e66d96bce6c155b3a02c19f6f2216203cd5d16f86dd6aa2f4d87bb92110b430e

Analysis

max time kernel
112s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05/09/2024, 08:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0976373a4495a33f84730b23a94168b0N.exe
Size

468KB
MD5

0976373a4495a33f84730b23a94168b0
SHA1

1ed85c113dba6fd061780f31dd4a283afa1e3369
SHA256

e66d96bce6c155b3a02c19f6f2216203cd5d16f86dd6aa2f4d87bb92110b430e
SHA512

ba6768f79275d2ecfe8a22483660d400ee6f0d18e3f2e339d5456f9bccf6c6dcc342468df676c4ff5102005dcc498e505ee619999d1b9f4b6b63b6ebce87c35e
SSDEEP

3072:8ufCotlZI03YtbHEPzcjff/sEWhW+Ipp81HCkdUUxR1cBSbFQXlV:8uqoaOYtYP4jff40VmxRKUbFQ

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2948	Unicorn-3344.exe
2720	Unicorn-28398.exe
2104	Unicorn-56432.exe
2768	Unicorn-21186.exe
2548	Unicorn-16316.exe
2656	Unicorn-14278.exe
2780	Unicorn-27277.exe
2604	Unicorn-41505.exe
2180	Unicorn-31836.exe
2884	Unicorn-27390.exe
2120	Unicorn-19414.exe
2512	Unicorn-65085.exe
1264	Unicorn-8780.exe
1740	Unicorn-27419.exe
1440	Unicorn-6087.exe
2844	Unicorn-2750.exe
692	Unicorn-52060.exe
1820	Unicorn-64141.exe
2764	Unicorn-32458.exe
2164	Unicorn-15345.exe
2192	Unicorn-60140.exe
1500	Unicorn-14468.exe
1540	Unicorn-12200.exe
1648	Unicorn-38625.exe
1140	Unicorn-55418.exe
1572	Unicorn-46872.exe
1604	Unicorn-57840.exe
592	Unicorn-25351.exe
396	Unicorn-61588.exe
2312	Unicorn-7789.exe
2400	Unicorn-53237.exe
2456	Unicorn-59367.exe
2168	Unicorn-52652.exe
2236	Unicorn-46522.exe
1716	Unicorn-40954.exe
2208	Unicorn-38428.exe
2364	Unicorn-38355.exe
2740	Unicorn-2418.exe
2664	Unicorn-4603.exe
3032	Unicorn-58827.exe
2808	Unicorn-14446.exe
2776	Unicorn-20577.exe
2560	Unicorn-50104.exe
3040	Unicorn-60457.exe
2124	Unicorn-52289.exe
1868	Unicorn-27977.exe
1288	Unicorn-44432.exe
2580	Unicorn-38567.exe
2028	Unicorn-3124.exe
2156	Unicorn-30281.exe
2888	Unicorn-2164.exe
2912	Unicorn-63062.exe
852	Unicorn-62684.exe
1812	Unicorn-25403.exe
944	Unicorn-29273.exe
1912	Unicorn-35107.exe
2320	Unicorn-13024.exe
2024	Unicorn-19456.exe
1200	Unicorn-19456.exe
1316	Unicorn-40622.exe
924	Unicorn-44099.exe
828	Unicorn-58781.exe
2608	Unicorn-13730.exe
880	Unicorn-19861.exe

Loads dropped DLL 64 IoCs

pid	Process
1568	0976373a4495a33f84730b23a94168b0N.exe
1568	0976373a4495a33f84730b23a94168b0N.exe
2948	Unicorn-3344.exe
1568	0976373a4495a33f84730b23a94168b0N.exe
2948	Unicorn-3344.exe
1568	0976373a4495a33f84730b23a94168b0N.exe
2720	Unicorn-28398.exe
2720	Unicorn-28398.exe
1568	0976373a4495a33f84730b23a94168b0N.exe
2104	Unicorn-56432.exe
1568	0976373a4495a33f84730b23a94168b0N.exe
2104	Unicorn-56432.exe
2948	Unicorn-3344.exe
2948	Unicorn-3344.exe
2768	Unicorn-21186.exe
2768	Unicorn-21186.exe
2720	Unicorn-28398.exe
2720	Unicorn-28398.exe
2656	Unicorn-14278.exe
2656	Unicorn-14278.exe
2104	Unicorn-56432.exe
2780	Unicorn-27277.exe
2780	Unicorn-27277.exe
2104	Unicorn-56432.exe
2948	Unicorn-3344.exe
1568	0976373a4495a33f84730b23a94168b0N.exe
1568	0976373a4495a33f84730b23a94168b0N.exe
2948	Unicorn-3344.exe
2604	Unicorn-41505.exe
2604	Unicorn-41505.exe
2768	Unicorn-21186.exe
2768	Unicorn-21186.exe
2548	Unicorn-16316.exe
2548	Unicorn-16316.exe
2180	Unicorn-31836.exe
2180	Unicorn-31836.exe
2720	Unicorn-28398.exe
2720	Unicorn-28398.exe
2120	Unicorn-19414.exe
2120	Unicorn-19414.exe
2780	Unicorn-27277.exe
2780	Unicorn-27277.exe
2884	Unicorn-27390.exe
2884	Unicorn-27390.exe
2656	Unicorn-14278.exe
2656	Unicorn-14278.exe
2948	Unicorn-3344.exe
2948	Unicorn-3344.exe
1264	Unicorn-8780.exe
1264	Unicorn-8780.exe
1568	0976373a4495a33f84730b23a94168b0N.exe
2104	Unicorn-56432.exe
1568	0976373a4495a33f84730b23a94168b0N.exe
2104	Unicorn-56432.exe
1440	Unicorn-6087.exe
1440	Unicorn-6087.exe
2844	Unicorn-2750.exe
2604	Unicorn-41505.exe
2844	Unicorn-2750.exe
2604	Unicorn-41505.exe
692	Unicorn-52060.exe
2768	Unicorn-21186.exe
692	Unicorn-52060.exe
2768	Unicorn-21186.exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62355.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27390.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64256.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5940.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4076.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51856.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12244.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12355.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18769.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4109.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3579.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63186.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28398.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13730.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40963.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56310.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44432.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28614.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49522.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13225.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51856.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22755.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0976373a4495a33f84730b23a94168b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33093.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19180.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25441.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55503.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46859.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29273.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43627.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41814.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43421.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62655.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51856.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12244.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56891.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19337.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11853.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57297.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22734.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26723.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62605.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51856.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20478.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52581.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39925.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4736.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4821.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64256.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41096.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46340.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12200.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20577.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50104.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41981.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59957.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40954.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4603.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35865.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5147.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42577.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2164.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11526.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18318.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1568	0976373a4495a33f84730b23a94168b0N.exe
2948	Unicorn-3344.exe
2720	Unicorn-28398.exe
2104	Unicorn-56432.exe
2768	Unicorn-21186.exe
2548	Unicorn-16316.exe
2780	Unicorn-27277.exe
2656	Unicorn-14278.exe
2604	Unicorn-41505.exe
2180	Unicorn-31836.exe
2120	Unicorn-19414.exe
1264	Unicorn-8780.exe
2884	Unicorn-27390.exe
1740	Unicorn-27419.exe
2512	Unicorn-65085.exe
1440	Unicorn-6087.exe
2844	Unicorn-2750.exe
692	Unicorn-52060.exe
1820	Unicorn-64141.exe
2764	Unicorn-32458.exe
2164	Unicorn-15345.exe
2192	Unicorn-60140.exe
1500	Unicorn-14468.exe
1540	Unicorn-12200.exe
1572	Unicorn-46872.exe
1648	Unicorn-38625.exe
1140	Unicorn-55418.exe
1604	Unicorn-57840.exe
592	Unicorn-25351.exe
2312	Unicorn-7789.exe
396	Unicorn-61588.exe
2456	Unicorn-59367.exe
2400	Unicorn-53237.exe
2236	Unicorn-46522.exe
2168	Unicorn-52652.exe
1716	Unicorn-40954.exe
2364	Unicorn-38355.exe
2740	Unicorn-2418.exe
2208	Unicorn-38428.exe
2664	Unicorn-4603.exe
3032	Unicorn-58827.exe
2808	Unicorn-14446.exe
2776	Unicorn-20577.exe
2560	Unicorn-50104.exe
1288	Unicorn-44432.exe
2124	Unicorn-52289.exe
3040	Unicorn-60457.exe
1868	Unicorn-27977.exe
2028	Unicorn-3124.exe
2156	Unicorn-30281.exe
2580	Unicorn-38567.exe
2888	Unicorn-2164.exe
2912	Unicorn-63062.exe
852	Unicorn-62684.exe
1812	Unicorn-25403.exe
944	Unicorn-29273.exe
1912	Unicorn-35107.exe
1200	Unicorn-19456.exe
2320	Unicorn-13024.exe
2024	Unicorn-19456.exe
1316	Unicorn-40622.exe
924	Unicorn-44099.exe
828	Unicorn-58781.exe
880	Unicorn-19861.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1568 wrote to memory of 2948	1568	0976373a4495a33f84730b23a94168b0N.exe	29
PID 1568 wrote to memory of 2948	1568	0976373a4495a33f84730b23a94168b0N.exe	29
PID 1568 wrote to memory of 2948	1568	0976373a4495a33f84730b23a94168b0N.exe	29
PID 1568 wrote to memory of 2948	1568	0976373a4495a33f84730b23a94168b0N.exe	29
PID 1568 wrote to memory of 2720	1568	0976373a4495a33f84730b23a94168b0N.exe	31
PID 1568 wrote to memory of 2720	1568	0976373a4495a33f84730b23a94168b0N.exe	31
PID 1568 wrote to memory of 2720	1568	0976373a4495a33f84730b23a94168b0N.exe	31
PID 1568 wrote to memory of 2720	1568	0976373a4495a33f84730b23a94168b0N.exe	31
PID 2948 wrote to memory of 2104	2948	Unicorn-3344.exe	30
PID 2948 wrote to memory of 2104	2948	Unicorn-3344.exe	30
PID 2948 wrote to memory of 2104	2948	Unicorn-3344.exe	30
PID 2948 wrote to memory of 2104	2948	Unicorn-3344.exe	30
PID 2720 wrote to memory of 2768	2720	Unicorn-28398.exe	32
PID 2720 wrote to memory of 2768	2720	Unicorn-28398.exe	32
PID 2720 wrote to memory of 2768	2720	Unicorn-28398.exe	32
PID 2720 wrote to memory of 2768	2720	Unicorn-28398.exe	32
PID 1568 wrote to memory of 2548	1568	0976373a4495a33f84730b23a94168b0N.exe	33
PID 1568 wrote to memory of 2548	1568	0976373a4495a33f84730b23a94168b0N.exe	33
PID 1568 wrote to memory of 2548	1568	0976373a4495a33f84730b23a94168b0N.exe	33
PID 1568 wrote to memory of 2548	1568	0976373a4495a33f84730b23a94168b0N.exe	33
PID 2104 wrote to memory of 2656	2104	Unicorn-56432.exe	34
PID 2104 wrote to memory of 2656	2104	Unicorn-56432.exe	34
PID 2104 wrote to memory of 2656	2104	Unicorn-56432.exe	34
PID 2104 wrote to memory of 2656	2104	Unicorn-56432.exe	34
PID 2948 wrote to memory of 2780	2948	Unicorn-3344.exe	35
PID 2948 wrote to memory of 2780	2948	Unicorn-3344.exe	35
PID 2948 wrote to memory of 2780	2948	Unicorn-3344.exe	35
PID 2948 wrote to memory of 2780	2948	Unicorn-3344.exe	35
PID 2768 wrote to memory of 2604	2768	Unicorn-21186.exe	36
PID 2768 wrote to memory of 2604	2768	Unicorn-21186.exe	36
PID 2768 wrote to memory of 2604	2768	Unicorn-21186.exe	36
PID 2768 wrote to memory of 2604	2768	Unicorn-21186.exe	36
PID 2720 wrote to memory of 2180	2720	Unicorn-28398.exe	37
PID 2720 wrote to memory of 2180	2720	Unicorn-28398.exe	37
PID 2720 wrote to memory of 2180	2720	Unicorn-28398.exe	37
PID 2720 wrote to memory of 2180	2720	Unicorn-28398.exe	37
PID 2656 wrote to memory of 2884	2656	Unicorn-14278.exe	38
PID 2656 wrote to memory of 2884	2656	Unicorn-14278.exe	38
PID 2656 wrote to memory of 2884	2656	Unicorn-14278.exe	38
PID 2656 wrote to memory of 2884	2656	Unicorn-14278.exe	38
PID 2780 wrote to memory of 2120	2780	Unicorn-27277.exe	40
PID 2780 wrote to memory of 2120	2780	Unicorn-27277.exe	40
PID 2780 wrote to memory of 2120	2780	Unicorn-27277.exe	40
PID 2780 wrote to memory of 2120	2780	Unicorn-27277.exe	40
PID 2104 wrote to memory of 2512	2104	Unicorn-56432.exe	39
PID 2104 wrote to memory of 2512	2104	Unicorn-56432.exe	39
PID 2104 wrote to memory of 2512	2104	Unicorn-56432.exe	39
PID 2104 wrote to memory of 2512	2104	Unicorn-56432.exe	39
PID 1568 wrote to memory of 1264	1568	0976373a4495a33f84730b23a94168b0N.exe	42
PID 1568 wrote to memory of 1264	1568	0976373a4495a33f84730b23a94168b0N.exe	42
PID 1568 wrote to memory of 1264	1568	0976373a4495a33f84730b23a94168b0N.exe	42
PID 1568 wrote to memory of 1264	1568	0976373a4495a33f84730b23a94168b0N.exe	42
PID 2948 wrote to memory of 1740	2948	Unicorn-3344.exe	41
PID 2948 wrote to memory of 1740	2948	Unicorn-3344.exe	41
PID 2948 wrote to memory of 1740	2948	Unicorn-3344.exe	41
PID 2948 wrote to memory of 1740	2948	Unicorn-3344.exe	41
PID 2604 wrote to memory of 1440	2604	Unicorn-41505.exe	43
PID 2604 wrote to memory of 1440	2604	Unicorn-41505.exe	43
PID 2604 wrote to memory of 1440	2604	Unicorn-41505.exe	43
PID 2604 wrote to memory of 1440	2604	Unicorn-41505.exe	43
PID 2768 wrote to memory of 2844	2768	Unicorn-21186.exe	44
PID 2768 wrote to memory of 2844	2768	Unicorn-21186.exe	44
PID 2768 wrote to memory of 2844	2768	Unicorn-21186.exe	44
PID 2768 wrote to memory of 2844	2768	Unicorn-21186.exe	44

C:\Users\Admin\AppData\Local\Temp\0976373a4495a33f84730b23a94168b0N.exe
"C:\Users\Admin\AppData\Local\Temp\0976373a4495a33f84730b23a94168b0N.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1568
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3344.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3344.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56432.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56432.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14278.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14278.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27390.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14468.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20577.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31392.exe
        8⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7383.exe
        8⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51856.exe
        8⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12244.exe
        8⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64633.exe
        8⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3358.exe
        7⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21118.exe
        7⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57721.exe
        7⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3579.exe
        7⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45819.exe
        7⤵
        
        PID:4812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50104.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58257.exe
        7⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39925.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12770.exe
        7⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-476.exe
        7⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13225.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13206.exe
        6⤵
        
        PID:3060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62484.exe
        6⤵
        
        PID:1972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46643.exe
        6⤵
        
        PID:3888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52581.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62885.exe
        6⤵
        
        PID:4868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12200.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60457.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29455.exe
        7⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55078.exe
        7⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15155.exe
        7⤵
        
        PID:4432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40363.exe
        6⤵
        
        PID:2552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21502.exe
        6⤵
        
        PID:276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28614.exe
        6⤵
        
        PID:3508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63186.exe
        6⤵
        
        PID:4464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38567.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3945.exe
        6⤵
        
        PID:4956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57297.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37280.exe
        5⤵
        
        PID:2864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3413.exe
        5⤵
        
        PID:3480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60487.exe
        5⤵
        
        PID:1508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56891.exe
        5⤵
        
        PID:4648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65085.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58827.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19456.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64256.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7383.exe
        7⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51856.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49982.exe
        7⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12355.exe
        7⤵
        
        PID:4676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29398.exe
        6⤵
        
        PID:2096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21118.exe
        6⤵
        
        PID:2628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18926.exe
        6⤵
        
        PID:4076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20165.exe
        6⤵
        
        PID:4308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55503.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44099.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57527.exe
        6⤵
        
        PID:4056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8700.exe
        6⤵
        
        PID:4324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13767.exe
        6⤵
        
        PID:4624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5940.exe
        5⤵
        
        PID:2796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22641.exe
        5⤵
        
        PID:3460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59106.exe
        5⤵
        
        PID:3824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35215.exe
        5⤵
        
        PID:3200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46859.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57840.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57840.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52289.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-364.exe
        6⤵
        
        PID:2804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7383.exe
        6⤵
        
        PID:2536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51856.exe
        6⤵
        
        PID:3204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52011.exe
        6⤵
        
        PID:3276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29760.exe
        6⤵
        
        PID:4276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22128.exe
        5⤵
        
        PID:860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40081.exe
        5⤵
        
        PID:2012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28614.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59957.exe
        5⤵
        
        PID:3192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47994.exe
        5⤵
        
        PID:5052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44432.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16387.exe
        5⤵
        
        PID:4120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48440.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48440.exe
      4⤵
      PID:2276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20745.exe
      4⤵
      PID:952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20670.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20670.exe
      4⤵
      PID:3580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38956.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38956.exe
      4⤵
      PID:3296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51556.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51556.exe
      4⤵
      PID:4660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27277.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27277.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19414.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19414.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15345.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27977.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31392.exe
        7⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7383.exe
        7⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51856.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29240.exe
        7⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12355.exe
        7⤵
        
        PID:4736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11526.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21118.exe
        6⤵
        
        PID:2840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57721.exe
        6⤵
        
        PID:3176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52780.exe
        6⤵
        
        PID:3976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47438.exe
        6⤵
        
        PID:5080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3124.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58781.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51877.exe
        6⤵
        
        PID:236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25441.exe
        6⤵
        
        PID:3384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10601.exe
        6⤵
        
        PID:3884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63186.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13730.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47405.exe
        6⤵
        
        PID:3916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58181.exe
        6⤵
        
        PID:3428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24122.exe
        6⤵
        
        PID:4628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5940.exe
        5⤵
        
        PID:2040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62605.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42577.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3310.exe
        5⤵
        
        PID:4004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8760.exe
        5⤵
        
        PID:4332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60140.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4603.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32663.exe
        6⤵
        
        PID:1600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7715.exe
        6⤵
        
        PID:1872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23464.exe
        6⤵
        
        PID:3568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12244.exe
        6⤵
        
        PID:3772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38388.exe
        6⤵
        
        PID:4828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4821.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21450.exe
        5⤵
        
        PID:2880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45666.exe
        5⤵
        
        PID:3540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3579.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21123.exe
        5⤵
        
        PID:4596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14446.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14446.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37782.exe
        5⤵
        
        PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12691.exe
        5⤵
        
        PID:5024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48999.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48999.exe
      4⤵
      PID:2032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18318.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32520.exe
      4⤵
      PID:3080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4109.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4109.exe
      4⤵
      PID:3344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49522.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49522.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27419.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27419.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2418.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2418.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61277.exe
        5⤵
        
        PID:676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51877.exe
        5⤵
        
        PID:3068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25441.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2241.exe
        5⤵
        
        PID:3720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2780.exe
        5⤵
        
        PID:3076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22755.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-191.exe
      4⤵
      PID:1976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5940.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47574.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47574.exe
      4⤵
      PID:3652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4109.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4109.exe
      4⤵
      PID:3472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57690.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57690.exe
      4⤵
      PID:4716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38625.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38625.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63062.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-350.exe
        5⤵
        
        PID:4092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65456.exe
        5⤵
        
        PID:4456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33093.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33093.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16837.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16837.exe
      4⤵
      PID:2148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20637.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20637.exe
      4⤵
      PID:3628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59957.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61357.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61357.exe
      4⤵
      PID:4476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62684.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62684.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43724.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43724.exe
      4⤵
      PID:3144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18825.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18825.exe
      4⤵
      PID:4280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27493.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27493.exe
    3⤵
    PID:1628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48584.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48584.exe
    3⤵
    PID:2752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32113.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32113.exe
    3⤵
    PID:3796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39677.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39677.exe
    3⤵
    PID:3104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7625.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7625.exe
    3⤵
    PID:4356
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28398.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28398.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21186.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21186.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41505.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6087.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25351.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25403.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56310.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49022.exe
        8⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15155.exe
        8⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33093.exe
        7⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61435.exe
        7⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27592.exe
        7⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3100.exe
        7⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11497.exe
        7⤵
        
        PID:4748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29273.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64256.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7383.exe
        7⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51856.exe
        7⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41814.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5690.exe
        7⤵
        
        PID:4208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43134.exe
        6⤵
        
        PID:1104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26984.exe
        6⤵
        
        PID:2524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2391.exe
        6⤵
        
        PID:4032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60487.exe
        6⤵
        
        PID:3548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61427.exe
        6⤵
        
        PID:4172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7789.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5797.exe
        6⤵
        
        PID:2044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7383.exe
        6⤵
        
        PID:2732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51856.exe
        6⤵
        
        PID:3244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3500.exe
        6⤵
        
        PID:4068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7456.exe
        6⤵
        
        PID:4124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25261.exe
        5⤵
        
        PID:2448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49014.exe
        5⤵
        
        PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46090.exe
        5⤵
        
        PID:3752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60487.exe
        5⤵
        
        PID:3616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56891.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2750.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2750.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61588.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19456.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46031.exe
        7⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7715.exe
        7⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23464.exe
        7⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12244.exe
        7⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5069.exe
        7⤵
        
        PID:5056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29538.exe
        6⤵
        
        PID:2908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13666.exe
        6⤵
        
        PID:2528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32236.exe
        6⤵
        
        PID:3700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3579.exe
        6⤵
        
        PID:3468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62156.exe
        6⤵
        
        PID:4708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40622.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19337.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40963.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40665.exe
        6⤵
        
        PID:3560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43421.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12885.exe
        6⤵
        
        PID:4704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46263.exe
        5⤵
        
        PID:1772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3195.exe
        5⤵
        
        PID:1172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41195.exe
        5⤵
        
        PID:3576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58836.exe
        5⤵
        
        PID:4344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62537.exe
        5⤵
        
        PID:4584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53237.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53237.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43639.exe
        5⤵
        
        PID:1084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36926.exe
        5⤵
        
        PID:976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65426.exe
        5⤵
        
        PID:3748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3085.exe
        5⤵
        
        PID:3020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12355.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31127.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31127.exe
      4⤵
      PID:832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18318.exe
      4⤵
      PID:956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32520.exe
      4⤵
      PID:3088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4109.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4109.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41354.exe
      4⤵
      PID:4876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31836.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31836.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64141.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64141.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52652.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51241.exe
        6⤵
        
        PID:868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65468.exe
        6⤵
        
        PID:1296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49443.exe
        6⤵
        
        PID:3868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12244.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
        6⤵
        
        PID:4892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64432.exe
        5⤵
        
        PID:2848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12509.exe
        6⤵
        
        PID:3764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26723.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60869.exe
        5⤵
        
        PID:1760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39932.exe
        5⤵
        
        PID:4012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3579.exe
        5⤵
        
        PID:3316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45819.exe
        5⤵
        
        PID:4804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40954.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35107.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22734.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11706.exe
        6⤵
        
        PID:3440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4736.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2317.exe
        6⤵
        
        PID:436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12355.exe
        6⤵
        
        PID:4688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33093.exe
        5⤵
        
        PID:564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59214.exe
        5⤵
        
        PID:3112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37659.exe
        5⤵
        
        PID:3924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63186.exe
        5⤵
        
        PID:4488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13024.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31392.exe
        5⤵
        
        PID:1744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7383.exe
        5⤵
        
        PID:800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51856.exe
        5⤵
        
        PID:3224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4076.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38388.exe
        5⤵
        
        PID:4784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7407.exe
      4⤵
      PID:1704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62655.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62655.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20478.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20478.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58836.exe
      4⤵
      PID:4316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54368.exe
      4⤵
      PID:4572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32458.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32458.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38428.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38428.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47292.exe
        5⤵
        
        PID:2868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65468.exe
        5⤵
        
        PID:2176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49443.exe
        5⤵
        
        PID:3876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12244.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62355.exe
        5⤵
        
        PID:4908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21562.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21562.exe
      4⤵
      PID:2572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40283.exe
      4⤵
      PID:1256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55308.exe
      4⤵
      PID:3860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3579.exe
      4⤵
      PID:3512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45819.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45819.exe
      4⤵
      PID:4840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38355.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38355.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46031.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46031.exe
      4⤵
      PID:2956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7715.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7715.exe
      4⤵
      PID:2440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1373.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1373.exe
      4⤵
      PID:3636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12244.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12244.exe
      4⤵
      PID:3488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47555.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47555.exe
      4⤵
      PID:4928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14241.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14241.exe
    3⤵
    PID:2588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59868.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59868.exe
    3⤵
    PID:1864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24100.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24100.exe
    3⤵
    PID:3708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48115.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48115.exe
    3⤵
    PID:3664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36019.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36019.exe
    3⤵
    PID:4856
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16316.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16316.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52060.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52060.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59367.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59367.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19861.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51877.exe
        5⤵
        
        PID:2568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65405.exe
        5⤵
        
        PID:3364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18769.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18156.exe
        5⤵
        
        PID:3820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37729.exe
        5⤵
        
        PID:4392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43440.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43440.exe
      4⤵
      PID:2496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41096.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7383.exe
        5⤵
        
        PID:1708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51856.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29240.exe
        5⤵
        
        PID:3188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12355.exe
        5⤵
        
        PID:4652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43627.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43627.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26984.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26984.exe
      4⤵
      PID:1252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49056.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49056.exe
      4⤵
      PID:3092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-814.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-814.exe
      4⤵
      PID:3532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33264.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33264.exe
      4⤵
      PID:4404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46522.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46522.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22155.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22155.exe
      4⤵
      PID:2464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7383.exe
      4⤵
      PID:3056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51856.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29240.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29240.exe
      4⤵
      PID:3108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12355.exe
      4⤵
      PID:1208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46276.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46276.exe
    3⤵
    PID:2816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63135.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63135.exe
    3⤵
    PID:3372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38112.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38112.exe
    3⤵
    PID:3692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41981.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41981.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37891.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37891.exe
    3⤵
    PID:4200
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8780.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8780.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55418.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55418.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30281.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11853.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47134.exe
        5⤵
        
        PID:2352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10631.exe
        5⤵
        
        PID:4040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12244.exe
        5⤵
        
        PID:3452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62355.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51469.exe
      4⤵
      PID:804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21118.exe
      4⤵
      PID:1340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18926.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18926.exe
      4⤵
      PID:4064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20165.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20165.exe
      4⤵
      PID:4300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55503.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55503.exe
      4⤵
      PID:4672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2164.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2164.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35865.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35865.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65468.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65468.exe
      4⤵
      PID:1736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59640.exe
      4⤵
      PID:3996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12244.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12244.exe
      4⤵
      PID:3424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5069.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5069.exe
      4⤵
      PID:5068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5147.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5147.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46340.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46340.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53107.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53107.exe
    3⤵
    PID:3848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64172.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64172.exe
    3⤵
    PID:4288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58336.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58336.exe
    3⤵
    PID:4508
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46872.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46872.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39700.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39700.exe
    3⤵
    PID:936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7715.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7715.exe
    3⤵
    PID:2324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56137.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56137.exe
    3⤵
    PID:3520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12244.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12244.exe
    3⤵
    PID:3332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12962.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12962.exe
    3⤵
    PID:4548
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14618.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14618.exe
  2⤵
  PID:2108
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19180.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19180.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1556
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40696.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40696.exe
  2⤵
  PID:3608
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42780.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42780.exe
  2⤵
  PID:3380
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40219.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40219.exe
  2⤵
  PID:4832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14278.exe

Filesize
468KB

MD5
25103f80320bea7146a8e180479a01df

SHA1
7a54408adb686368704b7c164f64778136ce376f

SHA256
9fb0828d26518dcd2b70fffaabcc90a5c3db6a1a7a330e66702bf255d730127b

SHA512
64c492f3e19daf04dcd987d4e5c15c751277d1dd9e230e6162e9b8fcabdedc6be011d35f19a247e3fe03c7edf33aef4813a7ebfbd442b2acb9bffe83af04b299

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27390.exe

Filesize
468KB

MD5
3b5e7ae24a9553e7e9ee461f0d75afa0

SHA1
654c59b58ad6e03a0d75710bd21718fb919c061b

SHA256
75820cd300978cf6c4b8675bb7f3d4c6129274b1d117286624880fc564c8d222

SHA512
35c485f2bfb6cfeb8cb51644f5f084284cdd2bc9b09d3cd22b91f612f5b8f5b02ff6896ea391ee6659fee84bf297583d4007cbde4c03666ccbcc4c3d23016ba8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-476.exe

Filesize
468KB

MD5
c61a79c57154c1ebcaba1eb71ec7cdab

SHA1
6bcbc12e32c08bda38be9773d97dfe8422dd4225

SHA256
4caa652baf22e9e557c2349ea21530c42b4675360286d30ff804839928aacc0a

SHA512
894867bd25168e4177fca099507691bbf26cd2506723ac7780d74779a4da73876cdb1e008c0d99d943994ca898ac37d24fdc286c99a6301b4722f34c67f4c265

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47994.exe

Filesize
468KB

MD5
5855f3694a5bc96bb81989457ae19996

SHA1
b4fcff57c4d74ae8d44955036943b75e5a8d8e83

SHA256
d2d20f798c9818a19545eae48f1a7e374badc5eeb3a566d48024f586ea0d4275

SHA512
954031178deb021024fea1f82fe4481c5983fe7af0ba0846af59fbbcc903b97059a8cc1e308938d687502a7a35b772c7beee270f98cd0c3672a6d6e41fe04578

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52060.exe

Filesize
468KB

MD5
a8a5fd17d949c24b6387007ef61d4ef6

SHA1
a4cb9dde6ca96fdd90a2d03f61c5eda5a248d511

SHA256
7e83170593e541881833272d4a8b922a26b8a3c63e7b5f7af9932c904b1adcd1

SHA512
3511ef1ee038bac6ea5e26c1f3e87bc2034282bb9d0c589bbcbc1842752d4ebe5a5806fa84cdd1d5f9df0963560b7335d1f46028368e6789bc93ef131f2a2c2f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16316.exe

Filesize
468KB

MD5
8372180f152da771b560ead021d6cc72

SHA1
f8191ae73df3c95dadf27549077bf50f58ab7e00

SHA256
8f96c6d3783687ce27f48cba44764c27ab1e8e09125542bdeef69b7526d0176b

SHA512
fe03f74c8bf9444684760598097a53005723ed5fe946a68930d1d4110e3b0cfc97059d3c17be2bbd8e01c420397aa04e6822e976371ba26c29643ad0d141740e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19414.exe

Filesize
468KB

MD5
33b889cff3e28685e85dd25dce267737

SHA1
a55b55d9916261af4d69f26d42960157d0acd867

SHA256
671f82b3561deaad6dae7d4e37d6438a14e21f40c325cd102a8bde62d7941217

SHA512
9d80727ae23979d01a19cedf74ffe1fd9347ee69c751434d823e0da49c2da3004cf2892e7cf6fcee183817ab57de3ea623faaa46b17e50923f5558d86e5660c7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21186.exe

Filesize
468KB

MD5
139767720e2dc797af3a60bf0c031aee

SHA1
5f4ed4e573bc4225744bfbd365e793aa56bd1e36

SHA256
6cf2bc3a3dadfe21a6e8ddca67978fe215bc7f431de040ff3f4b4129492afe0f

SHA512
679fa627553f405d8a1af12004ee252dece5ff4177b8cc71a61a72208fd9f5cbd9e31387d2cbe03955f356d2a9447981444f7485a92bb43ebcb0df134d4cfd38

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27277.exe

Filesize
468KB

MD5
63c6d3aa43240f6b3c6e1decaaff2228

SHA1
3a61f707c99aae9602d5fbf11ba7c066b7d53abd

SHA256
1780547fb101a0ec6986677025d5798bc2a072a8f1654f15eb00370464970e8f

SHA512
d87b02b0b08ba76cd43123e280b83dd26235d4d3a5781adb02029d78ca23fd79b49c0d298994d7d9b8efa606e430e519a63fb2933b068487b4e2ec2edeebd0e7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27419.exe

Filesize
468KB

MD5
2bacb7eaca87391ea8fed248aa1aec19

SHA1
53d0da0b3bd572a28570bad3cf7a40ecbf19a5a9

SHA256
11acb667fe819c1f6806874ea2f0fa7b5211ef095e1d777d1aac85bf9bebad85

SHA512
fa70209d5c40d8eda83cc226a9ad254024acd3509bcd7139d1df0cd46df9a4b3b932a2dd1ec6b37a4f0e8991b8502bc1dea3cd530bab1c2cfdf91b574c5db43b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2750.exe

Filesize
468KB

MD5
76caabef4425d3f59b17b9f898f55174

SHA1
4414efacff86ac62766664aa3f49218ed128ef6e

SHA256
efc9aed84d4a45d3db1cb645f176cc00f0415a4d265fe762b71c449f3a827deb

SHA512
d855c26eb6ceecacf63cc847c995439ff2c97e7ebdcaecd3cd33a74c0ea892496f47570402cb3d702101840d9d03c3edf74f07a1a992ba3e92ef46e023ba781f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28398.exe

Filesize
468KB

MD5
8c315c492dc17e7a8b33c8d85274e271

SHA1
61d8b4313136cccf83a743d452ba3bd56e5b90e4

SHA256
932ce5bfe2e1ea6bac1ed8468c9102e5b12565bff1bbdf2f1f6537b245f41dcb

SHA512
b551a583e24cd78560bb616e7ab30b093611c702b16f4e5e268276635c9687f3810e9bbf9f1f015efa48f9c897f9b598c49eab0d8ea40ca4de6b4216f9347eab

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31836.exe

Filesize
468KB

MD5
1577d6f5aa0d02e700543f3a7ef78e97

SHA1
47006aa6fee5a0062f6008978040830ae11b9559

SHA256
34663d0cc9c592e05f931ecd58aa2e938cd798db4c612cd581750207405a81b8

SHA512
826e28d72dd6a5e9fde8b7ebc58ad29aeeaef129fde95fbe15156084b6327272e13798acbed8ad932817cb3ce61439617cf5b593418ef7afebf60e16314da785

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3344.exe

Filesize
468KB

MD5
152fb1c80ed29b85d93e7e91a26731f9

SHA1
b5dbb5a00ee3438d10f90174f3e449b15d93969c

SHA256
8d1adac49e7833ea49560aed7969705c0f63b7bdb2bed830a12e5c44a592339d

SHA512
2654d60e1fd85abc4f81e4f64c4249041b5e78ded0688f00dd54263d781574f48585ab5618079a56d47dcadcddb812d3ffa86cca6d8051bb116fc2b71be8f8fd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41505.exe

Filesize
468KB

MD5
bc8ee0699435fbcb2cb04aee05697133

SHA1
6e99126a720aaa03c1bd87ee973548c5a7edb13e

SHA256
717202b44908d353d20914cc2fda95cadc9a3644de02c68b5e37510dd7b94d1a

SHA512
e5b6979ace57642f899b7a078e732a206c6b59ec09b3733d46d933ec3845a011ac9cf5af2e2fe315371f83cf534efe06f6a36ed362ab01e20ff8c80d31ade979

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56432.exe

Filesize
468KB

MD5
7e1d221ec208fde6fc289460ed48e229

SHA1
e3b81cbe18ec3e938a7803fe656a8d52f4e20fc3

SHA256
e30a0cc1ff2f5f7c3dc0ef5d0ecb50420693042c2cc10a45e235d82d1a4c7588

SHA512
758f7019268b58c1bb0f2d38bca293549b6263280de882899dc4a792765b648c549124a93efae26f96b164ff6dbb09ff3782a8b1f22a837a164a95d135e51e14

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6087.exe

Filesize
468KB

MD5
2db85cb58adb46da5a6353c71507d041

SHA1
83c77bd960e6d7454e383d5368e416c46b4f0535

SHA256
7a5dca15cb97b50393d19bad246bf05a4cd7ea6f820106f8976110a63592122c

SHA512
638114b7882a3b5bd7203a2ddc7ed191a09bb0bd8a758da85db23355a19e04574c1f7cd21d906c2035a619abe40ad9f639191537e3ffb490531dadfdc5e2e522

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64141.exe

Filesize
468KB

MD5
5a5a5c6693950a93f998d012a8b30ca1

SHA1
29ac7ee411c8ff2d6f956e0c73d1bf25057d1826

SHA256
8707448964c4df9cc110d5f3245b0f1f1f8f73df14591609a50c15a448d49917

SHA512
9aac27f673b95c3663d28aedbfd3e7f7cf2f8c1cda2c50172e2eab5f47628ccac1d9ccb3116ab5843b571a4c682bf062a23e72271ea3362953a78738adea01c8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65085.exe

Filesize
468KB

MD5
ce8c948e6e5e1acb75d64b37f4fea1fb

SHA1
6444973a62725af4a92b4086f7d6e599f0e7c232

SHA256
d354a1afa611886d4821c58dcfe69c881ba6b3a850e3d3db5277bd6c5fa79727

SHA512
28a1b8535fb1f349c77a5763f1067c45074f90f255e2f2418a1036f598e31983d5dc8bd6a6ee6039853dba28fe5a093d2a37e6101709927116a55b8b5c3def53

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8780.exe

Filesize
468KB

MD5
139cb27396715fdfa53c090e2c67eee0

SHA1
53e4f78448cb5666a8b4b255b35252871807fdf0

SHA256
06689b836856467d1105846d5371fc08666165732d558a4634d4e3d99f8bcaca

SHA512
d65225cb585f3e24028f6c64f4980054827695f0a6ebd3aa64fc87fd23fae54e6ce2250b8e632905a67350daf864dd18323ff943d89e7d4ee6e6744014ec756b

Download Submit