92ec89552a90b4760be193c73c39a091fdb139164c6fcdaf29f6fc5b187d28c77008615e58

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18064.exe

Filesize
468KB

MD5
91c289912a9874514a947159a7a2fa32

SHA1
20432f37e7bc2a71292ae4e88cfc3c6a852f4375

SHA256
8eef6845ed3fea372f8fc59a0d02edc8861c6b45a02e472be5905acc04db74de

SHA512
0aa257da437b347cebf96eac07cbb9fc5294ba2f7751d1725a76e1765d909272cdd494b3c9c43987dc174a5bb6fbd01d523a24b9dc25604ec6e6ea1306a967fa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19521.exe

Filesize
468KB

MD5
957d9d15af7ed785c68627430b2acd24

SHA1
cb31fcc82050ec71daad1ecfd3b4707ea5751ba8

SHA256
81e105c0caa8b7262682fea0d562c09ccd86d686bd90fd1ef12b35756aa69e29

SHA512
186290fc8d4d68d3f59cf3d3fc5d8b8eb8fca5c788da1bd7824408b20e68aa716f011ee11376ae2437704bc1efb441a6492cc004650fa1df2288385b15a732c1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27140.exe

Filesize
468KB

MD5
f02f6fe8e5ed03e6d7a61b29b3db0c90

SHA1
cf6b8a5817880703ee005242e179470b29e85cbb

SHA256
315a2ae9deae1aa0dbfd5720137802f139d779bb546458c50b1af99691d15581

SHA512
7e7f0064c0cc59c69508248664e320fae71870b4509e46d9f5b2ca3f44e5f9e935a31a28a02cb9de02dd5982356ee6d03320c7e5f2ecad25a4ac4dbb4b9aed79

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36455.exe

Filesize
468KB

MD5
6ccb3e9f47842c2a4fb6e11e54b60111

SHA1
797cbf38386afbbf7978f67ed21c2a967db44f4b

SHA256
61d9101f7945a0e81ded766091978e6f4187ef39d52433c0b3c112ec0bdf873e

SHA512
b121f6953998f6443f2014feea61c0125087d3a21c046775a9414b148049a36dc46422e2cb7c7b58f97c0c804fc5d334ddf75a80361da30c48c07292bf71da8e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36901.exe

Filesize
468KB

MD5
9a46fc0bd8d4b4e6d4da8be825ebdbdc

SHA1
bc2c2ffb2715d959a9ba6940680df5852ebcb6fe

SHA256
d3fda1de1bdcccb7d838b09c5bb3f09e289a7be4fe98eb3518bdada158999c0a

SHA512
43953329832dd36becec492fe151c3ba4e1c4ee4cc28426d1b1c38e6547c9fdfeb1be72ab604b43f456ed992a5d6bd195af2be1a6a40ba2e111dbae249064e52

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37166.exe

Filesize
468KB

MD5
cecd82aedcdc03836f9960a416c89fc3

SHA1
34f46082f19755de777c1b4961e163edfc332346

SHA256
e9ea521a8804f0b46d47505fb59ebc6aa3a3afdd029617e2572e158337cae0b5

SHA512
2b1c3083a17225c043a7b1ca139271aa22c3708dc3e65153a8ed7ed43943c2839323d49a5284f4db4cdf86c21eaba046a10bde1a2df055561b3e429615d1b940

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4285.exe

Filesize
468KB

MD5
8aa77e2aa0e08645bd2aaf0df7ea0ba6

SHA1
a2cee1d090c5708d8f6634088170af6b1fdafb2b

SHA256
b5881b8d82763d18912ac13dbc4f5d7039ed49c674dc26cb048759166c3d7d74

SHA512
23e20f73753f19ca5099862f5b2cd2d3d5f045b38579d8cb7da9c5356dd26be3e52358f43405d08c637a8be8847d00ce0d1228b7b41ab1e51aa7597510f5759a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45100.exe

Filesize
468KB

MD5
08d0f2653bc36a43ddf34068ba789f2e

SHA1
c78ea30a3325d886a108ab7a32bd9498ec3a24a4

SHA256
aba408c255bb2f8f74bc5ddf35adcf0af5f69ec175230079fa2151ea118a7bd9

SHA512
e7638aaad98d6589d504bb6212c377659e49072aaeb1406fb612d94728ba6bafcba92b59d5fba3bf43bcae7245e4702127c0e6044c108fb2e5586268f62809fc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49210.exe

Filesize
468KB

MD5
41aa25a7036e085bec452aa556e37309

SHA1
5f249eb4194f6e568dd21a7a62bc24c4d1d1a926

SHA256
66736607c72fd5843936c2eab6add4bbd20cd9610ff620eee9791442595b3fc4

SHA512
e1d6c19d8134c25de89cadbef534872011f41e03f1eda80406982e6f1caebda40545d7460be6260afed1d1d494def043eae29a86c66b2407b035b710743c3f8b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55903.exe

Filesize
468KB

MD5
3c8d7559f2dfd479e939d7bb37b103de

SHA1
6a7ae9c901c6b501ac8d598267765f6780fa3121

SHA256
bbf761c5d181ca3e71aeb02a9ffe24d400118560f8bf1c3da2ebd7774305e8d3

SHA512
714226354032c818f24f3b91197dee93382b7b86c34b9569788b8d69e3987ace06177c807df1254b71f752157b51628d6ae84122ef0a5e7752b425d57149524e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6147.exe

Filesize
468KB

MD5
aa779e14846d0e2318813b7376f0ced6

SHA1
a008fdef74f56434740eba60755ddafd4cc2cfa7

SHA256
88d4a1c3a1fbfb5a5bded0088b953bb3c7125ba78a6556c7a08fb7165cff180a

SHA512
2aba62da16372ead6dc206eee5f6e4d99c7e46ac85d71a597bf39fede18d9d037e522878c50ac9dc659c307c8edd3b2467d59448a3bfc9cd8e21fb1e61518320

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61493.exe

Filesize
468KB

MD5
eede35aa8d2076674b057ee12035b5ee

SHA1
160546760b339a7fa2f9c5a91f1d7e35eab120cc

SHA256
25edd4ce3a1db66c1b8057891698caabc7cfb397d0c73320686b9d3c031684b4

SHA512
c881ad00794601126cc1a39788076879cffc3457d4827f9cc6b07ca1e6ff82431c8ba584d3f1d428bdf871884a7f48d9e638c4bbfa920cbeed37cf8a5a450580

Download Submit