e60a5f31bfad4d3b34768e6abda33da8f353292c331a3e2e19acc6d1f4d5c1de

Analysis

max time kernel
147s
max time network
18s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
21/11/2024, 10:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e60a5f31bfad4d3b34768e6abda33da8f353292c331a3e2e19acc6d1f4d5c1de.exe
Size

468KB
MD5

f6bfb2047bcaf5e705d8b1de99e4ec61
SHA1

7a563b3d6011848d5abeade1f5d73332714da4b5
SHA256

e60a5f31bfad4d3b34768e6abda33da8f353292c331a3e2e19acc6d1f4d5c1de
SHA512

b753c5c8f4fd9fca6fc664553e6aa46d5e17f23724395aa96476b4bd324a09dcf20fff029ee4b4a5ac06b46b1579968c8000893fc8801b16c8546b7b158ae383
SSDEEP

3072:44elogPaId57tbYKPzcfmbfD/n2DnvIH/QmyeQV5FRnI2kCSu1ulf:444ogb7thP4fmbfYa1URn3bSu1

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2236	Unicorn-55039.exe
2952	Unicorn-23685.exe
2904	Unicorn-44852.exe
2916	Unicorn-49388.exe
2792	Unicorn-29330.exe
2780	Unicorn-14285.exe
2796	Unicorn-16332.exe
1660	Unicorn-34095.exe
2080	Unicorn-59154.exe
588	Unicorn-27271.exe
3036	Unicorn-57705.exe
2444	Unicorn-13565.exe
2808	Unicorn-13565.exe
2296	Unicorn-50057.exe
2940	Unicorn-30456.exe
2220	Unicorn-31521.exe
2708	Unicorn-7379.exe
2284	Unicorn-39305.exe
2212	Unicorn-61033.exe
1076	Unicorn-41167.exe
1096	Unicorn-40037.exe
2160	Unicorn-20171.exe
1828	Unicorn-27022.exe
704	Unicorn-15532.exe
1472	Unicorn-11448.exe
2388	Unicorn-21462.exe
2100	Unicorn-33714.exe
1216	Unicorn-15340.exe
2400	Unicorn-23784.exe
1384	Unicorn-23519.exe
2492	Unicorn-49035.exe
884	Unicorn-23976.exe
1456	Unicorn-1370.exe
2216	Unicorn-21236.exe
964	Unicorn-54463.exe
2960	Unicorn-2661.exe
640	Unicorn-40395.exe
3008	Unicorn-14721.exe
3012	Unicorn-48563.exe
2784	Unicorn-48926.exe
2648	Unicorn-45439.exe
1744	Unicorn-51369.exe
2256	Unicorn-57499.exe
2812	Unicorn-57499.exe
2372	Unicorn-57499.exe
2928	Unicorn-60629.exe
2380	Unicorn-10197.exe
1684	Unicorn-56605.exe
432	Unicorn-62735.exe
2692	Unicorn-57690.exe
940	Unicorn-25787.exe
1444	Unicorn-17161.exe
692	Unicorn-9066.exe
1640	Unicorn-30831.exe
2932	Unicorn-30831.exe
2696	Unicorn-30566.exe
2116	Unicorn-18064.exe
2200	Unicorn-39553.exe
2520	Unicorn-58713.exe
1592	Unicorn-21018.exe
320	Unicorn-10664.exe
1556	Unicorn-59118.exe
236	Unicorn-38698.exe
1812	Unicorn-6196.exe

Loads dropped DLL 64 IoCs

pid	Process
2936	e60a5f31bfad4d3b34768e6abda33da8f353292c331a3e2e19acc6d1f4d5c1de.exe
2936	e60a5f31bfad4d3b34768e6abda33da8f353292c331a3e2e19acc6d1f4d5c1de.exe
2936	e60a5f31bfad4d3b34768e6abda33da8f353292c331a3e2e19acc6d1f4d5c1de.exe
2236	Unicorn-55039.exe
2236	Unicorn-55039.exe
2936	e60a5f31bfad4d3b34768e6abda33da8f353292c331a3e2e19acc6d1f4d5c1de.exe
2952	Unicorn-23685.exe
2952	Unicorn-23685.exe
2236	Unicorn-55039.exe
2236	Unicorn-55039.exe
2936	e60a5f31bfad4d3b34768e6abda33da8f353292c331a3e2e19acc6d1f4d5c1de.exe
2936	e60a5f31bfad4d3b34768e6abda33da8f353292c331a3e2e19acc6d1f4d5c1de.exe
2904	Unicorn-44852.exe
2904	Unicorn-44852.exe
2916	Unicorn-49388.exe
2916	Unicorn-49388.exe
2952	Unicorn-23685.exe
2952	Unicorn-23685.exe
2792	Unicorn-29330.exe
2792	Unicorn-29330.exe
2236	Unicorn-55039.exe
2236	Unicorn-55039.exe
2780	Unicorn-14285.exe
2780	Unicorn-14285.exe
2796	Unicorn-16332.exe
2796	Unicorn-16332.exe
2936	e60a5f31bfad4d3b34768e6abda33da8f353292c331a3e2e19acc6d1f4d5c1de.exe
2904	Unicorn-44852.exe
2936	e60a5f31bfad4d3b34768e6abda33da8f353292c331a3e2e19acc6d1f4d5c1de.exe
2904	Unicorn-44852.exe
1660	Unicorn-34095.exe
1660	Unicorn-34095.exe
2916	Unicorn-49388.exe
2916	Unicorn-49388.exe
588	Unicorn-27271.exe
588	Unicorn-27271.exe
2444	Unicorn-13565.exe
2444	Unicorn-13565.exe
2792	Unicorn-29330.exe
2792	Unicorn-29330.exe
2296	Unicorn-50057.exe
2296	Unicorn-50057.exe
2780	Unicorn-14285.exe
2780	Unicorn-14285.exe
2936	e60a5f31bfad4d3b34768e6abda33da8f353292c331a3e2e19acc6d1f4d5c1de.exe
2940	Unicorn-30456.exe
2936	e60a5f31bfad4d3b34768e6abda33da8f353292c331a3e2e19acc6d1f4d5c1de.exe
2940	Unicorn-30456.exe
2080	Unicorn-59154.exe
2080	Unicorn-59154.exe
2904	Unicorn-44852.exe
2904	Unicorn-44852.exe
2952	Unicorn-23685.exe
2952	Unicorn-23685.exe
3036	Unicorn-57705.exe
3036	Unicorn-57705.exe
2236	Unicorn-55039.exe
2808	Unicorn-13565.exe
2808	Unicorn-13565.exe
2236	Unicorn-55039.exe
2796	Unicorn-16332.exe
2796	Unicorn-16332.exe
2220	Unicorn-31521.exe
2220	Unicorn-31521.exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6485.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9707.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62640.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7379.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21236.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28142.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60836.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33886.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53195.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22951.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18977.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55039.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6196.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18879.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54971.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21884.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37925.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5271.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62110.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56605.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64126.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22336.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3322.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60836.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24454.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62236.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54373.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33523.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44897.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41167.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54971.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27402.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52318.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56071.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38722.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4011.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12673.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54971.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53828.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13287.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2880.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13521.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35574.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21354.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38868.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55619.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e60a5f31bfad4d3b34768e6abda33da8f353292c331a3e2e19acc6d1f4d5c1de.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16332.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59684.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11007.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56952.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38722.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39305.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33735.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30056.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41235.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35607.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-354.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10255.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23714.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52171.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4819.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2936	e60a5f31bfad4d3b34768e6abda33da8f353292c331a3e2e19acc6d1f4d5c1de.exe
2236	Unicorn-55039.exe
2952	Unicorn-23685.exe
2904	Unicorn-44852.exe
2916	Unicorn-49388.exe
2792	Unicorn-29330.exe
2796	Unicorn-16332.exe
2780	Unicorn-14285.exe
1660	Unicorn-34095.exe
2080	Unicorn-59154.exe
588	Unicorn-27271.exe
3036	Unicorn-57705.exe
2808	Unicorn-13565.exe
2444	Unicorn-13565.exe
2296	Unicorn-50057.exe
2940	Unicorn-30456.exe
2220	Unicorn-31521.exe
2708	Unicorn-7379.exe
2284	Unicorn-39305.exe
1076	Unicorn-41167.exe
2212	Unicorn-61033.exe
704	Unicorn-15532.exe
1828	Unicorn-27022.exe
2160	Unicorn-20171.exe
1096	Unicorn-40037.exe
1216	Unicorn-15340.exe
2388	Unicorn-21462.exe
1472	Unicorn-11448.exe
2100	Unicorn-33714.exe
2400	Unicorn-23784.exe
1384	Unicorn-23519.exe
2492	Unicorn-49035.exe
884	Unicorn-23976.exe
1456	Unicorn-1370.exe
964	Unicorn-54463.exe
2216	Unicorn-21236.exe
2960	Unicorn-2661.exe
640	Unicorn-40395.exe
2784	Unicorn-48926.exe
3012	Unicorn-48563.exe
3008	Unicorn-14721.exe
2648	Unicorn-45439.exe
2256	Unicorn-57499.exe
1744	Unicorn-51369.exe
2928	Unicorn-60629.exe
2812	Unicorn-57499.exe
2372	Unicorn-57499.exe
2380	Unicorn-10197.exe
1684	Unicorn-56605.exe
432	Unicorn-62735.exe
2692	Unicorn-57690.exe
940	Unicorn-25787.exe
1444	Unicorn-17161.exe
692	Unicorn-9066.exe
2932	Unicorn-30831.exe
1640	Unicorn-30831.exe
2696	Unicorn-30566.exe
2116	Unicorn-18064.exe
2200	Unicorn-39553.exe
2520	Unicorn-58713.exe
1592	Unicorn-21018.exe
1556	Unicorn-59118.exe
236	Unicorn-38698.exe
320	Unicorn-10664.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2936 wrote to memory of 2236	2936	e60a5f31bfad4d3b34768e6abda33da8f353292c331a3e2e19acc6d1f4d5c1de.exe	30
PID 2936 wrote to memory of 2236	2936	e60a5f31bfad4d3b34768e6abda33da8f353292c331a3e2e19acc6d1f4d5c1de.exe	30
PID 2936 wrote to memory of 2236	2936	e60a5f31bfad4d3b34768e6abda33da8f353292c331a3e2e19acc6d1f4d5c1de.exe	30
PID 2936 wrote to memory of 2236	2936	e60a5f31bfad4d3b34768e6abda33da8f353292c331a3e2e19acc6d1f4d5c1de.exe	30
PID 2236 wrote to memory of 2952	2236	Unicorn-55039.exe	32
PID 2236 wrote to memory of 2952	2236	Unicorn-55039.exe	32
PID 2236 wrote to memory of 2952	2236	Unicorn-55039.exe	32
PID 2236 wrote to memory of 2952	2236	Unicorn-55039.exe	32
PID 2936 wrote to memory of 2904	2936	e60a5f31bfad4d3b34768e6abda33da8f353292c331a3e2e19acc6d1f4d5c1de.exe	31
PID 2936 wrote to memory of 2904	2936	e60a5f31bfad4d3b34768e6abda33da8f353292c331a3e2e19acc6d1f4d5c1de.exe	31
PID 2936 wrote to memory of 2904	2936	e60a5f31bfad4d3b34768e6abda33da8f353292c331a3e2e19acc6d1f4d5c1de.exe	31
PID 2936 wrote to memory of 2904	2936	e60a5f31bfad4d3b34768e6abda33da8f353292c331a3e2e19acc6d1f4d5c1de.exe	31
PID 2952 wrote to memory of 2916	2952	Unicorn-23685.exe	33
PID 2952 wrote to memory of 2916	2952	Unicorn-23685.exe	33
PID 2952 wrote to memory of 2916	2952	Unicorn-23685.exe	33
PID 2952 wrote to memory of 2916	2952	Unicorn-23685.exe	33
PID 2236 wrote to memory of 2792	2236	Unicorn-55039.exe	34
PID 2236 wrote to memory of 2792	2236	Unicorn-55039.exe	34
PID 2236 wrote to memory of 2792	2236	Unicorn-55039.exe	34
PID 2236 wrote to memory of 2792	2236	Unicorn-55039.exe	34
PID 2936 wrote to memory of 2780	2936	e60a5f31bfad4d3b34768e6abda33da8f353292c331a3e2e19acc6d1f4d5c1de.exe	35
PID 2936 wrote to memory of 2780	2936	e60a5f31bfad4d3b34768e6abda33da8f353292c331a3e2e19acc6d1f4d5c1de.exe	35
PID 2936 wrote to memory of 2780	2936	e60a5f31bfad4d3b34768e6abda33da8f353292c331a3e2e19acc6d1f4d5c1de.exe	35
PID 2936 wrote to memory of 2780	2936	e60a5f31bfad4d3b34768e6abda33da8f353292c331a3e2e19acc6d1f4d5c1de.exe	35
PID 2904 wrote to memory of 2796	2904	Unicorn-44852.exe	36
PID 2904 wrote to memory of 2796	2904	Unicorn-44852.exe	36
PID 2904 wrote to memory of 2796	2904	Unicorn-44852.exe	36
PID 2904 wrote to memory of 2796	2904	Unicorn-44852.exe	36
PID 2916 wrote to memory of 1660	2916	Unicorn-49388.exe	37
PID 2916 wrote to memory of 1660	2916	Unicorn-49388.exe	37
PID 2916 wrote to memory of 1660	2916	Unicorn-49388.exe	37
PID 2916 wrote to memory of 1660	2916	Unicorn-49388.exe	37
PID 2952 wrote to memory of 2080	2952	Unicorn-23685.exe	38
PID 2952 wrote to memory of 2080	2952	Unicorn-23685.exe	38
PID 2952 wrote to memory of 2080	2952	Unicorn-23685.exe	38
PID 2952 wrote to memory of 2080	2952	Unicorn-23685.exe	38
PID 2792 wrote to memory of 588	2792	Unicorn-29330.exe	39
PID 2792 wrote to memory of 588	2792	Unicorn-29330.exe	39
PID 2792 wrote to memory of 588	2792	Unicorn-29330.exe	39
PID 2792 wrote to memory of 588	2792	Unicorn-29330.exe	39
PID 2236 wrote to memory of 3036	2236	Unicorn-55039.exe	40
PID 2236 wrote to memory of 3036	2236	Unicorn-55039.exe	40
PID 2236 wrote to memory of 3036	2236	Unicorn-55039.exe	40
PID 2236 wrote to memory of 3036	2236	Unicorn-55039.exe	40
PID 2780 wrote to memory of 2444	2780	Unicorn-14285.exe	41
PID 2780 wrote to memory of 2444	2780	Unicorn-14285.exe	41
PID 2780 wrote to memory of 2444	2780	Unicorn-14285.exe	41
PID 2780 wrote to memory of 2444	2780	Unicorn-14285.exe	41
PID 2796 wrote to memory of 2808	2796	Unicorn-16332.exe	42
PID 2796 wrote to memory of 2808	2796	Unicorn-16332.exe	42
PID 2796 wrote to memory of 2808	2796	Unicorn-16332.exe	42
PID 2796 wrote to memory of 2808	2796	Unicorn-16332.exe	42
PID 2936 wrote to memory of 2296	2936	e60a5f31bfad4d3b34768e6abda33da8f353292c331a3e2e19acc6d1f4d5c1de.exe	43
PID 2936 wrote to memory of 2296	2936	e60a5f31bfad4d3b34768e6abda33da8f353292c331a3e2e19acc6d1f4d5c1de.exe	43
PID 2936 wrote to memory of 2296	2936	e60a5f31bfad4d3b34768e6abda33da8f353292c331a3e2e19acc6d1f4d5c1de.exe	43
PID 2936 wrote to memory of 2296	2936	e60a5f31bfad4d3b34768e6abda33da8f353292c331a3e2e19acc6d1f4d5c1de.exe	43
PID 2904 wrote to memory of 2940	2904	Unicorn-44852.exe	44
PID 2904 wrote to memory of 2940	2904	Unicorn-44852.exe	44
PID 2904 wrote to memory of 2940	2904	Unicorn-44852.exe	44
PID 2904 wrote to memory of 2940	2904	Unicorn-44852.exe	44
PID 1660 wrote to memory of 2220	1660	Unicorn-34095.exe	45
PID 1660 wrote to memory of 2220	1660	Unicorn-34095.exe	45
PID 1660 wrote to memory of 2220	1660	Unicorn-34095.exe	45
PID 1660 wrote to memory of 2220	1660	Unicorn-34095.exe	45

C:\Users\Admin\AppData\Local\Temp\e60a5f31bfad4d3b34768e6abda33da8f353292c331a3e2e19acc6d1f4d5c1de.exe
"C:\Users\Admin\AppData\Local\Temp\e60a5f31bfad4d3b34768e6abda33da8f353292c331a3e2e19acc6d1f4d5c1de.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2936
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55039.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55039.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23685.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23685.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49388.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49388.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34095.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31521.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23976.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21018.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3322.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41235.exe
        9⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56916.exe
        9⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10377.exe
        9⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38868.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28142.exe
        8⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54971.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1176.exe
        8⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14339.exe
        8⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56519.exe
        8⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10664.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41878.exe
        7⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54831.exe
        8⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60836.exe
        7⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31715.exe
        7⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21884.exe
        7⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28753.exe
        7⤵
        
        PID:5912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1370.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29477.exe
        7⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12673.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18977.exe
        7⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4819.exe
        7⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13631.exe
        7⤵
        
        PID:2368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23346.exe
        6⤵
        
        PID:3040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24106.exe
        6⤵
        
        PID:3184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30056.exe
        6⤵
        
        PID:3584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-268.exe
        6⤵
        
        PID:4620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22183.exe
        6⤵
        
        PID:4992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7379.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39553.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46913.exe
        7⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3114.exe
        8⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42335.exe
        8⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40397.exe
        8⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6907.exe
        8⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34025.exe
        8⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27571.exe
        8⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12989.exe
        7⤵
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14738.exe
        8⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58722.exe
        9⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11426.exe
        9⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3649.exe
        9⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54971.exe
        8⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58566.exe
        8⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36270.exe
        8⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58561.exe
        8⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5750.exe
        7⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52171.exe
        7⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33365.exe
        7⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57105.exe
        7⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57637.exe
        7⤵
        
        PID:4568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5178.exe
        6⤵
        
        PID:2096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3441.exe
        6⤵
        
        PID:900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52171.exe
        6⤵
        
        PID:3928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46084.exe
        6⤵
        
        PID:3264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37925.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56386.exe
        6⤵
        
        PID:876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2661.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48127.exe
        6⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30726.exe
        7⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60243.exe
        7⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60826.exe
        7⤵
        
        PID:3328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62236.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53195.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33886.exe
        6⤵
        
        PID:3444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4819.exe
        6⤵
        
        PID:4384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5271.exe
        6⤵
        
        PID:4716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22336.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55113.exe
        5⤵
        
        PID:836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35635.exe
        5⤵
        
        PID:3800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50706.exe
        5⤵
        
        PID:3408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35574.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52302.exe
        5⤵
        
        PID:4616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59154.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59154.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11448.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59118.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57567.exe
        7⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14435.exe
        7⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36687.exe
        7⤵
        
        PID:364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30020.exe
        7⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4741.exe
        7⤵
        
        PID:4112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24058.exe
        6⤵
        
        PID:3020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54971.exe
        6⤵
        
        PID:3968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63356.exe
        6⤵
        
        PID:4060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21354.exe
        6⤵
        
        PID:4484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18670.exe
        6⤵
        
        PID:5976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6196.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-758.exe
        6⤵
        
        PID:1668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54588.exe
        6⤵
        
        PID:2172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52649.exe
        6⤵
        
        PID:3780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53828.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5271.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43829.exe
        5⤵
        
        PID:780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30608.exe
        5⤵
        
        PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38640.exe
        5⤵
        
        PID:3112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17512.exe
        5⤵
        
        PID:3288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10255.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44897.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33714.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33714.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25787.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29477.exe
        6⤵
        
        PID:2608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16757.exe
        6⤵
        
        PID:3136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38852.exe
        6⤵
        
        PID:3280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21354.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45574.exe
        6⤵
        
        PID:4980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65422.exe
        5⤵
        
        PID:1896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60836.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38987.exe
        6⤵
        
        PID:3516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61726.exe
        6⤵
        
        PID:4108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13406.exe
        6⤵
        
        PID:4544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30056.exe
        5⤵
        
        PID:3608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59456.exe
        5⤵
        
        PID:4052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37025.exe
        5⤵
        
        PID:4592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17161.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47570.exe
        5⤵
        
        PID:896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23112.exe
        5⤵
        
        PID:3372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33137.exe
        5⤵
        
        PID:4776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1154.exe
        5⤵
        
        PID:1092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4594.exe
      4⤵
      PID:1116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2880.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2880.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30587.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30587.exe
      4⤵
      PID:3488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57255.exe
      4⤵
      PID:4680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23714.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23714.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29330.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29330.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27271.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27271.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39305.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21236.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44256.exe
        7⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19121.exe
        8⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19603.exe
        8⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30319.exe
        8⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58672.exe
        7⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40397.exe
        7⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10991.exe
        7⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22956.exe
        7⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51.exe
        7⤵
        
        PID:4176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
        6⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47570.exe
        7⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9707.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48157.exe
        7⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10896.exe
        7⤵
        
        PID:4928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56071.exe
        6⤵
        
        PID:1844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46262.exe
        6⤵
        
        PID:3752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34047.exe
        6⤵
        
        PID:3384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13802.exe
        6⤵
        
        PID:4788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34088.exe
        6⤵
        
        PID:5840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54463.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40489.exe
        6⤵
        
        PID:4016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6485.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55483.exe
        6⤵
        
        PID:4648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26235.exe
        6⤵
        
        PID:5048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23346.exe
        5⤵
        
        PID:2872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7612.exe
        6⤵
        
        PID:4872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3121.exe
        6⤵
        
        PID:5816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3493.exe
        5⤵
        
        PID:3344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30056.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14739.exe
        5⤵
        
        PID:4296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57310.exe
        5⤵
        
        PID:5216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41167.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40395.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20987.exe
        6⤵
        
        PID:1652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10238.exe
        6⤵
        
        PID:3632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38722.exe
        6⤵
        
        PID:3700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36270.exe
        6⤵
        
        PID:4256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9169.exe
        6⤵
        
        PID:5460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29756.exe
        5⤵
        
        PID:584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41401.exe
        5⤵
        
        PID:2892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38722.exe
        5⤵
        
        PID:3492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33523.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41617.exe
        5⤵
        
        PID:4668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14721.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64126.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28142.exe
        5⤵
        
        PID:2364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54971.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48251.exe
        5⤵
        
        PID:1644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4819.exe
        5⤵
        
        PID:4380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34088.exe
        5⤵
        
        PID:5856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22336.exe
      4⤵
      PID:892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55216.exe
        5⤵
        
        PID:2056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41235.exe
        5⤵
        
        PID:3832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63740.exe
        5⤵
        
        PID:3244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21354.exe
        5⤵
        
        PID:4344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41490.exe
        5⤵
        
        PID:2120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55113.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55113.exe
      4⤵
      PID:856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35635.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35635.exe
      4⤵
      PID:3816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63150.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63150.exe
      4⤵
      PID:3216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24666.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24666.exe
      4⤵
      PID:4912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35774.exe
      4⤵
      PID:4136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57705.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57705.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:3036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15340.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15340.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30831.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59357.exe
        6⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6428.exe
        7⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6776.exe
        7⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12525.exe
        7⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1154.exe
        7⤵
        
        PID:4768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44178.exe
        6⤵
        
        PID:2104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54971.exe
        6⤵
        
        PID:3976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52143.exe
        6⤵
        
        PID:3088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4819.exe
        6⤵
        
        PID:4448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58556.exe
        6⤵
        
        PID:5072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18879.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8712.exe
        5⤵
        
        PID:1536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60836.exe
        5⤵
        
        PID:3840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49792.exe
        5⤵
        
        PID:2144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40039.exe
        5⤵
        
        PID:4904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52318.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18064.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18064.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27645.exe
        5⤵
        
        PID:2984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49378.exe
        5⤵
        
        PID:524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54971.exe
        5⤵
        
        PID:3984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54373.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41583.exe
        5⤵
        
        PID:4228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6226.exe
        5⤵
        
        PID:6044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4794.exe
      4⤵
      PID:2912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65474.exe
        5⤵
        
        PID:4280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13287.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27754.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27754.exe
      4⤵
      PID:332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52171.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52171.exe
      4⤵
      PID:3896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50169.exe
      4⤵
      PID:3204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46197.exe
      4⤵
      PID:4964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41109.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41109.exe
      4⤵
      PID:4820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23519.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23519.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57499.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49959.exe
        5⤵
        
        PID:2644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11007.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41440.exe
        5⤵
        
        PID:3080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53368.exe
        5⤵
        
        PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34025.exe
        5⤵
        
        PID:4328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19402.exe
        5⤵
        
        PID:5264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1121.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1121.exe
      4⤵
      PID:1192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41401.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41401.exe
      4⤵
      PID:1200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38722.exe
      4⤵
      PID:3704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45667.exe
      4⤵
      PID:4948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18670.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18670.exe
      4⤵
      PID:5968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60629.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60629.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29477.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29477.exe
      4⤵
      PID:2604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4505.exe
      4⤵
      PID:3220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18977.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18977.exe
      4⤵
      PID:2456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27443.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27443.exe
      4⤵
      PID:4604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17337.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17337.exe
      4⤵
      PID:5432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4011.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4011.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48643.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48643.exe
    3⤵
    PID:3400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9056.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9056.exe
    3⤵
    PID:3508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19331.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19331.exe
    3⤵
    PID:4940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39974.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39974.exe
    3⤵
    PID:4048
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44852.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44852.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16332.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16332.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13565.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13565.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23784.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57499.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63851.exe
        7⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41235.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52976.exe
        7⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10606.exe
        7⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58026.exe
        7⤵
        
        PID:4272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23591.exe
        6⤵
        
        PID:2188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55355.exe
        6⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48275.exe
        7⤵
        
        PID:5940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38722.exe
        6⤵
        
        PID:3624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36270.exe
        6⤵
        
        PID:4244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17337.exe
        6⤵
        
        PID:5440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10197.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38987.exe
        6⤵
        
        PID:3716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34731.exe
        6⤵
        
        PID:5032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64910.exe
        6⤵
        
        PID:4100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61831.exe
        5⤵
        
        PID:2836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61220.exe
        5⤵
        
        PID:3668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30056.exe
        5⤵
        
        PID:3556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29131.exe
        5⤵
        
        PID:4972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62640.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49035.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49035.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57499.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59684.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41235.exe
        6⤵
        
        PID:3920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48508.exe
        6⤵
        
        PID:3148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54332.exe
        6⤵
        
        PID:5076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13101.exe
        6⤵
        
        PID:4628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15423.exe
        5⤵
        
        PID:3044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55355.exe
        5⤵
        
        PID:3660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38722.exe
        5⤵
        
        PID:3708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42390.exe
        5⤵
        
        PID:4132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62640.exe
        5⤵
        
        PID:5068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56605.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20987.exe
        5⤵
        
        PID:1464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28225.exe
        6⤵
        
        PID:4780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27402.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27665.exe
        5⤵
        
        PID:3092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18977.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4819.exe
        5⤵
        
        PID:4356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5271.exe
        5⤵
        
        PID:2536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49357.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49357.exe
      4⤵
      PID:2440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38601.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38601.exe
      4⤵
      PID:844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13521.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13521.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24624.exe
      4⤵
      PID:4552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56952.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30456.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30456.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15532.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15532.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56980.exe
        5⤵
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45206.exe
        6⤵
        
        PID:2676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29318.exe
        6⤵
        
        PID:3420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42713.exe
        6⤵
        
        PID:4116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9725.exe
        6⤵
        
        PID:5012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12916.exe
        6⤵
        
        PID:5792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63113.exe
        5⤵
        
        PID:1840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60836.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45708.exe
        5⤵
        
        PID:3308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37299.exe
        5⤵
        
        PID:4224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13631.exe
        5⤵
        
        PID:4672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44261.exe
      4⤵
      PID:2316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38987.exe
        5⤵
        
        PID:3724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45640.exe
        5⤵
        
        PID:4840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34116.exe
        5⤵
        
        PID:5136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41878.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41878.exe
      4⤵
      PID:2964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60836.exe
      4⤵
      PID:3864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35607.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21884.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21884.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44897.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44897.exe
      4⤵
      PID:6000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21462.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21462.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9066.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48287.exe
        5⤵
        
        PID:4656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61720.exe
        5⤵
        
        PID:5588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55963.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55963.exe
      4⤵
      PID:2232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54971.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54971.exe
      4⤵
      PID:3944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16949.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16949.exe
      4⤵
      PID:4500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18491.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18491.exe
      4⤵
      PID:4308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38722.exe
      4⤵
      PID:1664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30566.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30566.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61614.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61614.exe
      4⤵
      PID:1900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56071.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46262.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46262.exe
      4⤵
      PID:3760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59993.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59993.exe
      4⤵
      PID:4336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40022.exe
      4⤵
      PID:5084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55432.exe
      4⤵
      PID:4816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2461.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2461.exe
    3⤵
    PID:1468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36735.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36735.exe
    3⤵
    PID:2360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50379.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50379.exe
    3⤵
    PID:3792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13047.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13047.exe
    3⤵
    PID:3192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48926.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48926.exe
    3⤵
    PID:4868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35890.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35890.exe
    3⤵
    PID:4576
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14285.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14285.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13565.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13565.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61033.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48563.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29477.exe
        6⤵
        
        PID:2820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24925.exe
        6⤵
        
        PID:3232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32856.exe
        6⤵
        
        PID:3528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54332.exe
        6⤵
        
        PID:5100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54698.exe
        6⤵
        
        PID:6024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9611.exe
        5⤵
        
        PID:1476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38661.exe
        5⤵
        
        PID:3152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38722.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-275.exe
        5⤵
        
        PID:4956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21084.exe
        5⤵
        
        PID:5772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48926.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48926.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38698.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28142.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54971.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58841.exe
        5⤵
        
        PID:3560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12719.exe
        5⤵
        
        PID:4692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41874.exe
        5⤵
        
        PID:5108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36268.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36268.exe
      4⤵
      PID:1128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47743.exe
      4⤵
      PID:1716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52171.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52171.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33640.exe
      4⤵
      PID:2164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57105.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57105.exe
      4⤵
      PID:4888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28753.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28753.exe
      4⤵
      PID:5900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20171.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20171.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45439.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45439.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49622.exe
        5⤵
        
        PID:1852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10238.exe
        5⤵
        
        PID:3624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33735.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33886.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4819.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50232.exe
        5⤵
        
        PID:6032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9611.exe
      4⤵
      PID:2176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18240.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18240.exe
      4⤵
      PID:3208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38722.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16803.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16803.exe
      4⤵
      PID:4596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5118.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51369.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51369.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43597.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43597.exe
      4⤵
      PID:2612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28381.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28381.exe
      4⤵
      PID:2024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34358.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34358.exe
      4⤵
      PID:4008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28833.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28833.exe
      4⤵
      PID:4644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31690.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31690.exe
      4⤵
      PID:4548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2190.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2190.exe
    3⤵
    PID:868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59436.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59436.exe
    3⤵
    PID:1848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27994.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27994.exe
    3⤵
    PID:3312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34417.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34417.exe
    3⤵
    PID:1312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-354.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-354.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32953.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32953.exe
    3⤵
    PID:5888
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50057.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50057.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40037.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40037.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30831.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30831.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2455.exe
        5⤵
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63851.exe
        6⤵
        
        PID:1540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41235.exe
        6⤵
        
        PID:3912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52701.exe
        6⤵
        
        PID:3108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65240.exe
        6⤵
        
        PID:4804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13101.exe
        6⤵
        
        PID:4520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48501.exe
        5⤵
        
        PID:2524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47330.exe
        5⤵
        
        PID:3284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42552.exe
        5⤵
        
        PID:596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21354.exe
        5⤵
        
        PID:4352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41490.exe
        5⤵
        
        PID:4796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65423.exe
      4⤵
      PID:3056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6211.exe
      4⤵
      PID:1084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53003.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53003.exe
      4⤵
      PID:3452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33886.exe
      4⤵
      PID:3736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4819.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4819.exe
      4⤵
      PID:4468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13631.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13631.exe
      4⤵
      PID:4740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58713.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58713.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5219.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5219.exe
      4⤵
      PID:3616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22951.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24154.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24154.exe
      4⤵
      PID:4512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25851.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25851.exe
      4⤵
      PID:2308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21649.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21649.exe
    3⤵
    PID:2712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60836.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60836.exe
    3⤵
    PID:3848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50176.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50176.exe
    3⤵
    PID:3440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14739.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14739.exe
    3⤵
    PID:4248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53226.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53226.exe
    3⤵
    PID:5240
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27022.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27022.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62735.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62735.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29477.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29477.exe
      4⤵
      PID:1376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12673.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12673.exe
      4⤵
      PID:3316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32856.exe
      4⤵
      PID:3432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54332.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54332.exe
      4⤵
      PID:4156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62110.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62110.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9611.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9611.exe
    3⤵
    PID:3004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63165.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63165.exe
    3⤵
    PID:3360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38722.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38722.exe
    3⤵
    PID:3684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56575.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56575.exe
    3⤵
    PID:4876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55619.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55619.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5876
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57690.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57690.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31292.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31292.exe
    3⤵
    PID:2876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18515.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18515.exe
    3⤵
    PID:3464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38722.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38722.exe
    3⤵
    PID:3676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62811.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62811.exe
    3⤵
    PID:4148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34088.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34088.exe
    3⤵
    PID:5864
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24454.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24454.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42594.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42594.exe
    3⤵
    PID:4288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25847.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25847.exe
    3⤵
    PID:5060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50458.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50458.exe
    3⤵
    PID:5556
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32270.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32270.exe
  2⤵
  PID:776
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11261.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11261.exe
  2⤵
  PID:4040
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11912.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11912.exe
  2⤵
  PID:3340
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50087.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50087.exe
  2⤵
  PID:4824
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2206.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2206.exe
  2⤵
  PID:4560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-22956.exe

Filesize
468KB

MD5
bd319a7cded52beaf893079c9f94655d

SHA1
a6d4b259dc72ae105466ef23b76426d441bc4903

SHA256
5ca48eca1224c719560cda7437ac7def3fbe56fcd26946c4e2c888673654017e

SHA512
2a2c9fcb09bc2eb9f173cb82e6d4f245c8bf3965b964ab3a6c624ed3bda4022c898a06285571989ff0be61c9cfb93dde97124bee57ace1f6bc9a3211d883d335

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23714.exe

Filesize
468KB

MD5
db2b9debfc49ebfdf55fd35f5c0b9708

SHA1
69578e996b5956e37e0340742b1a0c7c52a90834

SHA256
d44436cb4004a31e7e48006978e87435b6045d42495f6791ea711f2580495407

SHA512
d9300bbfdbcadadb8e92774c643dfa771ada554f8fc0bfff0d2a3cb44e12ca0df6d407d9292dcdab40b0d0fee496eb51c787c4da27de830776912371417bf32a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-275.exe

Filesize
468KB

MD5
feebda6b6c03457c4923909515042847

SHA1
788d3d5c91f095f90065352982799ff1527772a3

SHA256
717aa77417ca0ff28500ab0e937374256e08b12731f25cbc38611579ecf46f83

SHA512
64d24355f57edeadca6dfcb25cc2a287fe6bc4d15c9ca322349d8adbb7df1ea1a192b4b0864836dfa77dd06f4190dcc0a8e92e08e241d0b6683c7e7eda16ebc0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30456.exe

Filesize
468KB

MD5
b12600cf751ca6a7f227e4881256c40a

SHA1
4f3ce1b78bfe9823483916bca48ff3ccef9932f5

SHA256
be6b4f4b55b955c3560dd0262aa3ee904c964fe281f7310a875604ae5da03fde

SHA512
99ca74f474455551051ed467378aaad1c2a2371af7224413a82465bad751802caf1ee7088c46c892468754fb5e9066e240e8572d193e6b941afb985599bb189d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36687.exe

Filesize
468KB

MD5
60575e728eaee6adb01f8a0e1f8e8a99

SHA1
cf0b9a5f0e442fd520b0b1c21bd220908851865b

SHA256
7bd368d48afd77df751f09dea60447af9eb4f0cc4d91b11ba5383e27a8728644

SHA512
387556abdaa0ae3c58469b53de60036de15875097332005783ed3241f39082cb678fbf5859c256c021fe0590bbd13c8acfac7aca915405397c3ca7fe5834b11a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39305.exe

Filesize
468KB

MD5
7482a7ccf19741287a25ca00effdfc16

SHA1
d35a79972001ad405cada152f2f787c0503ebbea

SHA256
e23eb88906b9f0333ce170328cfe51ebba66d5b54aa0700e6402dc14117b2cd4

SHA512
cbea6748c18aaca80686d909d0a9a93bb65a04f1b793d14b16aca35187bab32c1de552af8f32343395975d59d2d4867cf6c5ceca2a7adda0e810fbef21db0b00

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42390.exe

Filesize
468KB

MD5
9340aa2b92a38a00b223d6c654ea9574

SHA1
dd1b934436c6a7010ba2fde1fb2dc429e8df524a

SHA256
4d08f40ad6e5e63d3c123bf17df25b820e437a154d6f9baa3de0c6adaa1ec955

SHA512
6a1bc5afed8fe6036810212a0ce4d25ccc5e95b30c101f4a01258e7201c0b10c56405c8c5f0d708c0f599484552a06c42978aa83af88915eafaaf42a18b1f1d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45708.exe

Filesize
468KB

MD5
8a57c27095cdb585eb9913a858ac4135

SHA1
749a108e2d9d5149e03427e5f355238817399cec

SHA256
c2341edcacb3604fe632d1fc5e590a494fe30796c5b2be84795dfe636a1da106

SHA512
0d1f2dd8e63c2ff96fa41746e5ea84eb01f8508bf419065cc23ebdec1930bc84aec008af96f33776395658f00fb125ada97c977ccfc0d97ca89a1736cd7c8590

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4594.exe

Filesize
468KB

MD5
b12a732d4d2666e1530c16e7fc914408

SHA1
c410afc0b687ffc5d7d8e3b5eb86beb47c5e26bd

SHA256
0614d9c2ebd1901f56b79632a68c254dbc736514672d6ee72d8200bf579c7fbe

SHA512
d46cfdf1234146d07368b17a12dd7f2c68063e0773466d1fe14da620c66caab5b0444ebb117a7ccd9e2946b75687395322a01ed54f66add26755ab1c9fafa1ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56519.exe

Filesize
468KB

MD5
c7d10727777d6c77911d679ee86cb273

SHA1
cad92d2bcafb4ebf9e28dd17f73064b314dc8fd8

SHA256
36ca04fc035a14eaf788ac60ee964fccd42c4d7e2e3c81ce2e530631fc4d9d5d

SHA512
2373738d81a84bd90d4fbbcc9dc057dfcedbeba3068cbd434481c71e71baf4932eada9ee555be54793c728937628ad78f8ee16c799e878b8821d69ba4e3f118c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56916.exe

Filesize
468KB

MD5
5a03fcb5e33b9e897c9934d5f1164852

SHA1
88474d768230c529ea4e9ede72135881416a06c4

SHA256
cdd9b2f49001c24ce310d730495ac1e0ed39b2b5f7ede610bf82da1aa21a25cc

SHA512
a36a96fdc07597962a853e54525d9dcdb36d1fd3dbaf1f701f645fcb6454e135feaae17bad1c6490333c777dbbe9210b55d7331505955c829fc6cd05eb71c89d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7612.exe

Filesize
468KB

MD5
3eacfa3f374cb99294bebf9bcc35013d

SHA1
bc61865260a4c2bc744a9c41ee319d5be0e2b2b6

SHA256
2ec4b5866545fb89e3441b543c8c417d5397e3502598fd1e0176f87a4b8eff45

SHA512
8ae4e1f37405c5b64d1c0283a47b97661208b5fed2cacf877e04dbfacabb01e2d4986a48a7d9e64cddc06da4af4e52a459058b1b695640801f6c42f9a823b672

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13565.exe

Filesize
468KB

MD5
bd4171d89fcb664c9b32634c549e9e60

SHA1
bdeaf402d6371205b4c18842bb88cdbb8fae37d1

SHA256
1d8123010c8f1cf903bf044074bcf9ffb1eaf0f05e47ba4176e42f414377511b

SHA512
3c73afd3df0ebfa3b9d6277b76912b03f1e426e460444d0c0f4b532a91d7a8e3ed266d466cf5c65475770f0a170e2d0d9b952d3319f84485a6034f539f183440

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14285.exe

Filesize
468KB

MD5
4477172413a401902f19d44ebf592666

SHA1
3bbe25d05bc2fb088188e2e6911ad8f75dbd6343

SHA256
553a6287c5d929c53c55b0b112640a7f9e697e001a7b446a3577b892a53f6201

SHA512
c5ec4a5c31c0b391280f05334df0ebaab156e1a3b51be4b4ac2eab4dae87850ded5bdad0ca3ceded9b1ad876d2e29aa786b8562dba54380af40316b4545129d1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16332.exe

Filesize
468KB

MD5
3a67bdeb1328fcae36247c5d8ac1da79

SHA1
a5517bf502ecaa32661d1fd968e9a18ad7298862

SHA256
60ab2a9c14a512351744fdafa91939b10d4fbe1796c456292ad08390612ad068

SHA512
daaf94cdc0dd117bb0c3f14467011e1821ec5653e28f38669aabf2d276d09185f6e626618456de02af223c50d436dde3935db32e3016f187f4d2ddcfee2e5715

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23685.exe

Filesize
468KB

MD5
9a32a59ca725d9bec4b8251c473da033

SHA1
273c987970653a9b8b7e8368c534a9a847d41204

SHA256
3f3e84a65ff0c2b63567923342ccf483878c8df619b93d8789db60165c281611

SHA512
8aacf8b87c085c57ea93a42ac700ee79c3888f9585e4bf14fd8dd7e58a5e2adbff3c937cc5bf34c6333f8afba875b36103cb9c8f43b41d8aa61df282bf5fea27

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27271.exe

Filesize
468KB

MD5
b7120159d797a9c6ad3d2c9cd9bbbb64

SHA1
e7a4d8483a334c3e7bb6fb9e2ff26b720cb32a43

SHA256
9aa6d7d0758d8e9478727c8c2f4fea6025800f85798efdeba293e5ca40f31ddc

SHA512
7a2cb1329d7b2436a977f90474be65c5a95a99bcd760dcb836186ea20f1b45d088925bfaac8b2c9bfdeb164409e707d82b48cbc519e8c48198dc59bd1868da0b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29330.exe

Filesize
468KB

MD5
734eec1ce32b8a4fccae7eb83753e45b

SHA1
d8291d201c9cb458cdbe39f13cb139ae05cb711a

SHA256
bc0db80a2e50f22bbf914ce27fc857b2ebc12c6ae2242b9509c50f4514d16e0f

SHA512
e4e5972364f16b39bed943189d2288c7f74911b55ce60175b5785e9be1ba09a9a6cbc4fdf6d3fa623216f05f4ce6de05298d8d14e8d65458b829aa3b90b46e30

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31521.exe

Filesize
468KB

MD5
cdc4ec649ef3d234fd40014877fe3af7

SHA1
4eb66365113fda85b2d035ea85d14c49e4e3203a

SHA256
6dab658150c649477abbec1665c9dd7c1ca32e10f7c04ca70fabde2d47533c57

SHA512
11644b0989879831d55277ee026c88fa549e89a42cec1ffec5ea476219bddaca7cc86c5e4a04397d14f10844e339a2d05dca24fa9a451f039bb986dab730af76

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34095.exe

Filesize
468KB

MD5
467a2d2cafcb42efedac59ab72857992

SHA1
68c00743a6654b8de04404ec78176a5e41cd6daf

SHA256
1c18de9a90c09ea5eaa510dc5f897476451b60815a4f14d334d5e7ffd67fe819

SHA512
cc3d685c1b1465cb44d91825444bd6c497ba715ef346d6c933529c6ea0785d85834b3d30c523a964270cdc74cd5aed7949a38ecdc3d357d9167dc98650c35e0f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44852.exe

Filesize
468KB

MD5
52b067b83cf9d9f4dd103eb5ae97b303

SHA1
0b2bff022618c46fb2690a40ba3c94b4ff926c6d

SHA256
756d2723debfdd597a34195f583dbaf04788c8130109dfd3a35498233b3d9a7e

SHA512
b4697fac065b64bb9164d037ff8044934eacab760c735d2ce8edc15d71e02a41443dba5460404f373d6cd57b86171c321b7393e82ba9a6968add4c103423b960

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49388.exe

Filesize
468KB

MD5
0012db76d26a687ee4e58ba16ec66031

SHA1
2ab4bf859a9b0daa009938550a7e6e95f7635db3

SHA256
2d4d15806de729272f0fafa2f34143c3095ca9996ddde444e53afb5b239962ca

SHA512
47da400bd9b56d2701c0f5f1848170e15273d179d95d12d57305162f62a5311a5828afb4457ff42a1580ef2764acd83b36686c2f6c554b0bcccd3f8db316f0f4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50057.exe

Filesize
468KB

MD5
d21945b99f1d2f02f27e094c363f42fc

SHA1
06781fb3705bddaae682c52ab5d3f984c13bbb14

SHA256
2de2e22af77be906a7cee175acdd9cb7bce93462cd6d1b8e3e60887532711b96

SHA512
5aca06c4d6ba844623eed9dd3434da15f3c67a8e2f2e084609994babb10bfe07b45dfb065dce0893fefd39f82671e2b0c93f1f2838736c09ce9f42427f80c0e0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55039.exe

Filesize
468KB

MD5
f012f1a7d1d81d749a616a390aeaa8a1

SHA1
ec9bc7672b3581e0c80e565235383e75487d2d02

SHA256
6558b1181c79c8224438f9bdb2aa6f0dc34d3903eef848a312df958d65d1ef51

SHA512
7208e44289d1f0357fa5be0a642bb83637ab82782443062270e24942fd4bac26e0edcdae76d6e4174874c22169dd837d03905a4b6333eda87671a9a4a814a0da

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57705.exe

Filesize
468KB

MD5
78f366332903b7e53bf9b9b4e0943c45

SHA1
62ad841bf2664431ebfb2c8d3b6ad00aad04ed79

SHA256
565423c3b1a33421e9a53cfeab80733456d41dbd61952c6d318f401990a92f7f

SHA512
56954bdbdf5a10f6df91e11ddb488871be52ede020098a230ca1b21af43aacf2a58fb8d6601ea104a6d4556a09cf9e22e702d8544ddcd19deec1dfc83dafb910

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59154.exe

Filesize
468KB

MD5
29321f6cd8039fedb4caa45ca0a5a936

SHA1
93291d55fb00fc35ed7f8a241dfb25ebb3e4efb4

SHA256
7bb0835a7138a35c8e77772f1cd41c6abea4110ab7dd9436c39c436d13300b64

SHA512
207f82b73430b385965f9e6586fb682acf0375bf9d144eecf0a7cc2e691405dfd54ca465f678de2b369d95fb5bd3e2f30de345810650e28751c18d82ec430cef

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7379.exe

Filesize
468KB

MD5
16aa9b0383c773edd9659156aa7de10b

SHA1
1a72328a2f86d4b3a5b7cc135f1ff9c7b8173e0d

SHA256
1414d7cff1add27613e3d2796ebea2cd604d7b4688d5091f6be735ff0bb6e91d

SHA512
2f2dd05ac20b78626ba80c00e1a3fdfce8df1b2063c6bd0ba10209f1a4a222e08e46cdc4c12a05c4814191c8df3c2243f626badcdb827e44c4b47aeae75eea86

Download Submit