76de684d713eb4cbba7ec67af4586ca0d14f493ec1da8095f276dbbaaf0db198

Analysis

max time kernel
149s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
20/11/2024, 00:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

76de684d713eb4cbba7ec67af4586ca0d14f493ec1da8095f276dbbaaf0db198.exe
Size

468KB
MD5

9d2e14340d792cfa515a45d867aef896
SHA1

8968d696d86ca8da6ba5ba471680fbcb9e0d927f
SHA256

76de684d713eb4cbba7ec67af4586ca0d14f493ec1da8095f276dbbaaf0db198
SHA512

eb91e002fa016fdb17eaddd470aa87e1828d68947a53476c7dc1234395d132801d6c737b07ecb31828cf2542c9b8fcdce079490df1c9f20c56e0b0cec6127492
SSDEEP

3072:hQvyogIKKG5QtbYAHEcOcfr/WEhzPFpsnLHeuVPSF3g1Ze+g6cla:hQaoJCQtDHBOcfbDN/F30I+g6

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2052	Unicorn-64651.exe
1632	Unicorn-63890.exe
2464	Unicorn-55265.exe
2772	Unicorn-402.exe
2660	Unicorn-6167.exe
3024	Unicorn-11642.exe
2804	Unicorn-54189.exe
2752	Unicorn-53357.exe
2212	Unicorn-16243.exe
2320	Unicorn-4191.exe
2980	Unicorn-16577.exe
2988	Unicorn-16577.exe
1016	Unicorn-36178.exe
1152	Unicorn-18270.exe
1748	Unicorn-36443.exe
1116	Unicorn-51810.exe
2620	Unicorn-43097.exe
1756	Unicorn-7015.exe
2316	Unicorn-12443.exe
2156	Unicorn-34233.exe
2112	Unicorn-3344.exe
2456	Unicorn-14611.exe
972	Unicorn-28400.exe
608	Unicorn-13325.exe
1292	Unicorn-22831.exe
2496	Unicorn-42697.exe
2040	Unicorn-30422.exe
1340	Unicorn-36553.exe
3060	Unicorn-10805.exe
1512	Unicorn-30671.exe
2304	Unicorn-18396.exe
1364	Unicorn-29506.exe
580	Unicorn-42670.exe
2276	Unicorn-58940.exe
876	Unicorn-58940.exe
2264	Unicorn-38650.exe
1056	Unicorn-40574.exe
2248	Unicorn-29719.exe
1276	Unicorn-19183.exe
2876	Unicorn-50890.exe
3036	Unicorn-4035.exe
2920	Unicorn-6583.exe
2224	Unicorn-5944.exe
2836	Unicorn-62394.exe
2680	Unicorn-42514.exe
2688	Unicorn-62082.exe
1044	Unicorn-61947.exe
1696	Unicorn-16276.exe
2952	Unicorn-55803.exe
2932	Unicorn-12679.exe
564	Unicorn-59851.exe
1096	Unicorn-14179.exe
1644	Unicorn-52571.exe
1728	Unicorn-52571.exe
2036	Unicorn-32705.exe
1020	Unicorn-21303.exe
1968	Unicorn-64426.exe
1940	Unicorn-12624.exe
2332	Unicorn-61718.exe
2108	Unicorn-41172.exe
2352	Unicorn-40907.exe
3056	Unicorn-35028.exe
764	Unicorn-34388.exe
1564	Unicorn-32932.exe

Loads dropped DLL 64 IoCs

pid	Process
2220	76de684d713eb4cbba7ec67af4586ca0d14f493ec1da8095f276dbbaaf0db198.exe
2220	76de684d713eb4cbba7ec67af4586ca0d14f493ec1da8095f276dbbaaf0db198.exe
2052	Unicorn-64651.exe
2052	Unicorn-64651.exe
2220	76de684d713eb4cbba7ec67af4586ca0d14f493ec1da8095f276dbbaaf0db198.exe
2220	76de684d713eb4cbba7ec67af4586ca0d14f493ec1da8095f276dbbaaf0db198.exe
1632	Unicorn-63890.exe
1632	Unicorn-63890.exe
2464	Unicorn-55265.exe
2464	Unicorn-55265.exe
2052	Unicorn-64651.exe
2052	Unicorn-64651.exe
2220	76de684d713eb4cbba7ec67af4586ca0d14f493ec1da8095f276dbbaaf0db198.exe
2220	76de684d713eb4cbba7ec67af4586ca0d14f493ec1da8095f276dbbaaf0db198.exe
2660	Unicorn-6167.exe
2660	Unicorn-6167.exe
2772	Unicorn-402.exe
2772	Unicorn-402.exe
2052	Unicorn-64651.exe
2052	Unicorn-64651.exe
2464	Unicorn-55265.exe
1632	Unicorn-63890.exe
3024	Unicorn-11642.exe
3024	Unicorn-11642.exe
1632	Unicorn-63890.exe
2464	Unicorn-55265.exe
2220	76de684d713eb4cbba7ec67af4586ca0d14f493ec1da8095f276dbbaaf0db198.exe
2804	Unicorn-54189.exe
2220	76de684d713eb4cbba7ec67af4586ca0d14f493ec1da8095f276dbbaaf0db198.exe
2804	Unicorn-54189.exe
2752	Unicorn-53357.exe
2320	Unicorn-4191.exe
2320	Unicorn-4191.exe
2752	Unicorn-53357.exe
2212	Unicorn-16243.exe
2212	Unicorn-16243.exe
2660	Unicorn-6167.exe
2660	Unicorn-6167.exe
2772	Unicorn-402.exe
2772	Unicorn-402.exe
2052	Unicorn-64651.exe
2052	Unicorn-64651.exe
1016	Unicorn-36178.exe
1016	Unicorn-36178.exe
1152	Unicorn-18270.exe
1152	Unicorn-18270.exe
2220	76de684d713eb4cbba7ec67af4586ca0d14f493ec1da8095f276dbbaaf0db198.exe
2220	76de684d713eb4cbba7ec67af4586ca0d14f493ec1da8095f276dbbaaf0db198.exe
3024	Unicorn-11642.exe
3024	Unicorn-11642.exe
2988	Unicorn-16577.exe
2988	Unicorn-16577.exe
2464	Unicorn-55265.exe
2464	Unicorn-55265.exe
1748	Unicorn-36443.exe
1748	Unicorn-36443.exe
2804	Unicorn-54189.exe
2804	Unicorn-54189.exe
2980	Unicorn-16577.exe
2980	Unicorn-16577.exe
1632	Unicorn-63890.exe
1632	Unicorn-63890.exe
2620	Unicorn-43097.exe
2752	Unicorn-53357.exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64696.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10805.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42670.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19327.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61338.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61947.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46025.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61338.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60679.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16819.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21785.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40125.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61338.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39807.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	76de684d713eb4cbba7ec67af4586ca0d14f493ec1da8095f276dbbaaf0db198.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54499.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23766.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3936.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54862.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42697.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58315.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6257.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33391.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15100.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3855.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22638.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5546.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6167.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32090.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53012.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21252.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34898.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3855.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20689.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11850.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21252.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20689.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15969.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60679.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5985.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32932.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64374.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64696.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5898.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48482.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55259.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16281.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64921.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60679.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24038.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42823.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8031.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6481.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6559.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62082.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39058.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3185.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32121.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52814.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22430.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63890.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42514.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60679.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8934.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2220	76de684d713eb4cbba7ec67af4586ca0d14f493ec1da8095f276dbbaaf0db198.exe
2052	Unicorn-64651.exe
1632	Unicorn-63890.exe
2464	Unicorn-55265.exe
2772	Unicorn-402.exe
2660	Unicorn-6167.exe
2804	Unicorn-54189.exe
3024	Unicorn-11642.exe
2752	Unicorn-53357.exe
2320	Unicorn-4191.exe
2212	Unicorn-16243.exe
1016	Unicorn-36178.exe
2988	Unicorn-16577.exe
1748	Unicorn-36443.exe
2980	Unicorn-16577.exe
1152	Unicorn-18270.exe
2620	Unicorn-43097.exe
1116	Unicorn-51810.exe
2316	Unicorn-12443.exe
1756	Unicorn-7015.exe
2156	Unicorn-34233.exe
2112	Unicorn-3344.exe
608	Unicorn-13325.exe
2456	Unicorn-14611.exe
972	Unicorn-28400.exe
1292	Unicorn-22831.exe
2496	Unicorn-42697.exe
1340	Unicorn-36553.exe
2040	Unicorn-30422.exe
3060	Unicorn-10805.exe
1512	Unicorn-30671.exe
2304	Unicorn-18396.exe
1364	Unicorn-29506.exe
580	Unicorn-42670.exe
2276	Unicorn-58940.exe
876	Unicorn-58940.exe
1056	Unicorn-40574.exe
2264	Unicorn-38650.exe
2248	Unicorn-29719.exe
1276	Unicorn-19183.exe
2876	Unicorn-50890.exe
2920	Unicorn-6583.exe
3036	Unicorn-4035.exe
2224	Unicorn-5944.exe
2836	Unicorn-62394.exe
2688	Unicorn-62082.exe
1044	Unicorn-61947.exe
2680	Unicorn-42514.exe
1696	Unicorn-16276.exe
2952	Unicorn-55803.exe
2932	Unicorn-12679.exe
564	Unicorn-59851.exe
1096	Unicorn-14179.exe
1644	Unicorn-52571.exe
1728	Unicorn-52571.exe
2036	Unicorn-32705.exe
1020	Unicorn-21303.exe
1940	Unicorn-12624.exe
1968	Unicorn-64426.exe
2332	Unicorn-61718.exe
2108	Unicorn-41172.exe
3056	Unicorn-35028.exe
2352	Unicorn-40907.exe
764	Unicorn-34388.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 2052	2220	76de684d713eb4cbba7ec67af4586ca0d14f493ec1da8095f276dbbaaf0db198.exe	29
PID 2220 wrote to memory of 2052	2220	76de684d713eb4cbba7ec67af4586ca0d14f493ec1da8095f276dbbaaf0db198.exe	29
PID 2220 wrote to memory of 2052	2220	76de684d713eb4cbba7ec67af4586ca0d14f493ec1da8095f276dbbaaf0db198.exe	29
PID 2220 wrote to memory of 2052	2220	76de684d713eb4cbba7ec67af4586ca0d14f493ec1da8095f276dbbaaf0db198.exe	29
PID 2052 wrote to memory of 1632	2052	Unicorn-64651.exe	30
PID 2052 wrote to memory of 1632	2052	Unicorn-64651.exe	30
PID 2052 wrote to memory of 1632	2052	Unicorn-64651.exe	30
PID 2052 wrote to memory of 1632	2052	Unicorn-64651.exe	30
PID 2220 wrote to memory of 2464	2220	76de684d713eb4cbba7ec67af4586ca0d14f493ec1da8095f276dbbaaf0db198.exe	31
PID 2220 wrote to memory of 2464	2220	76de684d713eb4cbba7ec67af4586ca0d14f493ec1da8095f276dbbaaf0db198.exe	31
PID 2220 wrote to memory of 2464	2220	76de684d713eb4cbba7ec67af4586ca0d14f493ec1da8095f276dbbaaf0db198.exe	31
PID 2220 wrote to memory of 2464	2220	76de684d713eb4cbba7ec67af4586ca0d14f493ec1da8095f276dbbaaf0db198.exe	31
PID 1632 wrote to memory of 2772	1632	Unicorn-63890.exe	32
PID 1632 wrote to memory of 2772	1632	Unicorn-63890.exe	32
PID 1632 wrote to memory of 2772	1632	Unicorn-63890.exe	32
PID 1632 wrote to memory of 2772	1632	Unicorn-63890.exe	32
PID 2464 wrote to memory of 3024	2464	Unicorn-55265.exe	33
PID 2464 wrote to memory of 3024	2464	Unicorn-55265.exe	33
PID 2464 wrote to memory of 3024	2464	Unicorn-55265.exe	33
PID 2464 wrote to memory of 3024	2464	Unicorn-55265.exe	33
PID 2052 wrote to memory of 2660	2052	Unicorn-64651.exe	34
PID 2052 wrote to memory of 2660	2052	Unicorn-64651.exe	34
PID 2052 wrote to memory of 2660	2052	Unicorn-64651.exe	34
PID 2052 wrote to memory of 2660	2052	Unicorn-64651.exe	34
PID 2220 wrote to memory of 2804	2220	76de684d713eb4cbba7ec67af4586ca0d14f493ec1da8095f276dbbaaf0db198.exe	35
PID 2220 wrote to memory of 2804	2220	76de684d713eb4cbba7ec67af4586ca0d14f493ec1da8095f276dbbaaf0db198.exe	35
PID 2220 wrote to memory of 2804	2220	76de684d713eb4cbba7ec67af4586ca0d14f493ec1da8095f276dbbaaf0db198.exe	35
PID 2220 wrote to memory of 2804	2220	76de684d713eb4cbba7ec67af4586ca0d14f493ec1da8095f276dbbaaf0db198.exe	35
PID 2660 wrote to memory of 2752	2660	Unicorn-6167.exe	36
PID 2660 wrote to memory of 2752	2660	Unicorn-6167.exe	36
PID 2660 wrote to memory of 2752	2660	Unicorn-6167.exe	36
PID 2660 wrote to memory of 2752	2660	Unicorn-6167.exe	36
PID 2772 wrote to memory of 2212	2772	Unicorn-402.exe	37
PID 2772 wrote to memory of 2212	2772	Unicorn-402.exe	37
PID 2772 wrote to memory of 2212	2772	Unicorn-402.exe	37
PID 2772 wrote to memory of 2212	2772	Unicorn-402.exe	37
PID 2052 wrote to memory of 2320	2052	Unicorn-64651.exe	38
PID 2052 wrote to memory of 2320	2052	Unicorn-64651.exe	38
PID 2052 wrote to memory of 2320	2052	Unicorn-64651.exe	38
PID 2052 wrote to memory of 2320	2052	Unicorn-64651.exe	38
PID 1632 wrote to memory of 2980	1632	Unicorn-63890.exe	40
PID 1632 wrote to memory of 2980	1632	Unicorn-63890.exe	40
PID 1632 wrote to memory of 2980	1632	Unicorn-63890.exe	40
PID 1632 wrote to memory of 2980	1632	Unicorn-63890.exe	40
PID 3024 wrote to memory of 1152	3024	Unicorn-11642.exe	41
PID 3024 wrote to memory of 1152	3024	Unicorn-11642.exe	41
PID 3024 wrote to memory of 1152	3024	Unicorn-11642.exe	41
PID 3024 wrote to memory of 1152	3024	Unicorn-11642.exe	41
PID 2464 wrote to memory of 2988	2464	Unicorn-55265.exe	39
PID 2464 wrote to memory of 2988	2464	Unicorn-55265.exe	39
PID 2464 wrote to memory of 2988	2464	Unicorn-55265.exe	39
PID 2464 wrote to memory of 2988	2464	Unicorn-55265.exe	39
PID 2220 wrote to memory of 1016	2220	76de684d713eb4cbba7ec67af4586ca0d14f493ec1da8095f276dbbaaf0db198.exe	42
PID 2220 wrote to memory of 1016	2220	76de684d713eb4cbba7ec67af4586ca0d14f493ec1da8095f276dbbaaf0db198.exe	42
PID 2220 wrote to memory of 1016	2220	76de684d713eb4cbba7ec67af4586ca0d14f493ec1da8095f276dbbaaf0db198.exe	42
PID 2220 wrote to memory of 1016	2220	76de684d713eb4cbba7ec67af4586ca0d14f493ec1da8095f276dbbaaf0db198.exe	42
PID 2804 wrote to memory of 1748	2804	Unicorn-54189.exe	43
PID 2804 wrote to memory of 1748	2804	Unicorn-54189.exe	43
PID 2804 wrote to memory of 1748	2804	Unicorn-54189.exe	43
PID 2804 wrote to memory of 1748	2804	Unicorn-54189.exe	43
PID 2320 wrote to memory of 1116	2320	Unicorn-4191.exe	45
PID 2320 wrote to memory of 1116	2320	Unicorn-4191.exe	45
PID 2320 wrote to memory of 1116	2320	Unicorn-4191.exe	45
PID 2320 wrote to memory of 1116	2320	Unicorn-4191.exe	45

C:\Users\Admin\AppData\Local\Temp\76de684d713eb4cbba7ec67af4586ca0d14f493ec1da8095f276dbbaaf0db198.exe
"C:\Users\Admin\AppData\Local\Temp\76de684d713eb4cbba7ec67af4586ca0d14f493ec1da8095f276dbbaaf0db198.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64651.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64651.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63890.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63890.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-402.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16243.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7015.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58940.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32932.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40035.exe
        9⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11495.exe
        9⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30359.exe
        9⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3936.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29316.exe
        8⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60256.exe
        8⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11850.exe
        8⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22430.exe
        8⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21252.exe
        8⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39807.exe
        8⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7901.exe
        7⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15007.exe
        8⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39078.exe
        8⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5985.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24038.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4187.exe
        8⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54862.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64277.exe
        7⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52988.exe
        7⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52187.exe
        7⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22015.exe
        7⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38672.exe
        7⤵
        
        PID:1976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40574.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39998.exe
        7⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36395.exe
        7⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22959.exe
        7⤵
        
        PID:5492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56559.exe
        6⤵
        
        PID:3048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53719.exe
        6⤵
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3185.exe
        6⤵
        
        PID:3880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63445.exe
        6⤵
        
        PID:4360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33347.exe
        6⤵
        
        PID:4672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64696.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34233.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38650.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33563.exe
        7⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6650.exe
        7⤵
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15920.exe
        7⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29931.exe
        7⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22081.exe
        7⤵
        
        PID:4388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52997.exe
        6⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62689.exe
        7⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61349.exe
        7⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11850.exe
        7⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3855.exe
        7⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55259.exe
        7⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
        7⤵
        
        PID:5508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34140.exe
        6⤵
        
        PID:2096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32090.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3185.exe
        6⤵
        
        PID:468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64374.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65259.exe
        6⤵
        
        PID:5900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36670.exe
        6⤵
        
        PID:4784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19183.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41172.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62689.exe
        7⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32484.exe
        7⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46025.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22430.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21252.exe
        7⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39807.exe
        7⤵
        
        PID:5772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42823.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48513.exe
        6⤵
        
        PID:3412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11850.exe
        6⤵
        
        PID:3912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3855.exe
        6⤵
        
        PID:4164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16281.exe
        6⤵
        
        PID:5072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
        6⤵
        
        PID:5476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40907.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5898.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41533.exe
        6⤵
        
        PID:3780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17243.exe
        6⤵
        
        PID:4400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41482.exe
        6⤵
        
        PID:4564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20159.exe
        6⤵
        
        PID:5564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33214.exe
        5⤵
        
        PID:2368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65423.exe
        5⤵
        
        PID:3464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3715.exe
        5⤵
        
        PID:3224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59908.exe
        5⤵
        
        PID:4536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        5⤵
        
        PID:4840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8934.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16577.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30671.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16276.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1615.exe
        7⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48035.exe
        7⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55812.exe
        7⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11850.exe
        7⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22430.exe
        7⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55259.exe
        7⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61338.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64921.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41116.exe
        7⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22330.exe
        7⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13260.exe
        7⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32503.exe
        7⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4187.exe
        7⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6574.exe
        7⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56559.exe
        6⤵
        
        PID:2380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11085.exe
        6⤵
        
        PID:1996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6257.exe
        6⤵
        
        PID:3768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47834.exe
        6⤵
        
        PID:4344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6787.exe
        6⤵
        
        PID:5068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39807.exe
        6⤵
        
        PID:5640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55803.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32619.exe
        6⤵
        
        PID:1120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21739.exe
        6⤵
        
        PID:3528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14070.exe
        6⤵
        
        PID:3836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24038.exe
        6⤵
        
        PID:4656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4187.exe
        6⤵
        
        PID:5936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
        6⤵
        
        PID:5504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8877.exe
        5⤵
        
        PID:1640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58679.exe
        5⤵
        
        PID:2600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3185.exe
        5⤵
        
        PID:3888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22638.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35660.exe
        5⤵
        
        PID:5364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59360.exe
        5⤵
        
        PID:5152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18396.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18396.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1615.exe
        5⤵
        
        PID:1572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4371.exe
        6⤵
        
        PID:3720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-335.exe
        6⤵
        
        PID:3824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18172.exe
        6⤵
        
        PID:4576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41482.exe
        6⤵
        
        PID:4544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20159.exe
        6⤵
        
        PID:5380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61740.exe
        5⤵
        
        PID:3008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29896.exe
        5⤵
        
        PID:3120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29620.exe
        5⤵
        
        PID:3584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52857.exe
        5⤵
        
        PID:5016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6787.exe
        5⤵
        
        PID:4260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64696.exe
        5⤵
        
        PID:5240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15388.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15388.exe
      4⤵
      PID:3020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65513.exe
        5⤵
        
        PID:3324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11173.exe
        5⤵
        
        PID:4984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27966.exe
        5⤵
        
        PID:5460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28825.exe
        5⤵
        
        PID:5496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8031.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8031.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36476.exe
      4⤵
      PID:3552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25456.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25456.exe
      4⤵
      PID:3108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61632.exe
      4⤵
      PID:4804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49658.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49658.exe
      4⤵
      PID:3520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10936.exe
      4⤵
      PID:6076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6167.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6167.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53357.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53357.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43097.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29506.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29289.exe
        7⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20999.exe
        8⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49056.exe
        8⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
        8⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12520.exe
        8⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32816.exe
        8⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3624.exe
        8⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19327.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62791.exe
        7⤵
        
        PID:432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60324.exe
        7⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22430.exe
        7⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11024.exe
        7⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61338.exe
        7⤵
        
        PID:5764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26110.exe
        6⤵
        
        PID:2832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20385.exe
        6⤵
        
        PID:2848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21785.exe
        6⤵
        
        PID:3344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28040.exe
        6⤵
        
        PID:4184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25697.exe
        6⤵
        
        PID:5388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39807.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42670.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62689.exe
        6⤵
        
        PID:2492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32484.exe
        6⤵
        
        PID:2792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5985.exe
        6⤵
        
        PID:3428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40919.exe
        6⤵
        
        PID:4592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32816.exe
        6⤵
        
        PID:4316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3624.exe
        6⤵
        
        PID:5480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34140.exe
        5⤵
        
        PID:2084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53719.exe
        5⤵
        
        PID:1664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3185.exe
        5⤵
        
        PID:1592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64374.exe
        5⤵
        
        PID:4648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28090.exe
        5⤵
        
        PID:4964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39807.exe
        5⤵
        
        PID:5756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12443.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12443.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52571.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39193.exe
        6⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1273.exe
        7⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36024.exe
        7⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53868.exe
        7⤵
        
        PID:5456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58315.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11850.exe
        6⤵
        
        PID:3784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3855.exe
        6⤵
        
        PID:4156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16281.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
        6⤵
        
        PID:5540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30466.exe
        5⤵
        
        PID:2324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62791.exe
        5⤵
        
        PID:1864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39058.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47366.exe
        5⤵
        
        PID:4200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11086.exe
        5⤵
        
        PID:4428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12624.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6650.exe
        5⤵
        
        PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15920.exe
        5⤵
        
        PID:3380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29931.exe
        5⤵
        
        PID:3388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8631.exe
        5⤵
        
        PID:5440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61338.exe
        5⤵
        
        PID:5740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41880.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41880.exe
      4⤵
      PID:1628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57456.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57456.exe
      4⤵
      PID:3208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52187.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52187.exe
      4⤵
      PID:3460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1108.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1108.exe
      4⤵
      PID:4832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26926.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26926.exe
      4⤵
      PID:5312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49445.exe
      4⤵
      PID:5172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4191.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4191.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51810.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51810.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6583.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19186.exe
        6⤵
        
        PID:2536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53115.exe
        6⤵
        
        PID:3800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46025.exe
        6⤵
        
        PID:3236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22430.exe
        6⤵
        
        PID:4900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55259.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61338.exe
        6⤵
        
        PID:5984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60679.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64983.exe
        5⤵
        
        PID:1804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11850.exe
        5⤵
        
        PID:3692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3855.exe
        5⤵
        
        PID:4216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16281.exe
        5⤵
        
        PID:4284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
        5⤵
        
        PID:5296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42514.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42514.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54039.exe
        5⤵
        
        PID:4496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8877.exe
      4⤵
      PID:1212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58679.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58679.exe
      4⤵
      PID:2360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3185.exe
      4⤵
      PID:576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64374.exe
      4⤵
      PID:4600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10583.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10583.exe
      4⤵
      PID:6116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20834.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20834.exe
      4⤵
      PID:6020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3344.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3344.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58940.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62689.exe
        5⤵
        
        PID:2104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23268.exe
        5⤵
        
        PID:1476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5985.exe
        5⤵
        
        PID:3420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29274.exe
        5⤵
        
        PID:4584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6257.exe
        5⤵
        
        PID:3604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3624.exe
        5⤵
        
        PID:5356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42823.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42823.exe
      4⤵
      PID:384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37004.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37004.exe
      4⤵
      PID:2872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11850.exe
      4⤵
      PID:3756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3855.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55259.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55259.exe
      4⤵
      PID:4128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
      4⤵
      PID:5532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29719.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29719.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35028.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35028.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4648.exe
        5⤵
        
        PID:2844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54429.exe
        5⤵
        
        PID:3576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24065.exe
        5⤵
        
        PID:3516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30747.exe
        5⤵
        
        PID:4780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60808.exe
        5⤵
        
        PID:6084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22279.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22279.exe
      4⤵
      PID:1972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55788.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55788.exe
      4⤵
      PID:3160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11850.exe
      4⤵
      PID:3616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22430.exe
      4⤵
      PID:4924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21252.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21252.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50580.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50580.exe
      4⤵
      PID:5124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34388.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34388.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24196.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24196.exe
      4⤵
      PID:3348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58140.exe
      4⤵
      PID:3332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3140.exe
      4⤵
      PID:5260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14709.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14709.exe
      4⤵
      PID:5252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33745.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33745.exe
    3⤵
    PID:336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36455.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36455.exe
    3⤵
    PID:3276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42386.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42386.exe
    3⤵
    PID:3136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10118.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10118.exe
    3⤵
    PID:4440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48482.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48482.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17624.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17624.exe
    3⤵
    PID:5592
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55265.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55265.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11642.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11642.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18270.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18270.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28400.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14179.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42196.exe
        7⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50833.exe
        7⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30840.exe
        7⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30747.exe
        7⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21529.exe
        7⤵
        
        PID:5608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12753.exe
        6⤵
        
        PID:920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60256.exe
        6⤵
        
        PID:3216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11850.exe
        6⤵
        
        PID:3760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3855.exe
        6⤵
        
        PID:4172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55259.exe
        6⤵
        
        PID:4120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
        6⤵
        
        PID:5416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32705.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51294.exe
        5⤵
        
        PID:2904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-584.exe
        5⤵
        
        PID:3296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3185.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15718.exe
        5⤵
        
        PID:4512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33347.exe
        5⤵
        
        PID:2924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64696.exe
        5⤵
        
        PID:5580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22831.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22831.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4035.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11350.exe
        6⤵
        
        PID:1780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57787.exe
        6⤵
        
        PID:3152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35053.exe
        6⤵
        
        PID:4608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20722.exe
        6⤵
        
        PID:5868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3624.exe
        6⤵
        
        PID:5548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60679.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64983.exe
        5⤵
        
        PID:3080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11850.exe
        5⤵
        
        PID:3696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3855.exe
        5⤵
        
        PID:4152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16281.exe
        5⤵
        
        PID:4676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
        5⤵
        
        PID:5340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62394.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62394.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40271.exe
        5⤵
        
        PID:1092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32121.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5985.exe
        5⤵
        
        PID:3396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28729.exe
        5⤵
        
        PID:4448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6257.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44272.exe
        5⤵
        
        PID:6068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26846.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26846.exe
      4⤵
      PID:936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16819.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16819.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37890.exe
      4⤵
      PID:3252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48391.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48391.exe
      4⤵
      PID:4996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6481.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63561.exe
      4⤵
      PID:5292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16577.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16577.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42697.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42697.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12679.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43000.exe
        6⤵
        
        PID:912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53115.exe
        6⤵
        
        PID:3792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46025.exe
        6⤵
        
        PID:3264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22430.exe
        6⤵
        
        PID:4940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52509.exe
        6⤵
        
        PID:5196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61338.exe
        6⤵
        
        PID:5804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60679.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52814.exe
        5⤵
        
        PID:1064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11850.exe
        5⤵
        
        PID:3492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22430.exe
        5⤵
        
        PID:4916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21252.exe
        5⤵
        
        PID:5884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39807.exe
        5⤵
        
        PID:5976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59851.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59851.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15007.exe
        5⤵
        
        PID:2592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39078.exe
        5⤵
        
        PID:1376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5985.exe
        5⤵
        
        PID:3476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22108.exe
        5⤵
        
        PID:5024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40125.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8877.exe
      4⤵
      PID:944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10407.exe
      4⤵
      PID:2944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3185.exe
      4⤵
      PID:1528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64374.exe
      4⤵
      PID:4632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65259.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65259.exe
      4⤵
      PID:5908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45245.exe
      4⤵
      PID:5080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30422.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30422.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21303.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21303.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15007.exe
        5⤵
        
        PID:584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28442.exe
        5⤵
        
        PID:844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5985.exe
        5⤵
        
        PID:3392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24038.exe
        5⤵
        
        PID:4616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6257.exe
        5⤵
        
        PID:5088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59336.exe
        5⤵
        
        PID:5144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60679.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60679.exe
      4⤵
      PID:2392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64983.exe
      4⤵
      PID:3088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11850.exe
      4⤵
      PID:3876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3855.exe
      4⤵
      PID:4236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16281.exe
      4⤵
      PID:1100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
      4⤵
      PID:5336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61718.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61718.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33391.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33391.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51151.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51151.exe
      4⤵
      PID:5116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28825.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28825.exe
      4⤵
      PID:5572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33214.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33214.exe
    3⤵
    PID:1296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62327.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62327.exe
    3⤵
    PID:3288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25456.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25456.exe
    3⤵
    PID:3832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43056.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43056.exe
    3⤵
    PID:5032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10681.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10681.exe
    3⤵
    PID:4432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35825.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35825.exe
    3⤵
    PID:5180
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54189.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54189.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36443.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36443.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36553.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36553.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52571.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32763.exe
        6⤵
        
        PID:988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22330.exe
        6⤵
        
        PID:2584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13260.exe
        6⤵
        
        PID:3664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23766.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37449.exe
        6⤵
        
        PID:6108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12753.exe
        6⤵
        
        PID:6064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15969.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36066.exe
        5⤵
        
        PID:2648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4896.exe
        5⤵
        
        PID:3728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21265.exe
        5⤵
        
        PID:3592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5546.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61338.exe
        5⤵
        
        PID:5692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64426.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64426.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36015.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36015.exe
      4⤵
      PID:2896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61653.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61653.exe
      4⤵
      PID:3172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3185.exe
      4⤵
      PID:3916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15718.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15718.exe
      4⤵
      PID:4520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33347.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33347.exe
      4⤵
      PID:5044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64696.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64696.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10805.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10805.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57864.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57864.exe
      4⤵
      PID:1688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14268.exe
        5⤵
        
        PID:1484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60256.exe
        5⤵
        
        PID:3200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11850.exe
        5⤵
        
        PID:3680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22430.exe
        5⤵
        
        PID:4876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55259.exe
        5⤵
        
        PID:5104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61338.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60679.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60679.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52814.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52814.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11850.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3855.exe
      4⤵
      PID:4244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21252.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21252.exe
      4⤵
      PID:5840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64696.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64696.exe
      4⤵
      PID:5228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37073.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37073.exe
    3⤵
    PID:2356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54499.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54499.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64050.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64050.exe
    3⤵
    PID:3816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52187.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52187.exe
    3⤵
    PID:3452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32784.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32784.exe
    3⤵
    PID:4556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50793.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50793.exe
    3⤵
    PID:4356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59360.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59360.exe
    3⤵
    PID:5412
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36178.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36178.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14611.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14611.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62082.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62082.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14780.exe
        5⤵
        
        PID:1472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34898.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1313.exe
        5⤵
        
        PID:3808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11850.exe
        5⤵
        
        PID:3648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22430.exe
        5⤵
        
        PID:4932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21252.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39807.exe
        5⤵
        
        PID:5796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64112.exe
      4⤵
      PID:2176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57598.exe
        5⤵
        
        PID:2072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61081.exe
        5⤵
        
        PID:3896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14645.exe
        5⤵
        
        PID:3328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31096.exe
        5⤵
        
        PID:4868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27559.exe
        5⤵
        
        PID:5084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35453.exe
        5⤵
        
        PID:5932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41931.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41931.exe
      4⤵
      PID:1196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58613.exe
      4⤵
      PID:3624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11505.exe
      4⤵
      PID:4224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22611.exe
      4⤵
      PID:4352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39807.exe
      4⤵
      PID:5812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61947.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61947.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27767.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27767.exe
      4⤵
      PID:1764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62689.exe
        5⤵
        
        PID:2200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35356.exe
        5⤵
        
        PID:3860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11850.exe
        5⤵
        
        PID:3844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3855.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55259.exe
        5⤵
        
        PID:4136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
        5⤵
        
        PID:5556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60679.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60679.exe
      4⤵
      PID:392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64983.exe
      4⤵
      PID:2068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11850.exe
      4⤵
      PID:3848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3855.exe
      4⤵
      PID:4192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16281.exe
      4⤵
      PID:4292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
      4⤵
      PID:5436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18040.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18040.exe
    3⤵
    PID:1252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64563.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64563.exe
    3⤵
    PID:2760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53012.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53012.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52187.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52187.exe
    3⤵
    PID:3440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15902.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15902.exe
    3⤵
    PID:4476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6559.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6559.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34472.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34472.exe
    3⤵
    PID:6048
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13325.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13325.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50890.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50890.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58574.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58574.exe
      4⤵
      PID:2128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16322.exe
        5⤵
        
        PID:2460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50833.exe
        5⤵
        
        PID:3708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43214.exe
        5⤵
        
        PID:4800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36726.exe
        5⤵
        
        PID:5284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61338.exe
        5⤵
        
        PID:5960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36066.exe
      4⤵
      PID:2668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4896.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4896.exe
      4⤵
      PID:3700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15100.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5546.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5546.exe
      4⤵
      PID:4376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61338.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56379.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56379.exe
    3⤵
    PID:2232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14241.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14241.exe
    3⤵
    PID:2708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21785.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21785.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5895.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5895.exe
    3⤵
    PID:4860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10583.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10583.exe
    3⤵
    PID:6124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11618.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11618.exe
    3⤵
    PID:1816
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5944.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5944.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26516.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26516.exe
    3⤵
    PID:2992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11038.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11038.exe
    3⤵
    PID:3400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64231.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64231.exe
    3⤵
    PID:2244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30747.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30747.exe
    3⤵
    PID:4336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20159.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20159.exe
    3⤵
    PID:5452
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6607.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6607.exe
  2⤵
  PID:784
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29013.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29013.exe
  2⤵
  PID:2000
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24321.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24321.exe
  2⤵
  PID:3892
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38096.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38096.exe
  2⤵
  PID:4848
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25024.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25024.exe
  2⤵
  PID:4796
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8136.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8136.exe
  2⤵
  PID:6100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11642.exe

Filesize
468KB

MD5
ea1a82f1a75318832c0d86b86b3ed2ad

SHA1
9900269d981abf6d0b224efc810f83c7cfc3d330

SHA256
e30df9e34d0a63139878f7760edaaaf799b81675dd23c76507993c993303afd0

SHA512
ba1bae0584ca2afe4d55ea97274ab7bf6ac21d5fe5a195153d119411a88ad1f0dfd27a4169f4ea50bdc9b0c4c9b74a913bac75a6c5cdfbc25b322cb28afd30a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29896.exe

Filesize
468KB

MD5
5e0df519ac4ac6793276b81665e92770

SHA1
4bb1f1ac1785de0643e450a38eaf6a2a191fbbab

SHA256
bbb1adf868fadf45375753be749193657ac1e00a0ad1d3686de097198bccd529

SHA512
9891fc6daa6006404ade00ff5e88cfb94763a2dafbeee5ce8725e06008268c1f39f568374bb830b0848b383de61525ab927fac692c38507a10415701de2dfbf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36178.exe

Filesize
468KB

MD5
b01dc77f2cb5b098ba9aaf19974eccfe

SHA1
76c73459cdb02b22caceb0b6ca5b28fbc50a7a76

SHA256
2f7c546f10b5319d2ebee3982067a55214394fcd65906b7980ca6329e7d52b66

SHA512
69d00ebe49b68d15c3b38ceea931918b4c051c7e130f47de466931b3f97f62cbbdadf60c672f6c9af4822134689f9dccda558b81de9f933f3ccfef6bbf12fea0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36443.exe

Filesize
468KB

MD5
4f6da996d93029cafc261adff799b9f0

SHA1
21cbc48b9808c40deb08b588d5506e9da1425383

SHA256
82385ecd92b18b3ef68f7d1dd9173d494a0b89508904325cc124d7390bb0a06d

SHA512
5b94d88b8d83f0c668bbca118167ff98b41c464bd9e7e6f27c69e59bcebeb7aaf145f9bc15384c93643b4bad1bfa1510ef5eaf1db2788c0cca6833d8a71b8062

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51810.exe

Filesize
468KB

MD5
e96492e2cc29d0f7e147fdabac55eef0

SHA1
685da157964f884b4f757d7c5e3d5e0cd17a37a6

SHA256
055ba5aa25fb0a2b6d13ac49deb9cab68e934d80c57776f01a407a978ddc9e29

SHA512
9d0090f448f734e9c34e239e93786c7fe617162927daf78484cfc007e49b77e06ecb1edcd59c1ee9ba1ac1e57c2b0ae611d46b175a7e71afaeb5567f896f0840

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7901.exe

Filesize
468KB

MD5
11a21a64c7a5734c92b274568af15287

SHA1
a9de2f099d0ec63846861e134fd6fc5a555e90d9

SHA256
ddd48bf9e4797097930bd3afcc5a6939ff5fded916df7b1ba6f223fa591c9dd8

SHA512
d9523353603d76198fdf09ca9bd4001f31a59cfb8b86afc3cdbcf8183b14c4d581ba237f70773ef631c3f07d340ea7ec203eefdf2bc0950ee3c7c2a9e477f561

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16243.exe

Filesize
468KB

MD5
5293d6435642597fd0ab5de624705a12

SHA1
027deab1cbee611ceb0f564e5eb3d83f8f65decf

SHA256
1d4af994e2ce8731cdcb31d93c253b49851b4f0401957ba55881134a6947ae8b

SHA512
720651a8d2870fdffb099d7ae664fa3577c9580af42e85c4aadd86cf45fe41aad21b5562862ffa3664a1af59f0a08ee4a1cbf3a5cdb1c09ce2c5d46efdf84818

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16577.exe

Filesize
468KB

MD5
e02d46519181487d993ff662294487b9

SHA1
912a90bb5795cec547858e407a20c67daad57016

SHA256
0bffa12c408c5b380cb858e787bf4ab5bbb8e5f6d5c860aea84f18ea3cfe65dc

SHA512
8114807beaa788542c4771680b8fac14220d4840e753d9e695b58b778087e07dec816f56b536b75bcba864cd960198a4028aa3d877db9adcccfacc3805bfe9a4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18270.exe

Filesize
468KB

MD5
3f7d8c182265c0bb12fbc3325a818599

SHA1
e8dbd5ed0d9ed5b1dd2458a477a3654b75c8d229

SHA256
4b62283a1fd6c90221ff3d3187edb49e21701c8d158670aafea605e46c0a877f

SHA512
b954f9590033a2f7c62d512f8315f31382b9abecab5707451f9a3a247e1014e89e21645af7e2ca572f48f5a8fb08fd2dbf391dd58809f474bb4621fa6c77dcd4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-402.exe

Filesize
468KB

MD5
18e9417944161ee8991b95c7f7663528

SHA1
c7e8c67975eaf5f6c9c53069f37bb173a61774d3

SHA256
c130d2d40c85f7d1234d98ba951be6852429227971392cf4fd43d1a1f7e55681

SHA512
0709e9ed49cc5e38ef86de5177c9ee1398fd63f69ea7f9ae3928068e1a21ba2ff2e3af7a7cf72337fc2deefa9c7c39087a65918eeabd3941a160c9ef714f95eb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4191.exe

Filesize
468KB

MD5
864cdccec54f4ee4163b8ea23acefb06

SHA1
178a5504d7898891d877705a03860364b6e8252d

SHA256
34eaf803e8d8ee764afec9baabe522fba62e8e7820f55d040b57ff62c78360f1

SHA512
fbd25fc06149204b2ef6d5f1222319591fd6d5777a9c9cb9268bd74dc1185b04855eec18adb58126939baecc547216b4b5d4a64912ad96fb116d8bd257a9be53

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43097.exe

Filesize
468KB

MD5
92d0f3fe0a04910a24130ff9c5cbe4a5

SHA1
6cb5ca4bd5ae771235ee1a193f1c9be638fa5ddd

SHA256
055bbd27dd2d48531261e98766cb77d8ae72710d1f405ac5ea71adee2eb1955d

SHA512
77cf13288eec8c825a3f44a271926543036ed7b82e154803d1cca04cca50e98594998c898791e7575c76bff968da70fe7efc20841075e55595fee4e614004e17

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53357.exe

Filesize
468KB

MD5
456e9a401c0fa329237d1bf0ad3ef5af

SHA1
283fe0ff0637dd0aba922092d054ec91f6bbcb0a

SHA256
ddeca7c94801862e82ba59189adacb85e779cada5bd08ecbe1ef6a8adf613b9d

SHA512
8044ec0ec68b471b27ce21fa66f25a477b0ef4b3fe548280d0fc0516400f2eff991e395bdf599b10bec0d9b422cdf1deb317455ea7991b608f196f44e1495c17

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54189.exe

Filesize
468KB

MD5
de9ed55f614ad4eb650e4daf5a0a019a

SHA1
9c01ca180e17a44c4790a6dbbf0a50b1181d6583

SHA256
553a299ce0492c9e8ab65b18b43b28d31c7700e91c87b87058a84a716b771d5e

SHA512
fbd37ea6a22cfcb066712f741a1db2f958fdf39f0fa05c735379e2ab65ad1226d4cd25e93b7b0903aa958ce1aaedca4f2fd22b3a1ce2117f87b290be3b0f4eaa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55265.exe

Filesize
468KB

MD5
964120dab1497090fb8cf25547136c01

SHA1
9e7e2562def4e443d61ec5d27e2121fe28f373b3

SHA256
e93de888973a07da080710d14771638d4b2dd11cd8215930b2a0e66dbe3e3929

SHA512
c758846b34be976ea9db9e61ea5968c2c05d2f7c3e82d1ee4bf237da2d260983cab98ac45cc3740ba34582817a6a3ac56c0c51ad1bb32f58945e899eb7f851e8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6167.exe

Filesize
468KB

MD5
98fb9b9231c602bf778ba204095ad14f

SHA1
e2dbf662ddaad94a4c1e04a3e2f701ad2e772a5e

SHA256
b9d73af8c7fee47ee04b351bd0263fe89ab43429e24ce8b64808f0c4a5edb7f1

SHA512
ee7d3710d51ef7a74b11789746649b32e4f0191a9e4765a0c085aed4b14a6b8ce5e76261a9e737073c26126274f17c00f59a260c71d8f7ad785bd30e023081d2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63890.exe

Filesize
468KB

MD5
72c41b57bb043d73175f430ee0036871

SHA1
8b089318e4eb523146ad00615d10d7d05a94c1d7

SHA256
8ba62e4e17eac5da4f9dd78c2671bfd960e28d2b9ffcb2f8a98905ffc915471e

SHA512
4b3aa6f9425c021d064fe648733e2256b519937eac4784f40aadcd2d7c49fc2fb557549f531b4b06e10310b09f34ac2f011e39715e48943b8f5bf17163aab824

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64651.exe

Filesize
468KB

MD5
ae4edea3318d458a953c756e2886aebe

SHA1
0a19badce7b3d2ceec4e5d38c1eec449452cd461

SHA256
26e960c523ea07168bf1199008da1c3ed7ae347126e9c5d15b085a0e8630a0be

SHA512
2909f593dde708d0639d054f2a3e07b6af89eb4206c8cb1f49394e5b65bb1138fa7338e6825f3e9b4c1bb64f49115ebb73dbf154660253c5fde52223e6c5f417

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7015.exe

Filesize
468KB

MD5
aac9b047dce149fe78d885feaeaa2c34

SHA1
53971b23b7db93330a8fc34abc8f5a72e458b98c

SHA256
83d152830b5ec9c4546b92eb0c38609fe8d07792cfb3ad4b94e723e6198d917d

SHA512
97a49d95b85e4fb700f5254a4fd0c1fe874f5a71b6046a69568a57bdc46dd703c2eefe7134ceaaceaf1e51c59596695e3f190e75da4ddf39cb2383509b477869

Download Submit