00777c36712bb89e7ede0dd7ff7e33fe2b0dd1bb55d70eff87860a1301d4ef06

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
20/11/2024, 03:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

00777c36712bb89e7ede0dd7ff7e33fe2b0dd1bb55d70eff87860a1301d4ef06N.exe
Size

468KB
MD5

5b06682d2a9233f07ab74455c18925c0
SHA1

12d93ace049506e747fd7f07e6b809ec1f4176f3
SHA256

00777c36712bb89e7ede0dd7ff7e33fe2b0dd1bb55d70eff87860a1301d4ef06
SHA512

70249952f3d0cf1fd6126f672b0524cc1f8d82c6116cfed39b9e6dd238fe5b66b0586156b62e678b3cc7a948b1afe471325b888a0e3c35667320c6abccaa0e69
SSDEEP

3072:lqkCo3cOIV3KtbYVPzyxHfT/JHUXtIpvV1HCL4LhvBfpuO7YSMlT:lqxoC9KtuPWxHf+0iGvBRF7YS

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2432	Unicorn-20470.exe
2820	Unicorn-26212.exe
2460	Unicorn-39402.exe
2784	Unicorn-47032.exe
2372	Unicorn-43694.exe
2948	Unicorn-8914.exe
2380	Unicorn-64245.exe
1424	Unicorn-49798.exe
1508	Unicorn-36860.exe
320	Unicorn-23286.exe
400	Unicorn-38973.exe
604	Unicorn-39238.exe
2004	Unicorn-19372.exe
2668	Unicorn-34176.exe
2808	Unicorn-6757.exe
1592	Unicorn-25559.exe
1656	Unicorn-21645.exe
1540	Unicorn-42004.exe
940	Unicorn-19729.exe
956	Unicorn-57800.exe
2068	Unicorn-12128.exe
1512	Unicorn-3198.exe
1820	Unicorn-11863.exe
2332	Unicorn-2144.exe
848	Unicorn-2144.exe
2276	Unicorn-61551.exe
1408	Unicorn-14375.exe
2552	Unicorn-14967.exe
1028	Unicorn-30955.exe
2472	Unicorn-33608.exe
2756	Unicorn-27586.exe
2928	Unicorn-33717.exe
2952	Unicorn-14920.exe
2796	Unicorn-14920.exe
2804	Unicorn-14920.exe
2800	Unicorn-3576.exe
1400	Unicorn-13663.exe
2896	Unicorn-52274.exe
1932	Unicorn-18184.exe
2892	Unicorn-38050.exe
2072	Unicorn-55574.exe
2076	Unicorn-22591.exe
1264	Unicorn-38927.exe
2964	Unicorn-2725.exe
1076	Unicorn-22591.exe
2516	Unicorn-22591.exe
1712	Unicorn-6572.exe
1132	Unicorn-8597.exe
1644	Unicorn-12126.exe
1672	Unicorn-12126.exe
344	Unicorn-60751.exe
1944	Unicorn-2428.exe
1728	Unicorn-51430.exe
1824	Unicorn-22825.exe
900	Unicorn-232.exe
1756	Unicorn-33132.exe
1576	Unicorn-19750.exe
2776	Unicorn-13043.exe
2084	Unicorn-42163.exe
2904	Unicorn-57466.exe
2268	Unicorn-12671.exe
1936	Unicorn-7885.exe
332	Unicorn-49220.exe
1652	Unicorn-49485.exe

Loads dropped DLL 64 IoCs

pid	Process
804	00777c36712bb89e7ede0dd7ff7e33fe2b0dd1bb55d70eff87860a1301d4ef06N.exe
804	00777c36712bb89e7ede0dd7ff7e33fe2b0dd1bb55d70eff87860a1301d4ef06N.exe
2432	Unicorn-20470.exe
804	00777c36712bb89e7ede0dd7ff7e33fe2b0dd1bb55d70eff87860a1301d4ef06N.exe
2432	Unicorn-20470.exe
804	00777c36712bb89e7ede0dd7ff7e33fe2b0dd1bb55d70eff87860a1301d4ef06N.exe
2820	Unicorn-26212.exe
2820	Unicorn-26212.exe
2432	Unicorn-20470.exe
2432	Unicorn-20470.exe
804	00777c36712bb89e7ede0dd7ff7e33fe2b0dd1bb55d70eff87860a1301d4ef06N.exe
804	00777c36712bb89e7ede0dd7ff7e33fe2b0dd1bb55d70eff87860a1301d4ef06N.exe
2460	Unicorn-39402.exe
2460	Unicorn-39402.exe
2784	Unicorn-47032.exe
2784	Unicorn-47032.exe
2820	Unicorn-26212.exe
2820	Unicorn-26212.exe
2948	Unicorn-8914.exe
2948	Unicorn-8914.exe
804	00777c36712bb89e7ede0dd7ff7e33fe2b0dd1bb55d70eff87860a1301d4ef06N.exe
2460	Unicorn-39402.exe
804	00777c36712bb89e7ede0dd7ff7e33fe2b0dd1bb55d70eff87860a1301d4ef06N.exe
2380	Unicorn-64245.exe
2460	Unicorn-39402.exe
2380	Unicorn-64245.exe
2372	Unicorn-43694.exe
2432	Unicorn-20470.exe
2372	Unicorn-43694.exe
2432	Unicorn-20470.exe
1424	Unicorn-49798.exe
1424	Unicorn-49798.exe
2784	Unicorn-47032.exe
2784	Unicorn-47032.exe
2820	Unicorn-26212.exe
1508	Unicorn-36860.exe
2820	Unicorn-26212.exe
1508	Unicorn-36860.exe
2432	Unicorn-20470.exe
2948	Unicorn-8914.exe
804	00777c36712bb89e7ede0dd7ff7e33fe2b0dd1bb55d70eff87860a1301d4ef06N.exe
2948	Unicorn-8914.exe
2432	Unicorn-20470.exe
320	Unicorn-23286.exe
804	00777c36712bb89e7ede0dd7ff7e33fe2b0dd1bb55d70eff87860a1301d4ef06N.exe
320	Unicorn-23286.exe
2808	Unicorn-6757.exe
604	Unicorn-39238.exe
2808	Unicorn-6757.exe
2460	Unicorn-39402.exe
604	Unicorn-39238.exe
2460	Unicorn-39402.exe
2380	Unicorn-64245.exe
2380	Unicorn-64245.exe
1592	Unicorn-25559.exe
1592	Unicorn-25559.exe
1424	Unicorn-49798.exe
1424	Unicorn-49798.exe
1656	Unicorn-21645.exe
1656	Unicorn-21645.exe
2784	Unicorn-47032.exe
2784	Unicorn-47032.exe
940	Unicorn-19729.exe
940	Unicorn-19729.exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7216.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45623.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39758.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57396.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57131.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26298.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54846.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36569.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63681.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14369.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8563.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14920.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18556.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37530.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27801.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10771.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46164.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58076.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5918.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56211.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52274.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45759.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45790.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38031.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48974.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32829.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39439.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16828.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30179.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16429.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58074.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2144.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58048.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55930.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3134.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11704.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44341.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12176.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44479.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39402.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37777.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30799.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13494.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19372.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44155.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10147.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42775.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42659.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57131.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36366.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38480.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22298.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39238.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12665.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26022.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49071.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22298.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51440.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42775.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7885.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18165.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30994.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12915.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10872.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
804	00777c36712bb89e7ede0dd7ff7e33fe2b0dd1bb55d70eff87860a1301d4ef06N.exe
2432	Unicorn-20470.exe
2820	Unicorn-26212.exe
2460	Unicorn-39402.exe
2784	Unicorn-47032.exe
2372	Unicorn-43694.exe
2948	Unicorn-8914.exe
2380	Unicorn-64245.exe
1424	Unicorn-49798.exe
1508	Unicorn-36860.exe
400	Unicorn-38973.exe
320	Unicorn-23286.exe
2668	Unicorn-34176.exe
2004	Unicorn-19372.exe
2808	Unicorn-6757.exe
604	Unicorn-39238.exe
1592	Unicorn-25559.exe
1656	Unicorn-21645.exe
940	Unicorn-19729.exe
1540	Unicorn-42004.exe
2068	Unicorn-12128.exe
956	Unicorn-57800.exe
1512	Unicorn-3198.exe
1820	Unicorn-11863.exe
848	Unicorn-2144.exe
2276	Unicorn-61551.exe
2332	Unicorn-2144.exe
1408	Unicorn-14375.exe
2552	Unicorn-14967.exe
1028	Unicorn-30955.exe
2756	Unicorn-27586.exe
2928	Unicorn-33717.exe
2472	Unicorn-33608.exe
2796	Unicorn-14920.exe
2952	Unicorn-14920.exe
2800	Unicorn-3576.exe
2804	Unicorn-14920.exe
1400	Unicorn-13663.exe
2076	Unicorn-22591.exe
1264	Unicorn-38927.exe
1076	Unicorn-22591.exe
2964	Unicorn-2725.exe
2896	Unicorn-52274.exe
2892	Unicorn-38050.exe
1932	Unicorn-18184.exe
2516	Unicorn-22591.exe
1712	Unicorn-6572.exe
2072	Unicorn-55574.exe
1132	Unicorn-8597.exe
1644	Unicorn-12126.exe
1672	Unicorn-12126.exe
344	Unicorn-60751.exe
1944	Unicorn-2428.exe
1728	Unicorn-51430.exe
1824	Unicorn-22825.exe
900	Unicorn-232.exe
1756	Unicorn-33132.exe
1576	Unicorn-19750.exe
2776	Unicorn-13043.exe
2084	Unicorn-42163.exe
2268	Unicorn-12671.exe
2904	Unicorn-57466.exe
1936	Unicorn-7885.exe
332	Unicorn-49220.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 804 wrote to memory of 2432	804	00777c36712bb89e7ede0dd7ff7e33fe2b0dd1bb55d70eff87860a1301d4ef06N.exe	30
PID 804 wrote to memory of 2432	804	00777c36712bb89e7ede0dd7ff7e33fe2b0dd1bb55d70eff87860a1301d4ef06N.exe	30
PID 804 wrote to memory of 2432	804	00777c36712bb89e7ede0dd7ff7e33fe2b0dd1bb55d70eff87860a1301d4ef06N.exe	30
PID 804 wrote to memory of 2432	804	00777c36712bb89e7ede0dd7ff7e33fe2b0dd1bb55d70eff87860a1301d4ef06N.exe	30
PID 2432 wrote to memory of 2820	2432	Unicorn-20470.exe	31
PID 2432 wrote to memory of 2820	2432	Unicorn-20470.exe	31
PID 2432 wrote to memory of 2820	2432	Unicorn-20470.exe	31
PID 2432 wrote to memory of 2820	2432	Unicorn-20470.exe	31
PID 804 wrote to memory of 2460	804	00777c36712bb89e7ede0dd7ff7e33fe2b0dd1bb55d70eff87860a1301d4ef06N.exe	32
PID 804 wrote to memory of 2460	804	00777c36712bb89e7ede0dd7ff7e33fe2b0dd1bb55d70eff87860a1301d4ef06N.exe	32
PID 804 wrote to memory of 2460	804	00777c36712bb89e7ede0dd7ff7e33fe2b0dd1bb55d70eff87860a1301d4ef06N.exe	32
PID 804 wrote to memory of 2460	804	00777c36712bb89e7ede0dd7ff7e33fe2b0dd1bb55d70eff87860a1301d4ef06N.exe	32
PID 2820 wrote to memory of 2784	2820	Unicorn-26212.exe	33
PID 2820 wrote to memory of 2784	2820	Unicorn-26212.exe	33
PID 2820 wrote to memory of 2784	2820	Unicorn-26212.exe	33
PID 2820 wrote to memory of 2784	2820	Unicorn-26212.exe	33
PID 2432 wrote to memory of 2372	2432	Unicorn-20470.exe	34
PID 2432 wrote to memory of 2372	2432	Unicorn-20470.exe	34
PID 2432 wrote to memory of 2372	2432	Unicorn-20470.exe	34
PID 2432 wrote to memory of 2372	2432	Unicorn-20470.exe	34
PID 804 wrote to memory of 2948	804	00777c36712bb89e7ede0dd7ff7e33fe2b0dd1bb55d70eff87860a1301d4ef06N.exe	35
PID 804 wrote to memory of 2948	804	00777c36712bb89e7ede0dd7ff7e33fe2b0dd1bb55d70eff87860a1301d4ef06N.exe	35
PID 804 wrote to memory of 2948	804	00777c36712bb89e7ede0dd7ff7e33fe2b0dd1bb55d70eff87860a1301d4ef06N.exe	35
PID 804 wrote to memory of 2948	804	00777c36712bb89e7ede0dd7ff7e33fe2b0dd1bb55d70eff87860a1301d4ef06N.exe	35
PID 2460 wrote to memory of 2380	2460	Unicorn-39402.exe	36
PID 2460 wrote to memory of 2380	2460	Unicorn-39402.exe	36
PID 2460 wrote to memory of 2380	2460	Unicorn-39402.exe	36
PID 2460 wrote to memory of 2380	2460	Unicorn-39402.exe	36
PID 2784 wrote to memory of 1424	2784	Unicorn-47032.exe	38
PID 2784 wrote to memory of 1424	2784	Unicorn-47032.exe	38
PID 2784 wrote to memory of 1424	2784	Unicorn-47032.exe	38
PID 2784 wrote to memory of 1424	2784	Unicorn-47032.exe	38
PID 2820 wrote to memory of 1508	2820	Unicorn-26212.exe	39
PID 2820 wrote to memory of 1508	2820	Unicorn-26212.exe	39
PID 2820 wrote to memory of 1508	2820	Unicorn-26212.exe	39
PID 2820 wrote to memory of 1508	2820	Unicorn-26212.exe	39
PID 2948 wrote to memory of 320	2948	Unicorn-8914.exe	40
PID 2948 wrote to memory of 320	2948	Unicorn-8914.exe	40
PID 2948 wrote to memory of 320	2948	Unicorn-8914.exe	40
PID 2948 wrote to memory of 320	2948	Unicorn-8914.exe	40
PID 804 wrote to memory of 400	804	00777c36712bb89e7ede0dd7ff7e33fe2b0dd1bb55d70eff87860a1301d4ef06N.exe	41
PID 804 wrote to memory of 400	804	00777c36712bb89e7ede0dd7ff7e33fe2b0dd1bb55d70eff87860a1301d4ef06N.exe	41
PID 804 wrote to memory of 400	804	00777c36712bb89e7ede0dd7ff7e33fe2b0dd1bb55d70eff87860a1301d4ef06N.exe	41
PID 804 wrote to memory of 400	804	00777c36712bb89e7ede0dd7ff7e33fe2b0dd1bb55d70eff87860a1301d4ef06N.exe	41
PID 2460 wrote to memory of 2004	2460	Unicorn-39402.exe	42
PID 2460 wrote to memory of 2004	2460	Unicorn-39402.exe	42
PID 2460 wrote to memory of 2004	2460	Unicorn-39402.exe	42
PID 2460 wrote to memory of 2004	2460	Unicorn-39402.exe	42
PID 2380 wrote to memory of 604	2380	Unicorn-64245.exe	43
PID 2380 wrote to memory of 604	2380	Unicorn-64245.exe	43
PID 2380 wrote to memory of 604	2380	Unicorn-64245.exe	43
PID 2380 wrote to memory of 604	2380	Unicorn-64245.exe	43
PID 2372 wrote to memory of 2808	2372	Unicorn-43694.exe	44
PID 2372 wrote to memory of 2808	2372	Unicorn-43694.exe	44
PID 2372 wrote to memory of 2808	2372	Unicorn-43694.exe	44
PID 2372 wrote to memory of 2808	2372	Unicorn-43694.exe	44
PID 2432 wrote to memory of 2668	2432	Unicorn-20470.exe	45
PID 2432 wrote to memory of 2668	2432	Unicorn-20470.exe	45
PID 2432 wrote to memory of 2668	2432	Unicorn-20470.exe	45
PID 2432 wrote to memory of 2668	2432	Unicorn-20470.exe	45
PID 1424 wrote to memory of 1592	1424	Unicorn-49798.exe	46
PID 1424 wrote to memory of 1592	1424	Unicorn-49798.exe	46
PID 1424 wrote to memory of 1592	1424	Unicorn-49798.exe	46
PID 1424 wrote to memory of 1592	1424	Unicorn-49798.exe	46

C:\Users\Admin\AppData\Local\Temp\00777c36712bb89e7ede0dd7ff7e33fe2b0dd1bb55d70eff87860a1301d4ef06N.exe
"C:\Users\Admin\AppData\Local\Temp\00777c36712bb89e7ede0dd7ff7e33fe2b0dd1bb55d70eff87860a1301d4ef06N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:804
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20470.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20470.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26212.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26212.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47032.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47032.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49798.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25559.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14967.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-232.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54950.exe
        9⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5850.exe
        9⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12129.exe
        9⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13494.exe
        9⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18556.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7661.exe
        8⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63145.exe
        8⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42775.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33132.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38806.exe
        8⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58420.exe
        8⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40067.exe
        8⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28239.exe
        8⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48929.exe
        7⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45623.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18666.exe
        7⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13839.exe
        7⤵
        
        PID:4820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30955.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19750.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14955.exe
        8⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7216.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43867.exe
        8⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11704.exe
        8⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60243.exe
        7⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57131.exe
        7⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6213.exe
        7⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13494.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13043.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60695.exe
        7⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37530.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58214.exe
        7⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51440.exe
        7⤵
        
        PID:4992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37766.exe
        6⤵
        
        PID:2508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55016.exe
        6⤵
        
        PID:3184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14089.exe
        6⤵
        
        PID:5880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21645.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33608.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12915.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12018.exe
        8⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63978.exe
        8⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20794.exe
        8⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46174.exe
        8⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62132.exe
        7⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18593.exe
        7⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14878.exe
        7⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11704.exe
        7⤵
        
        PID:5732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52277.exe
        6⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16859.exe
        7⤵
        
        PID:6000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58076.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29748.exe
        6⤵
        
        PID:4040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21986.exe
        6⤵
        
        PID:5084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27586.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12671.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54846.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54689.exe
        8⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59990.exe
        8⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45575.exe
        8⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56395.exe
        7⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12875.exe
        7⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11704.exe
        7⤵
        
        PID:5688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7217.exe
        6⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36694.exe
        7⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42659.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7010.exe
        7⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51440.exe
        7⤵
        
        PID:4392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30179.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52347.exe
        7⤵
        
        PID:6100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62260.exe
        6⤵
        
        PID:3320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18666.exe
        6⤵
        
        PID:4564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30560.exe
        6⤵
        
        PID:4708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49220.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36694.exe
        6⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28016.exe
        7⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10872.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32829.exe
        7⤵
        
        PID:4528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42659.exe
        6⤵
        
        PID:3344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27531.exe
        6⤵
        
        PID:4496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11704.exe
        6⤵
        
        PID:5716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27187.exe
        5⤵
        
        PID:316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52820.exe
        5⤵
        
        PID:3512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55010.exe
        5⤵
        
        PID:4112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25365.exe
        5⤵
        
        PID:4104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36860.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36860.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42004.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52274.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36694.exe
        7⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42659.exe
        7⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7010.exe
        7⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51440.exe
        7⤵
        
        PID:4784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16636.exe
        6⤵
        
        PID:1180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56203.exe
        6⤵
        
        PID:3448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62185.exe
        6⤵
        
        PID:3940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13501.exe
        6⤵
        
        PID:4980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18184.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46164.exe
        6⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39439.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36395.exe
        8⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44740.exe
        7⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12875.exe
        7⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11704.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10933.exe
        6⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36502.exe
        7⤵
        
        PID:5040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65061.exe
        6⤵
        
        PID:4008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63913.exe
        6⤵
        
        PID:3392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11704.exe
        6⤵
        
        PID:5780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14014.exe
        5⤵
        
        PID:2744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27082.exe
        6⤵
        
        PID:4088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58812.exe
        6⤵
        
        PID:4284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32829.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53595.exe
        5⤵
        
        PID:3312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53212.exe
        5⤵
        
        PID:4316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46896.exe
        5⤵
        
        PID:5096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19729.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33717.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42163.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44390.exe
        7⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25337.exe
        7⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57280.exe
        7⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38695.exe
        7⤵
        
        PID:4624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57498.exe
        6⤵
        
        PID:680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12176.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12875.exe
        6⤵
        
        PID:4216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42775.exe
        6⤵
        
        PID:4780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57466.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62011.exe
        6⤵
        
        PID:3368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65522.exe
        6⤵
        
        PID:4876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16109.exe
        6⤵
        
        PID:5028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31900.exe
        5⤵
        
        PID:2252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63681.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27289.exe
        5⤵
        
        PID:4884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60155.exe
        5⤵
        
        PID:6136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3576.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41530.exe
        5⤵
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57396.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44479.exe
        6⤵
        
        PID:4764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45575.exe
        6⤵
        
        PID:5036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55529.exe
        5⤵
        
        PID:3196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57816.exe
        5⤵
        
        PID:3152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28164.exe
        5⤵
        
        PID:4348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42775.exe
        5⤵
        
        PID:2280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-228.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-228.exe
      4⤵
      PID:2520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11878.exe
        5⤵
        
        PID:1800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65522.exe
        5⤵
        
        PID:3972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64618.exe
        5⤵
        
        PID:4472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39394.exe
        5⤵
        
        PID:5484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19469.exe
      4⤵
      PID:1744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48996.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48996.exe
      4⤵
      PID:3700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1850.exe
      4⤵
      PID:4584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36366.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36366.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43694.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43694.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6757.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6757.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2144.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22591.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6029.exe
        7⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38031.exe
        8⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10147.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64595.exe
        8⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18165.exe
        7⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23882.exe
        7⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20521.exe
        7⤵
        
        PID:4400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37777.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12281.exe
        7⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42475.exe
        7⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32829.exe
        7⤵
        
        PID:4552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41740.exe
        6⤵
        
        PID:3636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63681.exe
        6⤵
        
        PID:4016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27289.exe
        6⤵
        
        PID:4928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60347.exe
        6⤵
        
        PID:6052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7885.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54689.exe
        6⤵
        
        PID:3816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9528.exe
        6⤵
        
        PID:3724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45575.exe
        6⤵
        
        PID:4720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37766.exe
        5⤵
        
        PID:1240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11489.exe
        5⤵
        
        PID:4840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43305.exe
        5⤵
        
        PID:4740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13663.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13663.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46164.exe
        5⤵
        
        PID:2936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55059.exe
        6⤵
        
        PID:2348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26022.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56211.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25286.exe
        6⤵
        
        PID:5348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58074.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39758.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12875.exe
        5⤵
        
        PID:4200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30029.exe
        5⤵
        
        PID:4108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45899.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45899.exe
      4⤵
      PID:1220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12665.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43544.exe
        5⤵
        
        PID:4292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45575.exe
        5⤵
        
        PID:4812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38940.exe
      4⤵
      PID:3648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38480.exe
      4⤵
      PID:3128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22824.exe
      4⤵
      PID:4904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33481.exe
      4⤵
      PID:6080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34176.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34176.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14920.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14920.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41530.exe
        5⤵
        
        PID:1048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38031.exe
        6⤵
        
        PID:2032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49071.exe
        6⤵
        
        PID:3716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46945.exe
        6⤵
        
        PID:4396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18165.exe
        5⤵
        
        PID:1572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62806.exe
        5⤵
        
        PID:3080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53002.exe
        5⤵
        
        PID:4488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18871.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18871.exe
      4⤵
      PID:844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28263.exe
        5⤵
        
        PID:5108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61907.exe
        5⤵
        
        PID:5384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30994.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58361.exe
      4⤵
      PID:4048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27801.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27801.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11863.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11863.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12126.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38416.exe
        5⤵
        
        PID:2212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51266.exe
        5⤵
        
        PID:3720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14878.exe
        5⤵
        
        PID:4644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11704.exe
        5⤵
        
        PID:5680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16828.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16828.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57131.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57131.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55715.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55715.exe
      4⤵
      PID:4556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62503.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62503.exe
      4⤵
      PID:4948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2428.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2428.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49485.exe
      4⤵
      Executes dropped EXE
      PID:1652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38031.exe
        5⤵
        
        PID:1448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44081.exe
        5⤵
        
        PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22298.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51440.exe
        5⤵
        
        PID:5048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45265.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45265.exe
      4⤵
      PID:3092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54480.exe
      4⤵
      PID:4132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13494.exe
      4⤵
      PID:4692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56500.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56500.exe
    3⤵
    PID:1068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38031.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38031.exe
      4⤵
      PID:1628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44081.exe
      4⤵
      PID:3912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52490.exe
      4⤵
      PID:4868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59817.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59817.exe
      4⤵
      PID:6032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29631.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29631.exe
    3⤵
    PID:1608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34015.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34015.exe
    3⤵
    PID:3892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58699.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58699.exe
    3⤵
    PID:4260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20639.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20639.exe
    3⤵
    PID:4988
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39402.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39402.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64245.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64245.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39238.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39238.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2144.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22591.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29636.exe
        7⤵
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38031.exe
        8⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49071.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64595.exe
        8⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27432.exe
        7⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63681.exe
        7⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19498.exe
        7⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26239.exe
        7⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26298.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38031.exe
        7⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49071.exe
        7⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47137.exe
        7⤵
        
        PID:4468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31900.exe
        6⤵
        
        PID:628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3134.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44337.exe
        6⤵
        
        PID:3204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8597.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46164.exe
        6⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18622.exe
        7⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1881.exe
        7⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64595.exe
        7⤵
        
        PID:5456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28004.exe
        6⤵
        
        PID:3660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57816.exe
        6⤵
        
        PID:3136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28164.exe
        6⤵
        
        PID:4332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42775.exe
        6⤵
        
        PID:5072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40034.exe
        5⤵
        
        PID:2484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40183.exe
        6⤵
        
        PID:3948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44479.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45575.exe
        6⤵
        
        PID:1732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63941.exe
        5⤵
        
        PID:3600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21082.exe
        5⤵
        
        PID:3240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56460.exe
        5⤵
        
        PID:5476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14375.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60751.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16429.exe
        6⤵
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49801.exe
        7⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42584.exe
        7⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48974.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18165.exe
        6⤵
        
        PID:1600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4894.exe
        6⤵
        
        PID:4828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11704.exe
        6⤵
        
        PID:5772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19936.exe
        5⤵
        
        PID:1904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22644.exe
        6⤵
        
        PID:3680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1194.exe
        6⤵
        
        PID:4408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45575.exe
        6⤵
        
        PID:5124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36599.exe
        5⤵
        
        PID:3104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37944.exe
        5⤵
        
        PID:4236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30560.exe
        5⤵
        
        PID:4180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22825.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22825.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13792.exe
        5⤵
        
        PID:2160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32042.exe
        6⤵
        
        PID:3960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8563.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45575.exe
        6⤵
        
        PID:5148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56395.exe
        5⤵
        
        PID:3352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63145.exe
        5⤵
        
        PID:4184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42775.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6340.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6340.exe
      4⤵
      PID:2040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38031.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44081.exe
        5⤵
        
        PID:4028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22298.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51440.exe
        5⤵
        
        PID:3904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29100.exe
      4⤵
      PID:2300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38480.exe
      4⤵
      PID:3108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20028.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20028.exe
      4⤵
      PID:4364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21774.exe
      4⤵
      PID:5068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19372.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19372.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14920.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14920.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16429.exe
        5⤵
        
        PID:1920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38031.exe
        6⤵
        
        PID:2444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10147.exe
        6⤵
        
        PID:4020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22298.exe
        6⤵
        
        PID:4128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54455.exe
        6⤵
        
        PID:4860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18165.exe
        5⤵
        
        PID:1208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57816.exe
        5⤵
        
        PID:3124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52810.exe
        5⤵
        
        PID:3752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50584.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50584.exe
      4⤵
      PID:1532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38031.exe
        5⤵
        
        PID:3064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49071.exe
        5⤵
        
        PID:3676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64595.exe
        5⤵
        
        PID:5416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24632.exe
      4⤵
      PID:3456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38480.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22824.exe
      4⤵
      PID:4908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33481.exe
      4⤵
      PID:6068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61551.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61551.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38050.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38050.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14955.exe
        5⤵
        
        PID:1636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35995.exe
        6⤵
        
        PID:4892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35046.exe
        6⤵
        
        PID:4808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7216.exe
        5⤵
        
        PID:4056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8847.exe
        5⤵
        
        PID:3300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51440.exe
        5⤵
        
        PID:4456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16828.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16828.exe
      4⤵
      PID:2792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38031.exe
        5⤵
        
        PID:2336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44081.exe
        5⤵
        
        PID:3976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22298.exe
        5⤵
        
        PID:4264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51440.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33298.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33298.exe
      4⤵
      PID:3480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55016.exe
      4⤵
      PID:3188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27609.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27609.exe
      4⤵
      PID:4448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55574.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55574.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60248.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60248.exe
      4⤵
      PID:1664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44341.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27289.exe
      4⤵
      PID:4944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60347.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60347.exe
      4⤵
      PID:6040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62304.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62304.exe
    3⤵
    PID:2060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29114.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29114.exe
    3⤵
    PID:3868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5918.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5918.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1904.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1904.exe
    3⤵
    PID:5744
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8914.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8914.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23286.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23286.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12128.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38927.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36694.exe
        6⤵
        
        PID:2816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42659.exe
        6⤵
        
        PID:3376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24607.exe
        6⤵
        
        PID:4500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51440.exe
        6⤵
        
        PID:5132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65261.exe
        5⤵
        
        PID:640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6618.exe
        5⤵
        
        PID:3524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63145.exe
        5⤵
        
        PID:4144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11704.exe
        5⤵
        
        PID:5708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2725.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2725.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44155.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15793.exe
        5⤵
        
        PID:3644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55215.exe
        5⤵
        
        PID:4672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7239.exe
        5⤵
        
        PID:5724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20952.exe
      4⤵
      PID:2612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10771.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47605.exe
      4⤵
      PID:3584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11489.exe
      4⤵
      PID:4848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43305.exe
      4⤵
      PID:5104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57800.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57800.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22591.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22591.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30799.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51326.exe
        5⤵
        
        PID:3996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58048.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38695.exe
        5⤵
        
        PID:4616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10933.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10933.exe
      4⤵
      PID:2396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50605.exe
      4⤵
      PID:3216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4210.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4210.exe
      4⤵
      PID:4248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13494.exe
      4⤵
      PID:4700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6572.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6572.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63185.exe
      4⤵
      PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9281.exe
        5⤵
        
        PID:3228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14369.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64215.exe
        5⤵
        
        PID:5192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18165.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18165.exe
      4⤵
      PID:1704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62806.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62806.exe
      4⤵
      PID:2400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55930.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55930.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6340.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6340.exe
    3⤵
    PID:2888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38436.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38436.exe
      4⤵
      PID:3896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59990.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59990.exe
      4⤵
      PID:3692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32829.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32829.exe
      4⤵
      PID:4580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55276.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55276.exe
    3⤵
    PID:3576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43470.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43470.exe
    3⤵
    PID:1520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44867.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44867.exe
    3⤵
    PID:4432
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38973.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38973.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14920.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14920.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46164.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46164.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38031.exe
        5⤵
        
        PID:2600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49071.exe
        5⤵
        
        PID:2152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35089.exe
        5⤵
        
        PID:5896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18165.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18165.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4017.exe
      4⤵
      PID:4772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45790.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36569.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36569.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36395.exe
      4⤵
      PID:6028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45759.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45759.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36984.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36984.exe
    3⤵
    PID:3888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30560.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30560.exe
    3⤵
    PID:4272
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3198.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3198.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12126.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12126.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22086.exe
      4⤵
      PID:2308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58420.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58420.exe
      4⤵
      PID:3532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59819.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59819.exe
      4⤵
      PID:4600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62318.exe
      4⤵
      PID:4816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35193.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35193.exe
    3⤵
    PID:1964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57131.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57131.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55414.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55414.exe
    3⤵
    PID:4724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26239.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26239.exe
    3⤵
    PID:4760
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51430.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51430.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16429.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16429.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39415.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39415.exe
      4⤵
      PID:4044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34084.exe
      4⤵
      PID:4964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45575.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45575.exe
      4⤵
      PID:4124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45265.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45265.exe
    3⤵
    PID:3116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37266.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37266.exe
    3⤵
    PID:4308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26239.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26239.exe
    3⤵
    PID:5060
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33130.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33130.exe
  2⤵
  PID:1956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38031.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38031.exe
    3⤵
    PID:2168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49071.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49071.exe
    3⤵
    PID:3564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63857.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63857.exe
    3⤵
    PID:3884
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8100.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8100.exe
  2⤵
  PID:2428
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33670.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33670.exe
  2⤵
  PID:2512
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22201.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22201.exe
  2⤵
  PID:4412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-21645.exe

Filesize
468KB

MD5
3683bc761c9543ea32b4f8201b9a618c

SHA1
63cc2806637ab78a19c3271ad4a9f93d77b03690

SHA256
14073cd5d0b9bf16ce5308b5587a2bb182224560497062b5ffb85f0cfabf0820

SHA512
b5ef570ce2328821c25a73e64829a62ce8ce75a37aae7d92104a356cddac3c71b7f80ee29bafb347b38d7dc39e2f407969526b6b3e8e896a16fab09b1de33de2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34176.exe

Filesize
468KB

MD5
4e5e414d1a8929e8dbea1fca78685ef1

SHA1
e817ef77a0640ffd40f850d2cc58cd2a1bd8ee10

SHA256
475d898d6f085a6c63e2bf7657861636729a43eae6c7a6bf152583b858fab8fb

SHA512
f11f1ba42ea5f80d7353a9090e7cbacdb099b0b5161a876a9deba5ec1b78bdaafdaab0621985492b3f26686915acb07a597292b3aa6c27e417f405d7f1b6e7b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43694.exe

Filesize
468KB

MD5
4776b0bf18c2c4f73491e17ec3f8bf92

SHA1
53fa3ede78a5ae6d8088f39f3ca46f5c6573ab61

SHA256
a71a522bf277a1355e23a14d8b514f7a5c5d3fd99e8189b7c92f516a37e07ce7

SHA512
f376ae3df43b93ed6c500eb584eade69bd0db600eafd819c301e749ac5a72f7c1c1da7fbfbcf5016543edc710bfc62265c9bca42adb7368b506aa563ca374bf7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8914.exe

Filesize
468KB

MD5
2110f56c1abc28c09e68e793667ad150

SHA1
7e009ef5cded1703c835d5fb309293bf54c65011

SHA256
4b9cb3f8b5160a65a38e409ff4194cc899f6286e69f05334081a6f80e844021c

SHA512
e3a172caee50c9b584dd2ffb5b067c6f47d7901d53a073e49641a8c19dddf929c2a5dc3bb6d3eff20c11b85a086c4ecdac26616483e895eb9826cde89e665b4a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19372.exe

Filesize
468KB

MD5
0d9bed592fa00dc0a64d66df71240b44

SHA1
6f4fc0531c48fd1e3213431ce18c96e97eb95599

SHA256
1e5e445f69e408c170f84d62b81ac5e666d43ba2922394e02ff8d68a0e9c7f42

SHA512
14bb0469414f364a84446c1d65412c3dc6d3bce8c86ab730cc6edc52d9a0f8acd0322f9a3ef73b25ae1d40f1fc95eb3e842190e98c0344cbaa551be9c8c12bf5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19729.exe

Filesize
468KB

MD5
af704faa6d03e77e58906210633a502d

SHA1
1bd88f65243c3ee00386d07c98fee61009f7775b

SHA256
6cf815054cd0fdcba29e3292a2f80424cf8efa37f9e835bda39bace7193b1ccb

SHA512
d5cdc3401b6d8d6c8c3e110118d4f3145ea2d4700fa09fb76171d5e3423a8139db8418467d41eaec6bfc15cfcacb992a4b9606a834572e7f1f15803f11ff0fc6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20470.exe

Filesize
468KB

MD5
77e5d852684a2261e884c6855bc8c443

SHA1
7c14cce94fd17ee6df7ce21e269701e363854800

SHA256
cd12a83ce45fa4e7850f7ac8d32a232f70bc7396fd40a89cfd0223a114c4e8b4

SHA512
4984b27bd6e800c47260cc5436c1500e7f68afcef72e19790aa073041c14711383003bdb666f262e3050751b38832a9554f277b25a9fb88f847b8515daf3aa94

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23286.exe

Filesize
468KB

MD5
22656eae6527c6ab1a5e4348ef03f749

SHA1
2c943f8fec16b50cca964278c7e305575f6043c1

SHA256
5612dc10799e36da77069d71de297dbeeb3b57eb381da39fb264f60e55fc2425

SHA512
3ff5219f943a46d4bf62a623429e4e035904d83be5c87457f299284dd7d607225076103974641309b2915dcffdb02976a2f56885aeaed3d49a126a95149ed053

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25559.exe

Filesize
468KB

MD5
151c317dc30586ae32e656185256f689

SHA1
ce4ee7e4c6fc5f00216bf3904fb93a1481bb5917

SHA256
f74d5780b8b480b4058ba5d59dd60e0751c602fb11aa6bcfc9d48101afd95a37

SHA512
d48da74193e52f79a6870d7dd38c86e3bb85e01578c55293c7d215eddaced0e92b0356a4797bb488783592e2eefee1bce8c246a5b972ba5b82ae4e7711d5fb68

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26212.exe

Filesize
468KB

MD5
8ec0342768233323f826763408c6f3d9

SHA1
da87fa639308b31e4994954557e838e0a3fbb4e0

SHA256
24f44ddaa2ec8232f9e4c6949f1797c7f9d3826615e154c5aef5e9085ea8a069

SHA512
a1980620c3cfb78276d44f6ca1f607cf145e98468ebe69038aa77aea87f54565872dd45d2667ffba903c532e6f7a02815116f480c40c0af9958029f946769590

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36860.exe

Filesize
468KB

MD5
deed0c627ff7df2b8ba2010adaf1d08d

SHA1
4fc35f6edbc77c27ee856495a7de34033b972d3a

SHA256
bb63e9a8077bd46d8cde8afb4778e7410db21a59f0665f876e79ccd848d442b8

SHA512
24229f20a93404cea067d5750c55cb84b438b1b0258f6043bca4dd8ff7bfad22c2dc84d2c3621ac8811969002ab1339d2455aa00074725412b0134e9ccb1af84

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38973.exe

Filesize
468KB

MD5
6f0112f32899672985293fe7d9f5b129

SHA1
ca6d74d364134f550867cedcb67b60d48bad1c45

SHA256
49b50782126094ac5b6fbbd5ccdba046f2df811f93b183c3f5fe476ba60a8899

SHA512
39a4b3ed1380aa4aa6ca155a56180a50a013b605acfe1b332fd9a8dde256b21ba37e9c18352765adeb82d2e660f036ed2fc64b4f63edeb5316ce9d457c546b82

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39238.exe

Filesize
468KB

MD5
aec2ae5b40a002b4a326143a9641ab9e

SHA1
6f81fc1a07f340b4eb9aa613d253ae86f144d769

SHA256
47250ad44f9e1c18554c80b28f72e9175be6e925aa9d3082d34060f6dd63de70

SHA512
1fe71c5d72be5c0608de7825949dd969fc092ed5921fa42aba858a57fcb394e2e726763172183a94bfb251212b0350a79b44426562c9c31fae04a7f2c5fe7948

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39402.exe

Filesize
468KB

MD5
8a451b188e4987614d493887e8ff8422

SHA1
b21942860cbf63476384115c82095f277a0ab814

SHA256
c590801261e9b091b7a5b4cf5c17a95f136a10a576de7d981573a34314a520c0

SHA512
3d31caf099127ccfd01d0a264276cbcbd20b275a9f538dc9bfaafd6baeb668cb5e580910d0af6083a54b543446099b95ca10738a2d6ea6dcef9fa9a33f2196c1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42004.exe

Filesize
468KB

MD5
b10c8a47c401fbdb4e2ff9d94ff7291c

SHA1
056174c77bf34d3c48406b6a3e2502cf90574572

SHA256
bdf1563b2700c67724dc79551648adba7a3271fd2143b4d9968146e3aab848c9

SHA512
ee3e7a6446aa4ab71f27b227d569041525a5c1754c0dce935343388328fa8fbdcd3d61e46d9cdd38bbf89f1c2fe62dbde1b56f4d27a7389dc9d85890f47b3db5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47032.exe

Filesize
468KB

MD5
3873ffa5fd67d46fad9d7d118f169df2

SHA1
19b2c6ff8980a4c620acc413610534fc91a83b6e

SHA256
8d2d9cb8c075281f9cca4d257af0d1f58f1caadf8b1269c7f0ba842348f3473b

SHA512
25b2ba5d61097decec242e831142a4caec2fc43464df2884c4e4aa93b7ad1772528580235f54871987620e4d5a8c81d933f8902831743716858b41adab714e0a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49798.exe

Filesize
468KB

MD5
3aeab31d9ddaa9c34f4060e0c761d68d

SHA1
5a1a3920a2b729bba58c5a8ee8e8261d3578a898

SHA256
bc8867eed546248c5b4757f16c15c29321e284189c0d80120073b63e1d25ce38

SHA512
9619a594b4c075cd28dca70507455b970a2f215a313995675298b579870206165b88173d3c795acba6b1cd3a52ade0d42f8d6ddd8be2b8e99652c9256c3e1998

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64245.exe

Filesize
468KB

MD5
c079e01c0d011f41dc0edf4b1c3f0b32

SHA1
2e70c606972bee44aec215f0f2a908698e74bc16

SHA256
85af1da2d9f977cfb87ca284e934a03fcb117cfccd92efe31915fedcf37ee0e8

SHA512
10ad170971866e76f64e923dd0afdb0bab12a87eb819103c27ff36a1eea6370e255f352d99b024eb72f4cc1dea7bbd91aa4f22c27e4b73dcb70516fc20c0ab40

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6757.exe

Filesize
468KB

MD5
48ae755fbbd9b3b16604f49af0ad2915

SHA1
71317c68cbd6d351298f20a3f43380fcd8ac0446

SHA256
cd642af25d65e5474f48a93bc2ac380442380aa12d46600e698a79dabd6e0c92

SHA512
9b3a74134a22816736aa189f6bd47359917b216730cafafdd3c0a3f82b3f5a22cc259f1feae779f6a2e9b59e2774889984998263bf15d7444308b7aaecefca7a

Download Submit
memory/320-268-0x00000000028C0000-0x0000000002935000-memory.dmp

Filesize
468KB

Download
memory/320-270-0x00000000028C0000-0x0000000002935000-memory.dmp

Filesize
468KB

Download
memory/320-118-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/400-361-0x0000000002500000-0x0000000002575000-memory.dmp

Filesize
468KB

Download
memory/400-359-0x0000000002500000-0x0000000002575000-memory.dmp

Filesize
468KB

Download
memory/400-147-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/604-283-0x0000000002670000-0x00000000026E5000-memory.dmp

Filesize
468KB

Download
memory/604-285-0x0000000002670000-0x00000000026E5000-memory.dmp

Filesize
468KB

Download
memory/604-156-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/804-269-0x00000000026D0000-0x0000000002745000-memory.dmp

Filesize
468KB

Download
memory/804-143-0x00000000026D0000-0x0000000002745000-memory.dmp

Filesize
468KB

Download
memory/804-263-0x00000000026D0000-0x0000000002745000-memory.dmp

Filesize
468KB

Download
memory/804-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/804-10-0x00000000026D0000-0x0000000002745000-memory.dmp

Filesize
468KB

Download
memory/804-146-0x00000000026D0000-0x0000000002745000-memory.dmp

Filesize
468KB

Download
memory/940-233-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/940-354-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/940-352-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/956-266-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1028-336-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1400-396-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1408-297-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1424-324-0x0000000002670000-0x00000000026E5000-memory.dmp

Filesize
468KB

Download
memory/1424-335-0x0000000002670000-0x00000000026E5000-memory.dmp

Filesize
468KB

Download
memory/1424-95-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1424-191-0x0000000002670000-0x00000000026E5000-memory.dmp

Filesize
468KB

Download
memory/1424-197-0x0000000002670000-0x00000000026E5000-memory.dmp

Filesize
468KB

Download
memory/1508-106-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1508-415-0x00000000026C0000-0x0000000002735000-memory.dmp

Filesize
468KB

Download
memory/1508-413-0x00000000026C0000-0x0000000002735000-memory.dmp

Filesize
468KB

Download
memory/1508-232-0x00000000026C0000-0x0000000002735000-memory.dmp

Filesize
468KB

Download
memory/1508-230-0x00000000026C0000-0x0000000002735000-memory.dmp

Filesize
468KB

Download
memory/1512-272-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1540-401-0x0000000000630000-0x00000000006A5000-memory.dmp

Filesize
468KB

Download
memory/1540-231-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1540-400-0x0000000000630000-0x00000000006A5000-memory.dmp

Filesize
468KB

Download
memory/1592-199-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1592-319-0x00000000007D0000-0x0000000000845000-memory.dmp

Filesize
468KB

Download
memory/1592-318-0x00000000007D0000-0x0000000000845000-memory.dmp

Filesize
468KB

Download
memory/1656-338-0x0000000001DF0000-0x0000000001E65000-memory.dmp

Filesize
468KB

Download
memory/1656-337-0x0000000001DF0000-0x0000000001E65000-memory.dmp

Filesize
468KB

Download
memory/1656-210-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1820-267-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2004-160-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2004-357-0x0000000003470000-0x00000000034E5000-memory.dmp

Filesize
468KB

Download
memory/2068-271-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2276-414-0x0000000002890000-0x0000000002905000-memory.dmp

Filesize
468KB

Download
memory/2276-289-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2276-419-0x0000000002890000-0x0000000002905000-memory.dmp

Filesize
468KB

Download
memory/2332-288-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2372-391-0x0000000002270000-0x00000000022E5000-memory.dmp

Filesize
468KB

Download
memory/2372-171-0x0000000002070000-0x00000000020E5000-memory.dmp

Filesize
468KB

Download
memory/2372-393-0x0000000002070000-0x00000000020E5000-memory.dmp

Filesize
468KB

Download
memory/2372-158-0x0000000002070000-0x00000000020E5000-memory.dmp

Filesize
468KB

Download
memory/2380-296-0x0000000003310000-0x0000000003385000-memory.dmp

Filesize
468KB

Download
memory/2380-78-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2380-298-0x0000000003310000-0x0000000003385000-memory.dmp

Filesize
468KB

Download
memory/2380-148-0x0000000003310000-0x0000000003385000-memory.dmp

Filesize
468KB

Download
memory/2432-261-0x0000000001D50000-0x0000000001DC5000-memory.dmp

Filesize
468KB

Download
memory/2432-55-0x0000000002030000-0x00000000020A5000-memory.dmp

Filesize
468KB

Download
memory/2432-159-0x0000000001D50000-0x0000000001DC5000-memory.dmp

Filesize
468KB

Download
memory/2432-12-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2432-264-0x0000000001D50000-0x0000000001DC5000-memory.dmp

Filesize
468KB

Download
memory/2432-19-0x0000000002030000-0x00000000020A5000-memory.dmp

Filesize
468KB

Download
memory/2432-172-0x0000000001D50000-0x0000000001DC5000-memory.dmp

Filesize
468KB

Download
memory/2460-151-0x0000000002610000-0x0000000002685000-memory.dmp

Filesize
468KB

Download
memory/2460-287-0x0000000002610000-0x0000000002685000-memory.dmp

Filesize
468KB

Download
memory/2460-145-0x0000000002610000-0x0000000002685000-memory.dmp

Filesize
468KB

Download
memory/2460-284-0x0000000002610000-0x0000000002685000-memory.dmp

Filesize
468KB

Download
memory/2460-33-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2472-339-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2668-173-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2668-360-0x00000000031B0000-0x0000000003225000-memory.dmp

Filesize
468KB

Download
memory/2668-358-0x00000000031B0000-0x0000000003225000-memory.dmp

Filesize
468KB

Download
memory/2756-353-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2784-351-0x00000000028B0000-0x0000000002925000-memory.dmp

Filesize
468KB

Download
memory/2784-50-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2784-350-0x00000000028B0000-0x0000000002925000-memory.dmp

Filesize
468KB

Download
memory/2784-209-0x00000000026B0000-0x0000000002725000-memory.dmp

Filesize
468KB

Download
memory/2784-94-0x00000000026B0000-0x0000000002725000-memory.dmp

Filesize
468KB

Download
memory/2800-375-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2808-282-0x00000000031F0000-0x0000000003265000-memory.dmp

Filesize
468KB

Download
memory/2808-174-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2808-286-0x00000000031F0000-0x0000000003265000-memory.dmp

Filesize
468KB

Download
memory/2820-229-0x0000000002740000-0x00000000027B5000-memory.dmp

Filesize
468KB

Download
memory/2820-47-0x0000000002740000-0x00000000027B5000-memory.dmp

Filesize
468KB

Download
memory/2820-366-0x0000000002940000-0x00000000029B5000-memory.dmp

Filesize
468KB

Download
memory/2820-228-0x0000000002740000-0x00000000027B5000-memory.dmp

Filesize
468KB

Download
memory/2820-374-0x0000000002940000-0x00000000029B5000-memory.dmp

Filesize
468KB

Download
memory/2892-423-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2896-402-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2928-356-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2948-262-0x0000000002710000-0x0000000002785000-memory.dmp

Filesize
468KB

Download
memory/2948-76-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2948-265-0x0000000002710000-0x0000000002785000-memory.dmp

Filesize
468KB

Download
memory/2952-363-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download