cc66ef2b469ad5cb8363eca56883b21aad7e8aec58a1ce29483a2279de2881ad

Analysis

max time kernel
150s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
20/11/2024, 03:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cc66ef2b469ad5cb8363eca56883b21aad7e8aec58a1ce29483a2279de2881ad.exe
Size

468KB
MD5

b33752a5265fd8784da295b4a0c6dc65
SHA1

381a459779eb387f8f9199c6bad6144be68cbed1
SHA256

cc66ef2b469ad5cb8363eca56883b21aad7e8aec58a1ce29483a2279de2881ad
SHA512

97903451332d708259fc53c7d40e3513e1cdd9fdc84341c0a8ca5394002a97637c02c43c024ce2b73a4286ffb554afa8811c6a430ef7875f454c084fd2042eca
SSDEEP

3072:4bglogxaIU5EtbYdP1cfmbfD/n2zncIH9wmyeQVqiWlDkkhruxUlU:4bSoCcEtGP+fmbfrabyWlo8rux

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
652	Unicorn-39955.exe
2832	Unicorn-57926.exe
2332	Unicorn-21916.exe
828	Unicorn-60338.exe
2920	Unicorn-46603.exe
2752	Unicorn-1123.exe
2460	Unicorn-6089.exe
540	Unicorn-57859.exe
2672	Unicorn-62721.exe
2536	Unicorn-39560.exe
1760	Unicorn-62602.exe
2576	Unicorn-45690.exe
2604	Unicorn-25824.exe
2392	Unicorn-23929.exe
1648	Unicorn-35011.exe
2040	Unicorn-58905.exe
2640	Unicorn-5791.exe
1680	Unicorn-57016.exe
316	Unicorn-13576.exe
516	Unicorn-12330.exe
1796	Unicorn-44873.exe
940	Unicorn-64738.exe
2988	Unicorn-64089.exe
400	Unicorn-64354.exe
1532	Unicorn-30722.exe
592	Unicorn-43528.exe
2628	Unicorn-24264.exe
2652	Unicorn-52180.exe
928	Unicorn-13949.exe
1736	Unicorn-50343.exe
1808	Unicorn-36430.exe
944	Unicorn-56046.exe
1872	Unicorn-22414.exe
1720	Unicorn-15899.exe
1712	Unicorn-37716.exe
2976	Unicorn-2927.exe
2960	Unicorn-18880.exe
2072	Unicorn-20503.exe
2928	Unicorn-58672.exe
2924	Unicorn-58407.exe
2780	Unicorn-25040.exe
2720	Unicorn-47513.exe
2804	Unicorn-52817.exe
2544	Unicorn-43872.exe
1724	Unicorn-54842.exe
2408	Unicorn-41843.exe
1996	Unicorn-41843.exe
1352	Unicorn-46778.exe
2304	Unicorn-56378.exe
2552	Unicorn-26144.exe
2300	Unicorn-14188.exe
2416	Unicorn-15449.exe
852	Unicorn-50068.exe
844	Unicorn-46699.exe
2144	Unicorn-52445.exe
2908	Unicorn-33644.exe
2364	Unicorn-28661.exe
2208	Unicorn-25100.exe
1528	Unicorn-17391.exe
2152	Unicorn-64982.exe
1980	Unicorn-5221.exe
1676	Unicorn-3606.exe
2024	Unicorn-57240.exe
1964	Unicorn-21697.exe

Loads dropped DLL 64 IoCs

pid	Process
1820	cc66ef2b469ad5cb8363eca56883b21aad7e8aec58a1ce29483a2279de2881ad.exe
1820	cc66ef2b469ad5cb8363eca56883b21aad7e8aec58a1ce29483a2279de2881ad.exe
652	Unicorn-39955.exe
652	Unicorn-39955.exe
1820	cc66ef2b469ad5cb8363eca56883b21aad7e8aec58a1ce29483a2279de2881ad.exe
1820	cc66ef2b469ad5cb8363eca56883b21aad7e8aec58a1ce29483a2279de2881ad.exe
2832	Unicorn-57926.exe
2832	Unicorn-57926.exe
1820	cc66ef2b469ad5cb8363eca56883b21aad7e8aec58a1ce29483a2279de2881ad.exe
652	Unicorn-39955.exe
652	Unicorn-39955.exe
1820	cc66ef2b469ad5cb8363eca56883b21aad7e8aec58a1ce29483a2279de2881ad.exe
2332	Unicorn-21916.exe
2332	Unicorn-21916.exe
828	Unicorn-60338.exe
828	Unicorn-60338.exe
1820	cc66ef2b469ad5cb8363eca56883b21aad7e8aec58a1ce29483a2279de2881ad.exe
1820	cc66ef2b469ad5cb8363eca56883b21aad7e8aec58a1ce29483a2279de2881ad.exe
2920	Unicorn-46603.exe
652	Unicorn-39955.exe
2752	Unicorn-1123.exe
652	Unicorn-39955.exe
2920	Unicorn-46603.exe
2832	Unicorn-57926.exe
2752	Unicorn-1123.exe
2832	Unicorn-57926.exe
2460	Unicorn-6089.exe
2460	Unicorn-6089.exe
2332	Unicorn-21916.exe
2332	Unicorn-21916.exe
540	Unicorn-57859.exe
540	Unicorn-57859.exe
828	Unicorn-60338.exe
828	Unicorn-60338.exe
2672	Unicorn-62721.exe
2672	Unicorn-62721.exe
1820	cc66ef2b469ad5cb8363eca56883b21aad7e8aec58a1ce29483a2279de2881ad.exe
1820	cc66ef2b469ad5cb8363eca56883b21aad7e8aec58a1ce29483a2279de2881ad.exe
1760	Unicorn-62602.exe
1760	Unicorn-62602.exe
2920	Unicorn-46603.exe
2536	Unicorn-39560.exe
2920	Unicorn-46603.exe
2536	Unicorn-39560.exe
652	Unicorn-39955.exe
2576	Unicorn-45690.exe
652	Unicorn-39955.exe
2576	Unicorn-45690.exe
2604	Unicorn-25824.exe
2604	Unicorn-25824.exe
2752	Unicorn-1123.exe
2752	Unicorn-1123.exe
2832	Unicorn-57926.exe
2832	Unicorn-57926.exe
2392	Unicorn-23929.exe
2392	Unicorn-23929.exe
2460	Unicorn-6089.exe
2460	Unicorn-6089.exe
1648	Unicorn-35011.exe
1648	Unicorn-35011.exe
2332	Unicorn-21916.exe
2332	Unicorn-21916.exe
2640	Unicorn-5791.exe
2640	Unicorn-5791.exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35154.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6381.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40735.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29595.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8684.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35981.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45986.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47892.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42361.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4169.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64838.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16429.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15938.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10740.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59036.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42675.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48117.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64947.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9104.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16474.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5130.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35968.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36289.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50343.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25362.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22537.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14394.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2157.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63052.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8691.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41843.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26656.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20138.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33167.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53401.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48147.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54526.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42361.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5167.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60805.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20138.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15449.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14133.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13133.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3051.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25824.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64738.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61829.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46957.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15637.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5308.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58861.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48094.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57926.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44873.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8268.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45693.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12722.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53661.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37716.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31778.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11796.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63160.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48147.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1820	cc66ef2b469ad5cb8363eca56883b21aad7e8aec58a1ce29483a2279de2881ad.exe
652	Unicorn-39955.exe
2332	Unicorn-21916.exe
2832	Unicorn-57926.exe
828	Unicorn-60338.exe
2920	Unicorn-46603.exe
2752	Unicorn-1123.exe
2460	Unicorn-6089.exe
540	Unicorn-57859.exe
2672	Unicorn-62721.exe
2536	Unicorn-39560.exe
2604	Unicorn-25824.exe
1760	Unicorn-62602.exe
2576	Unicorn-45690.exe
2392	Unicorn-23929.exe
1648	Unicorn-35011.exe
2640	Unicorn-5791.exe
2040	Unicorn-58905.exe
1680	Unicorn-57016.exe
316	Unicorn-13576.exe
1796	Unicorn-44873.exe
516	Unicorn-12330.exe
2988	Unicorn-64089.exe
940	Unicorn-64738.exe
400	Unicorn-64354.exe
1532	Unicorn-30722.exe
592	Unicorn-43528.exe
2628	Unicorn-24264.exe
2652	Unicorn-52180.exe
928	Unicorn-13949.exe
1808	Unicorn-36430.exe
1736	Unicorn-50343.exe
944	Unicorn-56046.exe
1872	Unicorn-22414.exe
1712	Unicorn-37716.exe
2976	Unicorn-2927.exe
2960	Unicorn-18880.exe
2072	Unicorn-20503.exe
2924	Unicorn-58407.exe
2928	Unicorn-58672.exe
2780	Unicorn-25040.exe
2720	Unicorn-47513.exe
2804	Unicorn-52817.exe
2544	Unicorn-43872.exe
1724	Unicorn-54842.exe
2408	Unicorn-41843.exe
1996	Unicorn-41843.exe
2304	Unicorn-56378.exe
2552	Unicorn-26144.exe
1352	Unicorn-46778.exe
2300	Unicorn-14188.exe
2416	Unicorn-15449.exe
2144	Unicorn-52445.exe
844	Unicorn-46699.exe
852	Unicorn-50068.exe
2908	Unicorn-33644.exe
2364	Unicorn-28661.exe
2152	Unicorn-64982.exe
1528	Unicorn-17391.exe
2208	Unicorn-25100.exe
1980	Unicorn-5221.exe
2024	Unicorn-57240.exe
1676	Unicorn-3606.exe
1964	Unicorn-21697.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1820 wrote to memory of 652	1820	cc66ef2b469ad5cb8363eca56883b21aad7e8aec58a1ce29483a2279de2881ad.exe	29
PID 1820 wrote to memory of 652	1820	cc66ef2b469ad5cb8363eca56883b21aad7e8aec58a1ce29483a2279de2881ad.exe	29
PID 1820 wrote to memory of 652	1820	cc66ef2b469ad5cb8363eca56883b21aad7e8aec58a1ce29483a2279de2881ad.exe	29
PID 1820 wrote to memory of 652	1820	cc66ef2b469ad5cb8363eca56883b21aad7e8aec58a1ce29483a2279de2881ad.exe	29
PID 652 wrote to memory of 2832	652	Unicorn-39955.exe	30
PID 652 wrote to memory of 2832	652	Unicorn-39955.exe	30
PID 652 wrote to memory of 2832	652	Unicorn-39955.exe	30
PID 652 wrote to memory of 2832	652	Unicorn-39955.exe	30
PID 1820 wrote to memory of 2332	1820	cc66ef2b469ad5cb8363eca56883b21aad7e8aec58a1ce29483a2279de2881ad.exe	31
PID 1820 wrote to memory of 2332	1820	cc66ef2b469ad5cb8363eca56883b21aad7e8aec58a1ce29483a2279de2881ad.exe	31
PID 1820 wrote to memory of 2332	1820	cc66ef2b469ad5cb8363eca56883b21aad7e8aec58a1ce29483a2279de2881ad.exe	31
PID 1820 wrote to memory of 2332	1820	cc66ef2b469ad5cb8363eca56883b21aad7e8aec58a1ce29483a2279de2881ad.exe	31
PID 652 wrote to memory of 2920	652	Unicorn-39955.exe	34
PID 652 wrote to memory of 2920	652	Unicorn-39955.exe	34
PID 652 wrote to memory of 2920	652	Unicorn-39955.exe	34
PID 652 wrote to memory of 2920	652	Unicorn-39955.exe	34
PID 1820 wrote to memory of 828	1820	cc66ef2b469ad5cb8363eca56883b21aad7e8aec58a1ce29483a2279de2881ad.exe	33
PID 1820 wrote to memory of 828	1820	cc66ef2b469ad5cb8363eca56883b21aad7e8aec58a1ce29483a2279de2881ad.exe	33
PID 1820 wrote to memory of 828	1820	cc66ef2b469ad5cb8363eca56883b21aad7e8aec58a1ce29483a2279de2881ad.exe	33
PID 1820 wrote to memory of 828	1820	cc66ef2b469ad5cb8363eca56883b21aad7e8aec58a1ce29483a2279de2881ad.exe	33
PID 2832 wrote to memory of 2752	2832	Unicorn-57926.exe	32
PID 2832 wrote to memory of 2752	2832	Unicorn-57926.exe	32
PID 2832 wrote to memory of 2752	2832	Unicorn-57926.exe	32
PID 2832 wrote to memory of 2752	2832	Unicorn-57926.exe	32
PID 2332 wrote to memory of 2460	2332	Unicorn-21916.exe	35
PID 2332 wrote to memory of 2460	2332	Unicorn-21916.exe	35
PID 2332 wrote to memory of 2460	2332	Unicorn-21916.exe	35
PID 2332 wrote to memory of 2460	2332	Unicorn-21916.exe	35
PID 828 wrote to memory of 540	828	Unicorn-60338.exe	36
PID 828 wrote to memory of 540	828	Unicorn-60338.exe	36
PID 828 wrote to memory of 540	828	Unicorn-60338.exe	36
PID 828 wrote to memory of 540	828	Unicorn-60338.exe	36
PID 1820 wrote to memory of 2672	1820	cc66ef2b469ad5cb8363eca56883b21aad7e8aec58a1ce29483a2279de2881ad.exe	37
PID 1820 wrote to memory of 2672	1820	cc66ef2b469ad5cb8363eca56883b21aad7e8aec58a1ce29483a2279de2881ad.exe	37
PID 1820 wrote to memory of 2672	1820	cc66ef2b469ad5cb8363eca56883b21aad7e8aec58a1ce29483a2279de2881ad.exe	37
PID 1820 wrote to memory of 2672	1820	cc66ef2b469ad5cb8363eca56883b21aad7e8aec58a1ce29483a2279de2881ad.exe	37
PID 652 wrote to memory of 2536	652	Unicorn-39955.exe	39
PID 652 wrote to memory of 2536	652	Unicorn-39955.exe	39
PID 652 wrote to memory of 2536	652	Unicorn-39955.exe	39
PID 652 wrote to memory of 2536	652	Unicorn-39955.exe	39
PID 2920 wrote to memory of 1760	2920	Unicorn-46603.exe	38
PID 2920 wrote to memory of 1760	2920	Unicorn-46603.exe	38
PID 2920 wrote to memory of 1760	2920	Unicorn-46603.exe	38
PID 2920 wrote to memory of 1760	2920	Unicorn-46603.exe	38
PID 2752 wrote to memory of 2576	2752	Unicorn-1123.exe	40
PID 2752 wrote to memory of 2576	2752	Unicorn-1123.exe	40
PID 2752 wrote to memory of 2576	2752	Unicorn-1123.exe	40
PID 2752 wrote to memory of 2576	2752	Unicorn-1123.exe	40
PID 2832 wrote to memory of 2604	2832	Unicorn-57926.exe	41
PID 2832 wrote to memory of 2604	2832	Unicorn-57926.exe	41
PID 2832 wrote to memory of 2604	2832	Unicorn-57926.exe	41
PID 2832 wrote to memory of 2604	2832	Unicorn-57926.exe	41
PID 2460 wrote to memory of 2392	2460	Unicorn-6089.exe	42
PID 2460 wrote to memory of 2392	2460	Unicorn-6089.exe	42
PID 2460 wrote to memory of 2392	2460	Unicorn-6089.exe	42
PID 2460 wrote to memory of 2392	2460	Unicorn-6089.exe	42
PID 2332 wrote to memory of 1648	2332	Unicorn-21916.exe	43
PID 2332 wrote to memory of 1648	2332	Unicorn-21916.exe	43
PID 2332 wrote to memory of 1648	2332	Unicorn-21916.exe	43
PID 2332 wrote to memory of 1648	2332	Unicorn-21916.exe	43
PID 540 wrote to memory of 2040	540	Unicorn-57859.exe	44
PID 540 wrote to memory of 2040	540	Unicorn-57859.exe	44
PID 540 wrote to memory of 2040	540	Unicorn-57859.exe	44
PID 540 wrote to memory of 2040	540	Unicorn-57859.exe	44

C:\Users\Admin\AppData\Local\Temp\cc66ef2b469ad5cb8363eca56883b21aad7e8aec58a1ce29483a2279de2881ad.exe
"C:\Users\Admin\AppData\Local\Temp\cc66ef2b469ad5cb8363eca56883b21aad7e8aec58a1ce29483a2279de2881ad.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1820
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39955.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39955.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57926.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57926.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1123.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1123.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45690.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64354.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2927.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3486.exe
        8⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28439.exe
        8⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2363.exe
        8⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42693.exe
        8⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57693.exe
        8⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26276.exe
        8⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36796.exe
        7⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34305.exe
        7⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10034.exe
        7⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26157.exe
        7⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50949.exe
        7⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33426.exe
        7⤵
        
        PID:5536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20503.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15994.exe
        7⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24782.exe
        7⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13327.exe
        7⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2157.exe
        7⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8691.exe
        7⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25738.exe
        7⤵
        
        PID:5808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34003.exe
        6⤵
        
        PID:2480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20199.exe
        6⤵
        
        PID:2512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54678.exe
        6⤵
        
        PID:3360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37798.exe
        6⤵
        
        PID:3820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46223.exe
        6⤵
        
        PID:4608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20830.exe
        6⤵
        
        PID:4420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47619.exe
        6⤵
        
        PID:5428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43528.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25040.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20465.exe
        7⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43742.exe
        7⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57326.exe
        7⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54358.exe
        7⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57290.exe
        7⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9210.exe
        7⤵
        
        PID:5904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40735.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63032.exe
        6⤵
        
        PID:2508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3213.exe
        6⤵
        
        PID:3436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29349.exe
        6⤵
        
        PID:4764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48147.exe
        6⤵
        
        PID:5300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52817.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51644.exe
        6⤵
        
        PID:2336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-599.exe
        6⤵
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26624.exe
        6⤵
        
        PID:3712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45986.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57820.exe
        6⤵
        
        PID:4216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4745.exe
        6⤵
        
        PID:5752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51379.exe
        5⤵
        
        PID:2084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59732.exe
        5⤵
        
        PID:1340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10564.exe
        5⤵
        
        PID:3252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38028.exe
        5⤵
        
        PID:3396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64421.exe
        5⤵
        
        PID:3284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20138.exe
        5⤵
        
        PID:5800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25824.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30722.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43872.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9874.exe
        7⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37713.exe
        7⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6110.exe
        7⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39534.exe
        7⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50707.exe
        7⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48147.exe
        7⤵
        
        PID:5308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26656.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14334.exe
        6⤵
        
        PID:2980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63343.exe
        6⤵
        
        PID:3316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54526.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29157.exe
        6⤵
        
        PID:4696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48147.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31781.exe
        6⤵
        
        PID:5176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54842.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20465.exe
        6⤵
        
        PID:2136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12652.exe
        6⤵
        
        PID:3688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51358.exe
        6⤵
        
        PID:2020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8691.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9210.exe
        6⤵
        
        PID:5832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26868.exe
        5⤵
        
        PID:1084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14133.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10034.exe
        5⤵
        
        PID:1008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26157.exe
        5⤵
        
        PID:2588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50949.exe
        5⤵
        
        PID:1348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24264.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24264.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18880.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62620.exe
        6⤵
        
        PID:1984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29691.exe
        6⤵
        
        PID:3572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5167.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2157.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40295.exe
        6⤵
        
        PID:4532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8808.exe
        6⤵
        
        PID:5876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20268.exe
        5⤵
        
        PID:1564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39974.exe
        6⤵
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16474.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14596.exe
        6⤵
        
        PID:3824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2339.exe
        6⤵
        
        PID:4340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41831.exe
        6⤵
        
        PID:4408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42567.exe
        6⤵
        
        PID:6116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58548.exe
        5⤵
        
        PID:2280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6007.exe
        5⤵
        
        PID:3960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60805.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58436.exe
        5⤵
        
        PID:4460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48147.exe
        5⤵
        
        PID:5292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58407.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52260.exe
        5⤵
        
        PID:2680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61661.exe
        5⤵
        
        PID:3800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2157.exe
        5⤵
        
        PID:3916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23958.exe
        5⤵
        
        PID:5068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9210.exe
        5⤵
        
        PID:5840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46326.exe
      4⤵
      PID:1480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43696.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43696.exe
      4⤵
      PID:2916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10564.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10564.exe
      4⤵
      PID:3096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38028.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38028.exe
      4⤵
      PID:1408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63160.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63160.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20138.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20138.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46603.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46603.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62602.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62602.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12330.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46778.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22537.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3609.exe
        7⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29564.exe
        7⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2157.exe
        7⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25219.exe
        7⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25738.exe
        7⤵
        
        PID:5936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58224.exe
        6⤵
        
        PID:2244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42254.exe
        6⤵
        
        PID:3040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60640.exe
        6⤵
        
        PID:3940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15618.exe
        6⤵
        
        PID:5100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42361.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12778.exe
        6⤵
        
        PID:5796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26144.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10096.exe
        6⤵
        
        PID:1044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12907.exe
        6⤵
        
        PID:3564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61829.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17356.exe
        6⤵
        
        PID:4476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42274.exe
        6⤵
        
        PID:5768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26868.exe
        5⤵
        
        PID:2396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62758.exe
        5⤵
        
        PID:1224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10034.exe
        5⤵
        
        PID:1492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42493.exe
        5⤵
        
        PID:1364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9221.exe
        5⤵
        
        PID:4508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53945.exe
        5⤵
        
        PID:6012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44873.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44873.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14188.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57240.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31778.exe
        7⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14334.exe
        7⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17958.exe
        7⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26157.exe
        7⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56912.exe
        7⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37116.exe
        7⤵
        
        PID:6072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6153.exe
        6⤵
        
        PID:2968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19043.exe
        6⤵
        
        PID:1788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5130.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60805.exe
        6⤵
        
        PID:4044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58436.exe
        6⤵
        
        PID:4468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48147.exe
        6⤵
        
        PID:5364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15637.exe
        6⤵
        
        PID:5272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21697.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42536.exe
        5⤵
        
        PID:2352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36475.exe
        5⤵
        
        PID:4080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44269.exe
        5⤵
        
        PID:3948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58672.exe
        5⤵
        
        PID:4292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42812.exe
        5⤵
        
        PID:5260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35981.exe
        5⤵
        
        PID:5976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46699.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46699.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13133.exe
        5⤵
        
        PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56893.exe
        5⤵
        
        PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15002.exe
        5⤵
        
        PID:3452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7048.exe
        5⤵
        
        PID:4236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20830.exe
        5⤵
        
        PID:4312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49461.exe
        5⤵
        
        PID:5504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17061.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17061.exe
      4⤵
      PID:1036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18581.exe
        5⤵
        
        PID:3500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48094.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26758.exe
        5⤵
        
        PID:4132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18074.exe
        5⤵
        
        PID:5980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43330.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43330.exe
      4⤵
      PID:2992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38142.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38142.exe
      4⤵
      PID:3408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54864.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54864.exe
      4⤵
      PID:3828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24692.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24692.exe
      4⤵
      PID:4644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15495.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15495.exe
      4⤵
      PID:4288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53661.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39560.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39560.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64738.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64738.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41843.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30552.exe
        6⤵
        
        PID:3244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43398.exe
        6⤵
        
        PID:3432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48685.exe
        6⤵
        
        PID:4736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50496.exe
        6⤵
        
        PID:4504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25169.exe
        6⤵
        
        PID:4632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14394.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62648.exe
        5⤵
        
        PID:1864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34844.exe
        5⤵
        
        PID:3140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15234.exe
        5⤵
        
        PID:3560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42361.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54796.exe
        5⤵
        
        PID:5452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62315.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62315.exe
      4⤵
      PID:1600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22308.exe
        5⤵
        
        PID:3852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49102.exe
        5⤵
        
        PID:3280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28762.exe
        5⤵
        
        PID:4452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50496.exe
        5⤵
        
        PID:4388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9409.exe
        5⤵
        
        PID:6000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42232.exe
      4⤵
      PID:2196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19182.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19182.exe
      4⤵
      PID:3400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60450.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60450.exe
      4⤵
      PID:3468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21692.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21692.exe
      4⤵
      PID:2556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47892.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20138.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20138.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64089.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64089.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8122.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8122.exe
      4⤵
      PID:1552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20465.exe
        5⤵
        
        PID:2376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39534.exe
        5⤵
        
        PID:3652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29349.exe
        5⤵
        
        PID:4776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48147.exe
        5⤵
        
        PID:5340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64353.exe
      4⤵
      PID:1056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38518.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38518.exe
      4⤵
      PID:3372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11032.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11032.exe
      4⤵
      PID:3604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15618.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15618.exe
      4⤵
      PID:5108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42361.exe
      4⤵
      PID:4128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13572.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13572.exe
      4⤵
      PID:5776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25362.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25362.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25696.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25696.exe
    3⤵
    PID:1696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36248.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36248.exe
    3⤵
    PID:3420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39804.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39804.exe
    3⤵
    PID:3968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48635.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48635.exe
    3⤵
    PID:4488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35154.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35154.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41411.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41411.exe
    3⤵
    PID:5948
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21916.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21916.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6089.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6089.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23929.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23929.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52180.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15449.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46522.exe
        7⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32394.exe
        7⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1989.exe
        7⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59029.exe
        7⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8684.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42804.exe
        7⤵
        
        PID:5864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31778.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46130.exe
        6⤵
        
        PID:2344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58861.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42493.exe
        6⤵
        
        PID:3524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50949.exe
        6⤵
        
        PID:4280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64838.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50068.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36679.exe
        6⤵
        
        PID:3600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5354.exe
        6⤵
        
        PID:4152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53956.exe
        6⤵
        
        PID:4372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34411.exe
        6⤵
        
        PID:5896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26868.exe
        5⤵
        
        PID:2592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22178.exe
        5⤵
        
        PID:3484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43885.exe
        5⤵
        
        PID:4000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43405.exe
        5⤵
        
        PID:4304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20830.exe
        5⤵
        
        PID:4284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15938.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13949.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13949.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5221.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13133.exe
        6⤵
        
        PID:2788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44383.exe
        6⤵
        
        PID:3380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60805.exe
        6⤵
        
        PID:4052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26339.exe
        6⤵
        
        PID:4272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48147.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19308.exe
        5⤵
        
        PID:1920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54623.exe
        6⤵
        
        PID:4788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12722.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13060.exe
        6⤵
        
        PID:2580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19395.exe
        5⤵
        
        PID:1740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10034.exe
        5⤵
        
        PID:2180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
        5⤵
        
        PID:5012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36289.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64947.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3606.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2910.exe
        5⤵
        
        PID:2644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32394.exe
        5⤵
        
        PID:2996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57478.exe
        5⤵
        
        PID:3340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62999.exe
        5⤵
        
        PID:3764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45693.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25295.exe
        5⤵
        
        PID:4228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25700.exe
        5⤵
        
        PID:4300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22271.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22271.exe
      4⤵
      PID:1792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11534.exe
      4⤵
      PID:2012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10382.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10382.exe
      4⤵
      PID:3680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36186.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36186.exe
      4⤵
      PID:4944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35154.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35154.exe
      4⤵
      PID:4580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41411.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41411.exe
      4⤵
      PID:5912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35011.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35011.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50343.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52445.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29657.exe
        6⤵
        
        PID:1516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49297.exe
        6⤵
        
        PID:2008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28978.exe
        6⤵
        
        PID:4076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62522.exe
        6⤵
        
        PID:4960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40754.exe
        6⤵
        
        PID:4160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26276.exe
        6⤵
        
        PID:5720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13133.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26091.exe
        6⤵
        
        PID:3260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41177.exe
        6⤵
        
        PID:3920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48493.exe
        6⤵
        
        PID:4672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50496.exe
        6⤵
        
        PID:4540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59103.exe
        6⤵
        
        PID:6100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46111.exe
        5⤵
        
        PID:3504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22998.exe
        5⤵
        
        PID:3760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46223.exe
        5⤵
        
        PID:4616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20830.exe
        5⤵
        
        PID:4564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64947.exe
        5⤵
        
        PID:5956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28661.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21909.exe
        5⤵
        
        PID:3196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46957.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28545.exe
        5⤵
        
        PID:5928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26868.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26868.exe
      4⤵
      PID:1332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14133.exe
      4⤵
      PID:2876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59235.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59235.exe
      4⤵
      PID:3092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42493.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42493.exe
      4⤵
      PID:3428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50949.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50949.exe
      4⤵
      PID:4196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48117.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36430.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36430.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52252.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52252.exe
      4⤵
      PID:1804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37745.exe
      4⤵
      PID:3124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53401.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53401.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61254.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61254.exe
      4⤵
      PID:4936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48147.exe
      4⤵
      PID:5284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15637.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15637.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41645.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41645.exe
    3⤵
    PID:3068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60536.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60536.exe
    3⤵
    PID:3000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55208.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55208.exe
    3⤵
    PID:3368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33525.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33525.exe
    3⤵
    PID:1656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39943.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39943.exe
    3⤵
    PID:4112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35154.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35154.exe
    3⤵
    PID:4584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41411.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41411.exe
    3⤵
    PID:5856
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60338.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60338.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57859.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57859.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58905.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22414.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17391.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29595.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64094.exe
        7⤵
        
        PID:5196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13133.exe
        6⤵
        
        PID:2736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7692.exe
        6⤵
        
        PID:3084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35968.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62214.exe
        6⤵
        
        PID:4592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48147.exe
        6⤵
        
        PID:5316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64982.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26019.exe
        6⤵
        
        PID:2748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5308.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64802.exe
        6⤵
        
        PID:3888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39534.exe
        6⤵
        
        PID:3672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29157.exe
        6⤵
        
        PID:4720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42361.exe
        6⤵
        
        PID:4188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38102.exe
        6⤵
        
        PID:6088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21808.exe
        5⤵
        
        PID:2224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23682.exe
        5⤵
        
        PID:1304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36475.exe
        5⤵
        
        PID:4068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60798.exe
        5⤵
        
        PID:3996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26493.exe
        5⤵
        
        PID:4444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20830.exe
        5⤵
        
        PID:4328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64947.exe
        5⤵
        
        PID:5760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37716.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37716.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33644.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26059.exe
        6⤵
        
        PID:304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10740.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48199.exe
        6⤵
        
        PID:3752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33641.exe
        6⤵
        
        PID:5088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4141.exe
        6⤵
        
        PID:5248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13133.exe
        5⤵
        
        PID:2704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8268.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18699.exe
        5⤵
        
        PID:3312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45986.exe
        5⤵
        
        PID:4980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14435.exe
        5⤵
        
        PID:5552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25100.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16885.exe
        5⤵
        
        PID:3584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49102.exe
        5⤵
        
        PID:3296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45858.exe
        5⤵
        
        PID:4520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41831.exe
        5⤵
        
        PID:4512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59262.exe
        5⤵
        
        PID:5516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32734.exe
      4⤵
      PID:2728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54093.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54093.exe
      4⤵
      PID:3032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59036.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59559.exe
      4⤵
      PID:3716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2958.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2958.exe
      4⤵
      PID:3884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15938.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15938.exe
      4⤵
      PID:5668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5791.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5791.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56046.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56046.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41374.exe
        5⤵
        
        PID:792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14898.exe
        5⤵
        
        PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33167.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20461.exe
        5⤵
        
        PID:1360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42875.exe
        5⤵
        
        PID:4352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4141.exe
        5⤵
        
        PID:5240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
        5⤵
        
        PID:4268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37460.exe
      4⤵
      PID:2880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13916.exe
      4⤵
      PID:2424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39033.exe
      4⤵
      PID:3704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64740.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64740.exe
      4⤵
      PID:3516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51054.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51054.exe
      4⤵
      PID:4220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30954.exe
      4⤵
      PID:4164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3610.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3610.exe
      4⤵
      PID:5848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15899.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15899.exe
    3⤵
    - Executes dropped EXE
    PID:1720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49297.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49297.exe
      4⤵
      PID:1508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39670.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39670.exe
      4⤵
      PID:3304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35529.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35529.exe
      4⤵
      PID:3456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15618.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15618.exe
      4⤵
      PID:5092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48147.exe
      4⤵
      PID:5324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50310.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50310.exe
    3⤵
    PID:2724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34420.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34420.exe
      4⤵
      PID:3784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32765.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32765.exe
      4⤵
      PID:3292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12234.exe
      4⤵
      PID:4480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3611.exe
      4⤵
      PID:5232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43226.exe
      4⤵
      PID:5584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9104.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9104.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10564.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10564.exe
    3⤵
    PID:3272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28041.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28041.exe
    3⤵
    PID:5080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19277.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19277.exe
    3⤵
    PID:5224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6381.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6381.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5592
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62721.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62721.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57016.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57016.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41843.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20465.exe
        5⤵
        
        PID:2668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19885.exe
        5⤵
        
        PID:3980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9626.exe
        5⤵
        
        PID:4436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4141.exe
        5⤵
        
        PID:5216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37116.exe
        5⤵
        
        PID:5968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13133.exe
      4⤵
      PID:1132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47180.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47180.exe
      4⤵
      PID:3528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11796.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11796.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42675.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42675.exe
      4⤵
      PID:4320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42361.exe
      4⤵
      PID:4732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4169.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56378.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56378.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3051.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3051.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53065.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53065.exe
      4⤵
      PID:3656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48199.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48199.exe
      4⤵
      PID:3792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13212.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13212.exe
      4⤵
      PID:4600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18893.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18893.exe
      4⤵
      PID:5544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26868.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26868.exe
    3⤵
    PID:2284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62950.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62950.exe
    3⤵
    PID:3104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10034.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10034.exe
    3⤵
    PID:3956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63052.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63052.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42812.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42812.exe
    3⤵
    PID:5276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35981.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35981.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6052
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13576.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13576.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58672.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58672.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36213.exe
      4⤵
      PID:1512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49666.exe
        5⤵
        
        PID:3624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16429.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59588.exe
        5⤵
        
        PID:4332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-418.exe
        5⤵
        
        PID:2564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9217.exe
        5⤵
        
        PID:5644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31296.exe
      4⤵
      PID:1868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45141.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45141.exe
      4⤵
      PID:4056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60805.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60805.exe
      4⤵
      PID:956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26339.exe
      4⤵
      PID:4260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13558.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13558.exe
      4⤵
      PID:5560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21508.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21508.exe
    3⤵
    PID:2956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39974.exe
      4⤵
      PID:3044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16474.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16474.exe
      4⤵
      PID:3840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63605.exe
      4⤵
      PID:3984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51540.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51540.exe
      4⤵
      PID:4248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52613.exe
      4⤵
      PID:5208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42503.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42503.exe
      4⤵
      PID:5392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28633.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28633.exe
    3⤵
    PID:2856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39033.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39033.exe
    3⤵
    PID:3696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60805.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60805.exe
    3⤵
    PID:4040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42675.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42675.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48147.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48147.exe
    3⤵
    PID:5356
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47513.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47513.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49694.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49694.exe
    3⤵
    PID:3924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50710.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50710.exe
    3⤵
    PID:4888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44631.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44631.exe
    3⤵
    PID:4668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18925.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18925.exe
    3⤵
    PID:5484
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25860.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25860.exe
  2⤵
  PID:1388
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33092.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33092.exe
  2⤵
  PID:112
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49235.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49235.exe
  2⤵
  PID:3100
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36893.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36893.exe
  2⤵
  PID:3460
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55960.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55960.exe
  2⤵
  PID:4560
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39739.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39739.exe
  2⤵
  PID:5728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1123.exe

Filesize
468KB

MD5
f1c0cfa64ecd684205b52362da73235d

SHA1
42ba27337e006ea3ba70ba70aef89312a08f075b

SHA256
9758ac3b5aa4562826e2e524ddb3257c1d9d8fbbd039f0d7c087a26bb228dabd

SHA512
aaf142400aac0515c87adeccd3ec9c4a74494f363b3c9ab257f1c880749957b163a232386873cf58d132007e30be500b3d5e3819b8d7c1fcbdef533710e92ec0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20461.exe

Filesize
468KB

MD5
3296fc65ebd882b2eacfdeb0ea739061

SHA1
d174c7b63d4929066b212edba444e0ccc35572e5

SHA256
1710c3708b907b2bb4728465573a039e40192b1bad8fcac68bb6218f2022fdb8

SHA512
4b7e3dafb62fe883a26ceb949fa680d454970acc514e9cd78e93cc4accfd8492aa47d7e31ff6c72267a8446e241d2bb75d21e3b4827f0df0876010d110c6439b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60338.exe

Filesize
468KB

MD5
9f44a702583ae998876214dd0c138258

SHA1
9e0eed2fc1159684847dac0911de195afb6e050a

SHA256
9ed65109a0e8b88594109a11529b8c800a25105ea703ea74dffaae022592c283

SHA512
b09316d7ae0f9bdd06a431f738bbc638eac71096e4c900028b693b360972c555ad2a445720abf5bc3179741789b8532cc9e0a78bdd46d2eb2f847856ed240a99

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61829.exe

Filesize
468KB

MD5
d40e91600f0424bf2807bbd4a9cf722f

SHA1
33e698b87d190bf9a3a7b7209c6cef085153b462

SHA256
c8daacf20fa8470ce86c716891bdcc96e7039c69463bfcd9bccb8423d0d66019

SHA512
224369659c2c846f3bdb8b396004abf59d936b56410eda1cac989089317db6bf5c6682fb9c0721ded3f90a7944bb3e7f1f40318b627e8a6698def198e2a99dec

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21916.exe

Filesize
468KB

MD5
97cd69bf4f8a2c1ed5d2d9f11828777a

SHA1
e548a1cdf7163b65983121493e15c5d1c4a42544

SHA256
2ead0e9534737336ec3d2d23408a94de9ac3a73f3d2eb2d4ba744e3cf70b558d

SHA512
26d0d16d12d7dcb0f6204a8ca3daeed9c608ceef0087bf84be6e372179ae5dd084ea904f0e1a1f6171e24a59d2a849633625f4a9c4a69c47c8bacf8894ebc9c9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23929.exe

Filesize
468KB

MD5
0e8cbc09804cad653d95f212abbac566

SHA1
44e0b623cd9c26e9315bf748f9d76107e57c8b7a

SHA256
71a6707a5f354096057b9e8dfc9f54fd3b58eb261647aec28bf7aec430a8fe3c

SHA512
c8b23307be2d4e510ad6af0d5069d6e013bf95b0cfb737a34b431c3f74a113f1fc27567710b95d551570709dd1ebc4dd75030fafe8f0a264e223f744367ad3f1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25824.exe

Filesize
468KB

MD5
227305ed71fa34f3187b11b4a41e48ca

SHA1
0b630f81027e96e04cd7807bf76a1e466c659d83

SHA256
d2ff0318bcdbd4c631da2f77b0b3e54ff3e0d59574c2f044d6b1bb1c8b216919

SHA512
5ef081c9a34a678090efecff4ace471b7d4c01969fb833c5b45dec2043a4cdd3ce2aea8219cf9c745f47f1a6edb00fbe7c8af155c15291376e04a1274b541f52

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35011.exe

Filesize
468KB

MD5
bd06ffdc823760b81673fd1244a42557

SHA1
f56e2fc1aa9b8e126c25e11a8efeed1cc12ce739

SHA256
cec779e518c5d3cf9a2c32c4aa324ce1ea6fdd3728d7755f94a0f76d6623f023

SHA512
50115ade75ffc75e7a36c655e3984979527f99dffefec2c7d4dfa3ffd6d4ea4ceb8f786619ffefc1352cf9aeda3cff9a6d2a9e3ffe9298427e51c10ec85b4b94

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39560.exe

Filesize
468KB

MD5
15558203a06f2059ad7f8d566f6570ba

SHA1
31ef14b1fe00c96463677e9e85476c619de6aac5

SHA256
c2431e4216728cf0f24fb92cbf6e1a38a2e22a24865a9bc8e10f585bef95c395

SHA512
4ac1a09d5db0a34cfd6b196847cf1746840eb7bdb85d323214d97b9548f5abc296815466454686f8b64c0c153e877b8fe23663eb23150527b5cd584c3857f639

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39955.exe

Filesize
468KB

MD5
caf10cd820336fcc8217f75b8fe7c9eb

SHA1
4301e06aad4e61f1b24b36cb9eafb99799eb2467

SHA256
2da6b5482a6c421c9c4c988dba59a8f389e3d755eb87b8f0b79e16f76ef204cb

SHA512
782fa1b41cfc9487586a25315a395245b8f1d87130c82523544aab150703ec927750a62263205092489b31bf8034311ce8a7c9f53760c90e993d9512043ef793

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45690.exe

Filesize
468KB

MD5
65b47110c2d60aa6c06b73854204312e

SHA1
8e648c68dbda56d2d5c874a8091b34db5566d9ba

SHA256
929a9fafe20d721812d789b5f7ca2fe83e3130ff8308fe711e622fcfb3e25a8f

SHA512
5905c21745ac14c282880fd98c82177cafbf3ac67a60d194cf8088530b0a8ce2c12a332a670eed40f549a2d06839bb32404823740244140d5be31c0e4d241b45

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46603.exe

Filesize
468KB

MD5
184594206bba7165f425706ab3437489

SHA1
eb42a1e9e0c57e60b2c168c5f379f8a6421a407c

SHA256
1fb1e25fb97cf81abcd5350c4d2710c961e4ae3d239a1eacea26194f175bd139

SHA512
0afe43d5eb58f1e025a2b60250de972f89f4ad52f87ccfa4211307880bfe371d3e782cff24b264252421fa25edd87caae5eedb863a253f120a1314fc447b5e59

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57016.exe

Filesize
468KB

MD5
98082678aedaf606e9614c5dfd0925c9

SHA1
8044d2df7c154f3bb132410146c6d995cf655086

SHA256
e6c713484bfee607bda54c48a57452913faa864c80d45b0022b4eb72e45db35b

SHA512
012bfaa64b34f603fa127263758f1d72220afe28d98f03913d4b81073d130613f8aac0a4404da4defc66dfc6f0e8ada93e22e8a5e38d98e05fb4faa6b74707ed

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57859.exe

Filesize
468KB

MD5
a42406011393e5f09c45fc59e72f7adc

SHA1
ee1a6580aaea7dde3ce6e04533f7cdafe8b51712

SHA256
03fed047dbd9ae03d2c40574b292c15141ffdf6c2dba353508ff157779d042e4

SHA512
a4b3fe520e2faecf851a992a1c16ff34f6b181dc088ea739a0b9646fca7d328beb21e03cdc9cd36691155c33b69caf40251dc0428f6e526f94a81bf224255b25

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5791.exe

Filesize
468KB

MD5
167426af482357f122e4153030ee2b82

SHA1
f57a66de462b5a5b22ae8acf4fa80e4d69237f25

SHA256
7c73aa56beb9060797df3a659b0a6773bf446e7535832f24b9006e90ff95a974

SHA512
ca7e5a93c0984f998f97c0bf8d7f264acd6030739b9fb4d49194895c55ebfea2d6660074a15921c860f0ce5a4cbcf5e5fa50e0f341a2c7c1c769398df9b4d2fb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57926.exe

Filesize
468KB

MD5
b83a228a560cba30307a907ab0a3e5ef

SHA1
a649f1f3b1b676a81a5cc90cdd24c6d2f69a45d1

SHA256
3e097f5b879c68ad1bc2e993677e5cc682886cd1f02ff112f3ce620635aeaffa

SHA512
64db46f7abd6998a933053ea16f37b7f52dc2886d931e3d24d19f24f652ebf8cd26dd8fcf08cc1de2de87defc3f5a6478e57d4465f73edadda1a76faa51268f3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58905.exe

Filesize
468KB

MD5
50b6e48841c5c80005df417240f4cc93

SHA1
9ff75968483d6327029914bff98f145de3567eda

SHA256
7070747ee8082b2c702e813af582eaefa18067a27bf97bfc1ec5cd5e6502dc13

SHA512
3d609803f32cfde3b2a2e7514e7771b8f4a4adb16b57ebe2329246e186596289e1bfa6b4b6b2c084802e11b77628adb7b60e0c0b41d00a7ed6f3ca265b7fb3a9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6089.exe

Filesize
468KB

MD5
b1305ae5f80a684abb47265ac26d450f

SHA1
8a26cc1464e6e51270e2fe33f2cd5b538931b66b

SHA256
496afc6aac77ad3bbbae0fed511d29afff025331cf9913eb2542819037672cd0

SHA512
9e7a3cf03365128469a626165e964c830c104d762cb6d4b153565ef1d06a317f2c56281d9da3f2d003fe09ada364e4b1748899f430332236536eccfdb90c6117

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62602.exe

Filesize
468KB

MD5
71ddfe47f5fbc09ef99ceee03b57d15d

SHA1
891ea0302d21e47b339d1766d7953aede1b19952

SHA256
9331f9595ff106710a6d0a0b21679bcdab4ac48e8aaa862e2e01077207b01ca1

SHA512
4efa89ad9a172e58c75b50aa873c9edf2162b30a010bd90b8d3662eb8dd9197b6b64b79cfd0908f29368c9d045d8019b5addaa04fed6b4f28fda75905bf59e28

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62721.exe

Filesize
468KB

MD5
ebe1c64013d776f100cb7f8c4a63ff10

SHA1
70bd8775b6b0b961567b87fe2a8860b283354905

SHA256
a27570d1ef44d050091fff9ed806c697b1d90270cc40a1017bfbc0a5fe7ad381

SHA512
8a7b8be3c629fbe1b1625f56e034610fffc491378213cfdb007d341b8742ecc1eb1ff21407d8e9d3b79a85896e5e69fb71c1f83b8819bd97738b17053c9c5f20

Download Submit