5bc745280ef52c9e80b19ac49297be9d3d4dc2f7c203fe26ae2404c2fad6036e

Analysis

max time kernel
149s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08/09/2024, 22:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5bc745280ef52c9e80b19ac49297be9d3d4dc2f7c203fe26ae2404c2fad6036e.exe
Size

468KB
MD5

f35bf00178d2e1596a4b0db77c04ddc2
SHA1

5015c88b804190e54b64a87238cfb57d80e77a5e
SHA256

5bc745280ef52c9e80b19ac49297be9d3d4dc2f7c203fe26ae2404c2fad6036e
SHA512

0781acaa610d83356cb188870e09dfe498065ecee56f541689f114415c83ad012822e52ff5cca587240e1291a88e6bf79d9679b163cd89be6635b976ba6fb204
SSDEEP

3072:3GoWoEXvt05RDbYcH5uwvf8/uCy8P0pdnLHewVxJiF0e5L6joIlf:3GZoQ8RDPHQwvf2YwQiFbx6jo

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2184	Unicorn-64283.exe
2756	Unicorn-27574.exe
2548	Unicorn-8585.exe
2568	Unicorn-30672.exe
2656	Unicorn-20457.exe
2572	Unicorn-2446.exe
2664	Unicorn-26588.exe
2848	Unicorn-63427.exe
1060	Unicorn-28352.exe
1660	Unicorn-55259.exe
1696	Unicorn-7381.exe
1916	Unicorn-23163.exe
2056	Unicorn-12948.exe
2836	Unicorn-52306.exe
1344	Unicorn-6634.exe
2412	Unicorn-44159.exe
2128	Unicorn-27636.exe
2896	Unicorn-63209.exe
2240	Unicorn-22731.exe
2372	Unicorn-22177.exe
1608	Unicorn-21662.exe
2144	Unicorn-6717.exe
928	Unicorn-44221.exe
1544	Unicorn-64086.exe
2484	Unicorn-47558.exe
772	Unicorn-41428.exe
1672	Unicorn-43209.exe
616	Unicorn-43474.exe
2096	Unicorn-42082.exe
1404	Unicorn-52310.exe
1740	Unicorn-18176.exe
2472	Unicorn-40734.exe
1496	Unicorn-15268.exe
3008	Unicorn-59016.exe
2828	Unicorn-39150.exe
2884	Unicorn-50848.exe
2576	Unicorn-20021.exe
2796	Unicorn-6286.exe
2852	Unicorn-22068.exe
2584	Unicorn-61054.exe
2604	Unicorn-47304.exe
2616	Unicorn-22800.exe
2480	Unicorn-22800.exe
2592	Unicorn-2934.exe
2984	Unicorn-47859.exe
1856	Unicorn-17132.exe
2028	Unicorn-24746.exe
2388	Unicorn-40982.exe
1768	Unicorn-16386.exe
796	Unicorn-51288.exe
1748	Unicorn-37552.exe
2460	Unicorn-18524.exe
1512	Unicorn-27875.exe
284	Unicorn-28373.exe
1076	Unicorn-7148.exe
2228	Unicorn-39520.exe
1632	Unicorn-360.exe
2052	Unicorn-51450.exe
960	Unicorn-47003.exe
896	Unicorn-45420.exe
2304	Unicorn-10054.exe
1652	Unicorn-50663.exe
1520	Unicorn-52933.exe
1304	Unicorn-7916.exe

Loads dropped DLL 64 IoCs

pid	Process
3024	5bc745280ef52c9e80b19ac49297be9d3d4dc2f7c203fe26ae2404c2fad6036e.exe
3024	5bc745280ef52c9e80b19ac49297be9d3d4dc2f7c203fe26ae2404c2fad6036e.exe
2184	Unicorn-64283.exe
2184	Unicorn-64283.exe
3024	5bc745280ef52c9e80b19ac49297be9d3d4dc2f7c203fe26ae2404c2fad6036e.exe
3024	5bc745280ef52c9e80b19ac49297be9d3d4dc2f7c203fe26ae2404c2fad6036e.exe
2548	Unicorn-8585.exe
2548	Unicorn-8585.exe
3024	5bc745280ef52c9e80b19ac49297be9d3d4dc2f7c203fe26ae2404c2fad6036e.exe
3024	5bc745280ef52c9e80b19ac49297be9d3d4dc2f7c203fe26ae2404c2fad6036e.exe
2184	Unicorn-64283.exe
2756	Unicorn-27574.exe
2756	Unicorn-27574.exe
2184	Unicorn-64283.exe
2656	Unicorn-20457.exe
2656	Unicorn-20457.exe
3024	5bc745280ef52c9e80b19ac49297be9d3d4dc2f7c203fe26ae2404c2fad6036e.exe
3024	5bc745280ef52c9e80b19ac49297be9d3d4dc2f7c203fe26ae2404c2fad6036e.exe
2568	Unicorn-30672.exe
2568	Unicorn-30672.exe
2548	Unicorn-8585.exe
2548	Unicorn-8585.exe
2572	Unicorn-2446.exe
2184	Unicorn-64283.exe
2572	Unicorn-2446.exe
2184	Unicorn-64283.exe
2756	Unicorn-27574.exe
2664	Unicorn-26588.exe
2756	Unicorn-27574.exe
2664	Unicorn-26588.exe
1060	Unicorn-28352.exe
1060	Unicorn-28352.exe
3024	5bc745280ef52c9e80b19ac49297be9d3d4dc2f7c203fe26ae2404c2fad6036e.exe
3024	5bc745280ef52c9e80b19ac49297be9d3d4dc2f7c203fe26ae2404c2fad6036e.exe
2848	Unicorn-63427.exe
2848	Unicorn-63427.exe
2656	Unicorn-20457.exe
2656	Unicorn-20457.exe
1660	Unicorn-55259.exe
1660	Unicorn-55259.exe
2568	Unicorn-30672.exe
2568	Unicorn-30672.exe
1344	Unicorn-6634.exe
1344	Unicorn-6634.exe
2664	Unicorn-26588.exe
2664	Unicorn-26588.exe
2056	Unicorn-12948.exe
2056	Unicorn-12948.exe
1916	Unicorn-23163.exe
2548	Unicorn-8585.exe
1916	Unicorn-23163.exe
2548	Unicorn-8585.exe
2184	Unicorn-64283.exe
2836	Unicorn-52306.exe
2184	Unicorn-64283.exe
2836	Unicorn-52306.exe
2572	Unicorn-2446.exe
2572	Unicorn-2446.exe
2756	Unicorn-27574.exe
2756	Unicorn-27574.exe
2128	Unicorn-27636.exe
2128	Unicorn-27636.exe
2412	Unicorn-44159.exe
3024	5bc745280ef52c9e80b19ac49297be9d3d4dc2f7c203fe26ae2404c2fad6036e.exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39847.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12981.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5bc745280ef52c9e80b19ac49297be9d3d4dc2f7c203fe26ae2404c2fad6036e.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18901.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56663.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33230.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32699.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39847.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13692.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27574.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52933.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60770.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46581.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21168.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23631.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31819.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57841.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51858.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12466.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39847.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50848.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37552.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38299.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40105.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33230.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39847.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50276.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32699.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55246.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3678.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1297.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62081.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19111.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21596.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1297.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38867.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17599.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55246.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6852.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33230.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6364.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4636.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55259.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34550.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58765.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6717.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42059.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56663.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53108.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58873.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21771.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35636.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35500.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20831.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53108.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8435.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60023.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14613.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37613.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12771.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39246.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6181.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61912.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7961.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3024	5bc745280ef52c9e80b19ac49297be9d3d4dc2f7c203fe26ae2404c2fad6036e.exe
2184	Unicorn-64283.exe
2756	Unicorn-27574.exe
2548	Unicorn-8585.exe
2656	Unicorn-20457.exe
2568	Unicorn-30672.exe
2572	Unicorn-2446.exe
2664	Unicorn-26588.exe
2848	Unicorn-63427.exe
1060	Unicorn-28352.exe
1660	Unicorn-55259.exe
1696	Unicorn-7381.exe
2056	Unicorn-12948.exe
1916	Unicorn-23163.exe
1344	Unicorn-6634.exe
2836	Unicorn-52306.exe
2412	Unicorn-44159.exe
2128	Unicorn-27636.exe
2896	Unicorn-63209.exe
2240	Unicorn-22731.exe
2372	Unicorn-22177.exe
1608	Unicorn-21662.exe
2144	Unicorn-6717.exe
928	Unicorn-44221.exe
1544	Unicorn-64086.exe
2484	Unicorn-47558.exe
772	Unicorn-41428.exe
1672	Unicorn-43209.exe
616	Unicorn-43474.exe
2096	Unicorn-42082.exe
1404	Unicorn-52310.exe
1740	Unicorn-18176.exe
2472	Unicorn-40734.exe
1496	Unicorn-15268.exe
2828	Unicorn-39150.exe
3008	Unicorn-59016.exe
2884	Unicorn-50848.exe
2576	Unicorn-20021.exe
2796	Unicorn-6286.exe
2852	Unicorn-22068.exe
2584	Unicorn-61054.exe
2604	Unicorn-47304.exe
2616	Unicorn-22800.exe
2480	Unicorn-22800.exe
2592	Unicorn-2934.exe
2984	Unicorn-47859.exe
1856	Unicorn-17132.exe
2028	Unicorn-24746.exe
2388	Unicorn-40982.exe
1768	Unicorn-16386.exe
796	Unicorn-51288.exe
2460	Unicorn-18524.exe
1748	Unicorn-37552.exe
1512	Unicorn-27875.exe
284	Unicorn-28373.exe
1076	Unicorn-7148.exe
2228	Unicorn-39520.exe
1632	Unicorn-360.exe
2052	Unicorn-51450.exe
960	Unicorn-47003.exe
896	Unicorn-45420.exe
2304	Unicorn-10054.exe
1356	Unicorn-57693.exe
1520	Unicorn-52933.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3024 wrote to memory of 2184	3024	5bc745280ef52c9e80b19ac49297be9d3d4dc2f7c203fe26ae2404c2fad6036e.exe	31
PID 3024 wrote to memory of 2184	3024	5bc745280ef52c9e80b19ac49297be9d3d4dc2f7c203fe26ae2404c2fad6036e.exe	31
PID 3024 wrote to memory of 2184	3024	5bc745280ef52c9e80b19ac49297be9d3d4dc2f7c203fe26ae2404c2fad6036e.exe	31
PID 3024 wrote to memory of 2184	3024	5bc745280ef52c9e80b19ac49297be9d3d4dc2f7c203fe26ae2404c2fad6036e.exe	31
PID 2184 wrote to memory of 2756	2184	Unicorn-64283.exe	32
PID 2184 wrote to memory of 2756	2184	Unicorn-64283.exe	32
PID 2184 wrote to memory of 2756	2184	Unicorn-64283.exe	32
PID 2184 wrote to memory of 2756	2184	Unicorn-64283.exe	32
PID 3024 wrote to memory of 2548	3024	5bc745280ef52c9e80b19ac49297be9d3d4dc2f7c203fe26ae2404c2fad6036e.exe	33
PID 3024 wrote to memory of 2548	3024	5bc745280ef52c9e80b19ac49297be9d3d4dc2f7c203fe26ae2404c2fad6036e.exe	33
PID 3024 wrote to memory of 2548	3024	5bc745280ef52c9e80b19ac49297be9d3d4dc2f7c203fe26ae2404c2fad6036e.exe	33
PID 3024 wrote to memory of 2548	3024	5bc745280ef52c9e80b19ac49297be9d3d4dc2f7c203fe26ae2404c2fad6036e.exe	33
PID 2548 wrote to memory of 2568	2548	Unicorn-8585.exe	34
PID 2548 wrote to memory of 2568	2548	Unicorn-8585.exe	34
PID 2548 wrote to memory of 2568	2548	Unicorn-8585.exe	34
PID 2548 wrote to memory of 2568	2548	Unicorn-8585.exe	34
PID 3024 wrote to memory of 2656	3024	5bc745280ef52c9e80b19ac49297be9d3d4dc2f7c203fe26ae2404c2fad6036e.exe	35
PID 3024 wrote to memory of 2656	3024	5bc745280ef52c9e80b19ac49297be9d3d4dc2f7c203fe26ae2404c2fad6036e.exe	35
PID 3024 wrote to memory of 2656	3024	5bc745280ef52c9e80b19ac49297be9d3d4dc2f7c203fe26ae2404c2fad6036e.exe	35
PID 3024 wrote to memory of 2656	3024	5bc745280ef52c9e80b19ac49297be9d3d4dc2f7c203fe26ae2404c2fad6036e.exe	35
PID 2756 wrote to memory of 2664	2756	Unicorn-27574.exe	37
PID 2756 wrote to memory of 2664	2756	Unicorn-27574.exe	37
PID 2756 wrote to memory of 2664	2756	Unicorn-27574.exe	37
PID 2756 wrote to memory of 2664	2756	Unicorn-27574.exe	37
PID 2184 wrote to memory of 2572	2184	Unicorn-64283.exe	36
PID 2184 wrote to memory of 2572	2184	Unicorn-64283.exe	36
PID 2184 wrote to memory of 2572	2184	Unicorn-64283.exe	36
PID 2184 wrote to memory of 2572	2184	Unicorn-64283.exe	36
PID 2656 wrote to memory of 2848	2656	Unicorn-20457.exe	38
PID 2656 wrote to memory of 2848	2656	Unicorn-20457.exe	38
PID 2656 wrote to memory of 2848	2656	Unicorn-20457.exe	38
PID 2656 wrote to memory of 2848	2656	Unicorn-20457.exe	38
PID 3024 wrote to memory of 1060	3024	5bc745280ef52c9e80b19ac49297be9d3d4dc2f7c203fe26ae2404c2fad6036e.exe	39
PID 3024 wrote to memory of 1060	3024	5bc745280ef52c9e80b19ac49297be9d3d4dc2f7c203fe26ae2404c2fad6036e.exe	39
PID 3024 wrote to memory of 1060	3024	5bc745280ef52c9e80b19ac49297be9d3d4dc2f7c203fe26ae2404c2fad6036e.exe	39
PID 3024 wrote to memory of 1060	3024	5bc745280ef52c9e80b19ac49297be9d3d4dc2f7c203fe26ae2404c2fad6036e.exe	39
PID 2568 wrote to memory of 1660	2568	Unicorn-30672.exe	40
PID 2568 wrote to memory of 1660	2568	Unicorn-30672.exe	40
PID 2568 wrote to memory of 1660	2568	Unicorn-30672.exe	40
PID 2568 wrote to memory of 1660	2568	Unicorn-30672.exe	40
PID 2548 wrote to memory of 1696	2548	Unicorn-8585.exe	41
PID 2548 wrote to memory of 1696	2548	Unicorn-8585.exe	41
PID 2548 wrote to memory of 1696	2548	Unicorn-8585.exe	41
PID 2548 wrote to memory of 1696	2548	Unicorn-8585.exe	41
PID 2572 wrote to memory of 1916	2572	Unicorn-2446.exe	42
PID 2572 wrote to memory of 1916	2572	Unicorn-2446.exe	42
PID 2572 wrote to memory of 1916	2572	Unicorn-2446.exe	42
PID 2572 wrote to memory of 1916	2572	Unicorn-2446.exe	42
PID 2184 wrote to memory of 2056	2184	Unicorn-64283.exe	43
PID 2184 wrote to memory of 2056	2184	Unicorn-64283.exe	43
PID 2184 wrote to memory of 2056	2184	Unicorn-64283.exe	43
PID 2184 wrote to memory of 2056	2184	Unicorn-64283.exe	43
PID 2756 wrote to memory of 2836	2756	Unicorn-27574.exe	44
PID 2756 wrote to memory of 2836	2756	Unicorn-27574.exe	44
PID 2756 wrote to memory of 2836	2756	Unicorn-27574.exe	44
PID 2756 wrote to memory of 2836	2756	Unicorn-27574.exe	44
PID 2664 wrote to memory of 1344	2664	Unicorn-26588.exe	45
PID 2664 wrote to memory of 1344	2664	Unicorn-26588.exe	45
PID 2664 wrote to memory of 1344	2664	Unicorn-26588.exe	45
PID 2664 wrote to memory of 1344	2664	Unicorn-26588.exe	45
PID 1060 wrote to memory of 2412	1060	Unicorn-28352.exe	46
PID 1060 wrote to memory of 2412	1060	Unicorn-28352.exe	46
PID 1060 wrote to memory of 2412	1060	Unicorn-28352.exe	46
PID 1060 wrote to memory of 2412	1060	Unicorn-28352.exe	46

C:\Users\Admin\AppData\Local\Temp\5bc745280ef52c9e80b19ac49297be9d3d4dc2f7c203fe26ae2404c2fad6036e.exe
"C:\Users\Admin\AppData\Local\Temp\5bc745280ef52c9e80b19ac49297be9d3d4dc2f7c203fe26ae2404c2fad6036e.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3024
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64283.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64283.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27574.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27574.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26588.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26588.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6634.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6717.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47304.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14558.exe
        8⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62252.exe
        9⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47234.exe
        9⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19687.exe
        9⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51671.exe
        9⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62620.exe
        9⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61912.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43678.exe
        8⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18371.exe
        8⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32640.exe
        8⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16893.exe
        8⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52819.exe
        8⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39246.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64553.exe
        7⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55246.exe
        7⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14863.exe
        7⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29708.exe
        7⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33230.exe
        7⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48642.exe
        7⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12981.exe
        7⤵
        
        PID:7624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2934.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58736.exe
        7⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35645.exe
        7⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-597.exe
        8⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10083.exe
        8⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10705.exe
        8⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17663.exe
        7⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54909.exe
        7⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32699.exe
        7⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53108.exe
        7⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38299.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39761.exe
        6⤵
        
        PID:3820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61433.exe
        6⤵
        
        PID:1864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34626.exe
        6⤵
        
        PID:5208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32415.exe
        6⤵
        
        PID:5524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8357.exe
        6⤵
        
        PID:7240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44221.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64278.exe
        6⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21596.exe
        7⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35662.exe
        8⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42900.exe
        8⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35500.exe
        8⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12771.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39317.exe
        8⤵
        
        PID:7556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35645.exe
        7⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52474.exe
        7⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54909.exe
        7⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32699.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7991.exe
        7⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4496.exe
        7⤵
        
        PID:5936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15465.exe
        6⤵
        
        PID:484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38885.exe
        7⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33316.exe
        7⤵
        
        PID:7724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55246.exe
        6⤵
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49674.exe
        6⤵
        
        PID:3572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29708.exe
        6⤵
        
        PID:2200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33230.exe
        6⤵
        
        PID:5316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48642.exe
        6⤵
        
        PID:6796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8357.exe
        6⤵
        
        PID:7292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51288.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13619.exe
        6⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48475.exe
        7⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42475.exe
        7⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40830.exe
        7⤵
        
        PID:8040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35645.exe
        6⤵
        
        PID:3128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17663.exe
        6⤵
        
        PID:3312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54909.exe
        6⤵
        
        PID:4556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32699.exe
        6⤵
        
        PID:6108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53108.exe
        6⤵
        
        PID:6672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44164.exe
        5⤵
        
        PID:1988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20213.exe
        5⤵
        
        PID:3620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38867.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14485.exe
        5⤵
        
        PID:4212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11699.exe
        5⤵
        
        PID:6132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43307.exe
        5⤵
        
        PID:6656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17181.exe
        5⤵
        
        PID:7448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52306.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52306.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43474.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16386.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31819.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62346.exe
        8⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7250.exe
        8⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28879.exe
        7⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55403.exe
        7⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62957.exe
        7⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33230.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48642.exe
        7⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43167.exe
        7⤵
        
        PID:7196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52986.exe
        6⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22014.exe
        7⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41365.exe
        7⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4106.exe
        7⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16001.exe
        7⤵
        
        PID:7932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55246.exe
        6⤵
        
        PID:1636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14863.exe
        6⤵
        
        PID:2100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62381.exe
        6⤵
        
        PID:4800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33230.exe
        6⤵
        
        PID:6064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56410.exe
        6⤵
        
        PID:6380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39246.exe
        6⤵
        
        PID:6368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37552.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45716.exe
        6⤵
        
        PID:2844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35645.exe
        6⤵
        
        PID:3076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29834.exe
        6⤵
        
        PID:4132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13955.exe
        6⤵
        
        PID:5096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16164.exe
        6⤵
        
        PID:1376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13692.exe
        6⤵
        
        PID:7424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49892.exe
        5⤵
        
        PID:2968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36254.exe
        6⤵
        
        PID:6644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-255.exe
        6⤵
        
        PID:328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55246.exe
        5⤵
        
        PID:3152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14863.exe
        5⤵
        
        PID:3380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29708.exe
        5⤵
        
        PID:2468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33230.exe
        5⤵
        
        PID:5972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3526.exe
        5⤵
        
        PID:6596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12981.exe
        5⤵
        
        PID:7608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52310.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7148.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39603.exe
        6⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35636.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46133.exe
        7⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62081.exe
        7⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64473.exe
        7⤵
        
        PID:7824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49381.exe
        6⤵
        
        PID:3216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21168.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34626.exe
        6⤵
        
        PID:5192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32415.exe
        6⤵
        
        PID:5464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58873.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17599.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4826.exe
        6⤵
        
        PID:3912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36896.exe
        6⤵
        
        PID:5232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62081.exe
        6⤵
        
        PID:5768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39317.exe
        6⤵
        
        PID:7668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55246.exe
        5⤵
        
        PID:3136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14863.exe
        5⤵
        
        PID:3448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29708.exe
        5⤵
        
        PID:4684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33230.exe
        5⤵
        
        PID:5980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3526.exe
        5⤵
        
        PID:6580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12981.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-360.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-360.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8575.exe
        5⤵
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21771.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27010.exe
        5⤵
        
        PID:2900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18265.exe
        5⤵
        
        PID:3948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56279.exe
        5⤵
        
        PID:5040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43006.exe
        5⤵
        
        PID:5668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14148.exe
        5⤵
        
        PID:7152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40381.exe
        5⤵
        
        PID:7328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60906.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60906.exe
      4⤵
      PID:2116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30045.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30045.exe
      4⤵
      PID:3300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15393.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15393.exe
      4⤵
      PID:2500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25243.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25243.exe
      4⤵
      PID:4576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6364.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2391.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2391.exe
      4⤵
      PID:6572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54982.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54982.exe
      4⤵
      PID:7572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2446.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2446.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23163.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47558.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22800.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14558.exe
        7⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14613.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47234.exe
        8⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48770.exe
        8⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20831.exe
        8⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45707.exe
        8⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8819.exe
        8⤵
        
        PID:8104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8483.exe
        7⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1297.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47998.exe
        7⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16164.exe
        7⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
        7⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18316.exe
        7⤵
        
        PID:7464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52301.exe
        6⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34375.exe
        7⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36896.exe
        7⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12466.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18157.exe
        7⤵
        
        PID:7228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55246.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49674.exe
        6⤵
        
        PID:3588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29708.exe
        6⤵
        
        PID:2456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33230.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48642.exe
        6⤵
        
        PID:6484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58873.exe
        6⤵
        
        PID:7900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47859.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3230.exe
        6⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38240.exe
        7⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15079.exe
        7⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51858.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39317.exe
        7⤵
        
        PID:7520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49381.exe
        6⤵
        
        PID:3200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55979.exe
        6⤵
        
        PID:4144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11699.exe
        6⤵
        
        PID:5400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43307.exe
        6⤵
        
        PID:6788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17181.exe
        6⤵
        
        PID:7376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42025.exe
        5⤵
        
        PID:1964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59248.exe
        6⤵
        
        PID:5884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28381.exe
        6⤵
        
        PID:7704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46581.exe
        5⤵
        
        PID:3276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63865.exe
        5⤵
        
        PID:3332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6852.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60032.exe
        5⤵
        
        PID:5860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40107.exe
        5⤵
        
        PID:6260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58765.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42082.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42082.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24746.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33189.exe
        6⤵
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43358.exe
        7⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50078.exe
        7⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10798.exe
        7⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47982.exe
        7⤵
        
        PID:7592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49381.exe
        6⤵
        
        PID:3208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55979.exe
        6⤵
        
        PID:4152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34626.exe
        6⤵
        
        PID:5200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32415.exe
        6⤵
        
        PID:5512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8357.exe
        6⤵
        
        PID:7284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11953.exe
        5⤵
        
        PID:1148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7717.exe
        6⤵
        
        PID:5588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50592.exe
        6⤵
        
        PID:7076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55246.exe
        5⤵
        
        PID:2000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49674.exe
        5⤵
        
        PID:3656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29708.exe
        5⤵
        
        PID:4712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33230.exe
        5⤵
        
        PID:5388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48642.exe
        5⤵
        
        PID:6740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43167.exe
        5⤵
        
        PID:7184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40982.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40982.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8227.exe
        5⤵
        
        PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44202.exe
        5⤵
        
        PID:3984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11359.exe
        5⤵
        
        PID:3856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13955.exe
        5⤵
        
        PID:5072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16164.exe
        5⤵
        
        PID:5188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
        5⤵
        
        PID:6620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18316.exe
        5⤵
        
        PID:7480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5683.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5683.exe
      4⤵
      PID:2004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41633.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41633.exe
      4⤵
      PID:3516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21501.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21501.exe
      4⤵
      PID:4940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22005.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22005.exe
      4⤵
      PID:5648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14911.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14911.exe
      4⤵
      PID:5908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12557.exe
      4⤵
      PID:7084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12948.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12948.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64086.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39520.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18882.exe
        6⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55740.exe
        7⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7961.exe
        7⤵
        
        PID:7840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32464.exe
        6⤵
        
        PID:2064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53076.exe
        6⤵
        
        PID:4000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37613.exe
        6⤵
        
        PID:5116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12279.exe
        6⤵
        
        PID:5704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26657.exe
        6⤵
        
        PID:6352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
        6⤵
        
        PID:7684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1651.exe
        5⤵
        
        PID:1716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9056.exe
        6⤵
        
        PID:6324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6181.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55246.exe
        5⤵
        
        PID:632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49674.exe
        5⤵
        
        PID:3996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29708.exe
        5⤵
        
        PID:4660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1824.exe
        5⤵
        
        PID:5764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43774.exe
        5⤵
        
        PID:6952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8520.exe
        5⤵
        
        PID:7412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51450.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51450.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21596.exe
        5⤵
        
        PID:272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29757.exe
        6⤵
        
        PID:5556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52585.exe
        6⤵
        
        PID:8044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35645.exe
        5⤵
        
        PID:3144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17663.exe
        5⤵
        
        PID:3252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54909.exe
        5⤵
        
        PID:4460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32699.exe
        5⤵
        
        PID:6140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53108.exe
        5⤵
        
        PID:6628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
        5⤵
        
        PID:7676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13711.exe
      4⤵
      PID:2492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55246.exe
      4⤵
      PID:1912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49674.exe
      4⤵
      PID:3792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28383.exe
      4⤵
      PID:4392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65368.exe
      4⤵
      PID:5836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31275.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31275.exe
      4⤵
      PID:7060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27053.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27053.exe
      4⤵
      PID:7976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43209.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43209.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18524.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18524.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39603.exe
        5⤵
        
        PID:700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51080.exe
        6⤵
        
        PID:5784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7961.exe
        6⤵
        
        PID:7832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32464.exe
        5⤵
        
        PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39454.exe
        5⤵
        
        PID:3092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56663.exe
        5⤵
        
        PID:4228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12279.exe
        5⤵
        
        PID:5720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21247.exe
        5⤵
        
        PID:6288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9655.exe
        5⤵
        
        PID:7580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44050.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44050.exe
      4⤵
      PID:2356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7047.exe
        5⤵
        
        PID:4488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29169.exe
        5⤵
        
        PID:4920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31490.exe
        5⤵
        
        PID:5760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4573.exe
        5⤵
        
        PID:6944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44846.exe
        5⤵
        
        PID:7336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55246.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14863.exe
      4⤵
      PID:3388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29708.exe
      4⤵
      PID:1480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33230.exe
      4⤵
      PID:6124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48642.exe
      4⤵
      PID:6648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12981.exe
      4⤵
      PID:7600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27875.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27875.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61860.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61860.exe
      4⤵
      PID:1536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31661.exe
        5⤵
        
        PID:3392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3020.exe
        5⤵
        
        PID:4248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35500.exe
        5⤵
        
        PID:6116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12771.exe
        5⤵
        
        PID:6748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64473.exe
        5⤵
        
        PID:7828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14566.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14566.exe
      4⤵
      PID:2220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63382.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63382.exe
      4⤵
      PID:3848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22044.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22044.exe
      4⤵
      PID:4816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32699.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32699.exe
      4⤵
      PID:6088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53108.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53108.exe
      4⤵
      PID:6756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4496.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4496.exe
      4⤵
      PID:7148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5476.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5476.exe
    3⤵
    PID:1484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47111.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47111.exe
    3⤵
    PID:3176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28673.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28673.exe
    3⤵
    PID:3840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19908.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19908.exe
    3⤵
    PID:4452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10564.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10564.exe
    3⤵
    PID:5444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19772.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19772.exe
    3⤵
    PID:6856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32157.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32157.exe
    3⤵
    PID:5280
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8585.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8585.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30672.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30672.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55259.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55259.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22177.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22800.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18607.exe
        7⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44813.exe
        8⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        8⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42059.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22621.exe
        8⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32699.exe
        8⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53108.exe
        8⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
        8⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6281.exe
        7⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44202.exe
        7⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11359.exe
        7⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13955.exe
        7⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16164.exe
        7⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
        7⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13692.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60770.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55511.exe
        7⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3928.exe
        7⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36518.exe
        7⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20831.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45707.exe
        7⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47714.exe
        7⤵
        
        PID:8088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46200.exe
        6⤵
        
        PID:2136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58941.exe
        6⤵
        
        PID:4028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47614.exe
        6⤵
        
        PID:5020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61281.exe
        6⤵
        
        PID:5712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43723.exe
        6⤵
        
        PID:6336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18316.exe
        6⤵
        
        PID:7440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17132.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31819.exe
        6⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13894.exe
        7⤵
        
        PID:288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3824.exe
        7⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34001.exe
        7⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40105.exe
        7⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4296.exe
        7⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32410.exe
        7⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7610.exe
        7⤵
        
        PID:8136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53344.exe
        6⤵
        
        PID:840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48286.exe
        6⤵
        
        PID:3876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19527.exe
        6⤵
        
        PID:1712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13955.exe
        6⤵
        
        PID:5064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16164.exe
        6⤵
        
        PID:6056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25057.exe
        6⤵
        
        PID:6492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18316.exe
        6⤵
        
        PID:7640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1184.exe
        5⤵
        
        PID:2104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38117.exe
        6⤵
        
        PID:7012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15252.exe
        6⤵
        
        PID:7984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52065.exe
        5⤵
        
        PID:292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50276.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12412.exe
        5⤵
        
        PID:4140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12809.exe
        5⤵
        
        PID:5736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65171.exe
        5⤵
        
        PID:6296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12981.exe
        5⤵
        
        PID:7404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21662.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21662.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22068.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57693.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51427.exe
        7⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3928.exe
        7⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49044.exe
        7⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41365.exe
        7⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4106.exe
        7⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22781.exe
        7⤵
        
        PID:7504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28301.exe
        6⤵
        
        PID:2400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3710.exe
        6⤵
        
        PID:3888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56166.exe
        6⤵
        
        PID:4128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65365.exe
        6⤵
        
        PID:5528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41777.exe
        6⤵
        
        PID:5612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13692.exe
        6⤵
        
        PID:7392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21491.exe
        5⤵
        
        PID:2300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9278.exe
        6⤵
        
        PID:3604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35371.exe
        6⤵
        
        PID:4516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40105.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4296.exe
        6⤵
        
        PID:5788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62773.exe
        6⤵
        
        PID:6280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22099.exe
        6⤵
        
        PID:8140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64098.exe
        5⤵
        
        PID:764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1297.exe
        5⤵
        
        PID:3496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47614.exe
        5⤵
        
        PID:5008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26470.exe
        5⤵
        
        PID:5596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58154.exe
        5⤵
        
        PID:7116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35046.exe
        5⤵
        
        PID:7344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61054.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61054.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61860.exe
        5⤵
        
        PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14566.exe
        5⤵
        
        PID:784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53076.exe
        5⤵
        
        PID:4016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56663.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32699.exe
        5⤵
        
        PID:5396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49023.exe
        5⤵
        
        PID:6916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4034.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4034.exe
      4⤵
      PID:3040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14831.exe
        5⤵
        
        PID:4444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36896.exe
        5⤵
        
        PID:5240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62081.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39317.exe
        5⤵
        
        PID:7512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46581.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46581.exe
      4⤵
      PID:3268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63865.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63865.exe
      4⤵
      PID:4072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46774.exe
      4⤵
      PID:4560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11699.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11699.exe
      4⤵
      PID:5304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43307.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43307.exe
      4⤵
      PID:6664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17181.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17181.exe
      4⤵
      PID:7584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7381.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7381.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52933.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52933.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-280.exe
        5⤵
        
        PID:3400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38738.exe
        5⤵
        
        PID:3504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49044.exe
        5⤵
        
        PID:4504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41365.exe
        5⤵
        
        PID:4748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4106.exe
        5⤵
        
        PID:6820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52968.exe
        5⤵
        
        PID:7088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4426.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4426.exe
      4⤵
      PID:1692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58169.exe
      4⤵
      PID:3464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40635.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40635.exe
      4⤵
      PID:4860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65368.exe
      4⤵
      PID:5804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35907.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35907.exe
      4⤵
      PID:6308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25048.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25048.exe
      4⤵
      PID:8072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41428.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41428.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23245.exe
      4⤵
      PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21596.exe
        5⤵
        
        PID:2368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54261.exe
        6⤵
        
        PID:5932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7961.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35645.exe
        5⤵
        
        PID:1996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17663.exe
        5⤵
        
        PID:4064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54909.exe
        5⤵
        
        PID:4464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32699.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53108.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35223.exe
        5⤵
        
        PID:7252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34434.exe
        5⤵
        
        PID:8112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9627.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9627.exe
      4⤵
      PID:2924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55246.exe
      4⤵
      PID:3112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14863.exe
      4⤵
      PID:3384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29708.exe
      4⤵
      PID:836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1824.exe
      4⤵
      PID:5752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43774.exe
      4⤵
      PID:6976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8520.exe
      4⤵
      PID:7492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28373.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28373.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53344.exe
      4⤵
      PID:964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17559.exe
      4⤵
      PID:3920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25335.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25335.exe
      4⤵
      PID:4592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23569.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23569.exe
      4⤵
      PID:4964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21361.exe
      4⤵
      PID:5852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41242.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41242.exe
      4⤵
      PID:6252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47490.exe
      4⤵
      PID:8120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35498.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35498.exe
    3⤵
    PID:2108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3678.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3678.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55933.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55933.exe
    3⤵
    PID:2132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7760.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7760.exe
    3⤵
    PID:5248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31280.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31280.exe
    3⤵
    PID:5496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19632.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19632.exe
    3⤵
    PID:7212
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20457.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20457.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63427.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63427.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63209.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50848.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60023.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24780.exe
        7⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34732.exe
        7⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35500.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9263.exe
        7⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7905.exe
        7⤵
        
        PID:7892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32464.exe
        6⤵
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18265.exe
        6⤵
        
        PID:3928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57841.exe
        6⤵
        
        PID:4840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48844.exe
        6⤵
        
        PID:5616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4483.exe
        6⤵
        
        PID:7032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8435.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23821.exe
        5⤵
        
        PID:2420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28093.exe
        6⤵
        
        PID:2328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34550.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13662.exe
        6⤵
        
        PID:1860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22621.exe
        6⤵
        
        PID:4252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32699.exe
        6⤵
        
        PID:5948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17739.exe
        6⤵
        
        PID:6392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40381.exe
        6⤵
        
        PID:7020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8483.exe
        5⤵
        
        PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1297.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47998.exe
        5⤵
        
        PID:4276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16164.exe
        5⤵
        
        PID:4744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
        5⤵
        
        PID:6764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18316.exe
        5⤵
        
        PID:7616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6286.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56214.exe
        5⤵
        
        PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35645.exe
        5⤵
        
        PID:3168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17663.exe
        5⤵
        
        PID:2544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54909.exe
        5⤵
        
        PID:4640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32699.exe
        5⤵
        
        PID:5220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53108.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
        5⤵
        
        PID:7528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56114.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56114.exe
      4⤵
      PID:2660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14613.exe
        5⤵
        
        PID:2816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21171.exe
        5⤵
        
        PID:3224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57841.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16363.exe
        5⤵
        
        PID:5516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24711.exe
        5⤵
        
        PID:6160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35223.exe
        5⤵
        
        PID:7276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14348.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14348.exe
      4⤵
      PID:2812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58169.exe
      4⤵
      PID:3540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31462.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31462.exe
      4⤵
      PID:4292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33230.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48642.exe
      4⤵
      PID:6536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12981.exe
      4⤵
      PID:7632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22731.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22731.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59016.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59639.exe
        5⤵
        
        PID:1572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20418.exe
        6⤵
        
        PID:344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35645.exe
        6⤵
        
        PID:2160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34427.exe
        6⤵
        
        PID:4688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36501.exe
        6⤵
        
        PID:5412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8528.exe
        6⤵
        
        PID:5480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13692.exe
        6⤵
        
        PID:7260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24947.exe
        5⤵
        
        PID:2976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17559.exe
        5⤵
        
        PID:3940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29834.exe
        5⤵
        
        PID:4172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13955.exe
        5⤵
        
        PID:5080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16164.exe
        5⤵
        
        PID:6072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
        5⤵
        
        PID:6844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48502.exe
        5⤵
        
        PID:7120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39581.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39581.exe
      4⤵
      PID:2752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21596.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32606.exe
        6⤵
        
        PID:5864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7961.exe
        6⤵
        
        PID:7856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35645.exe
        5⤵
        
        PID:3160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17663.exe
        5⤵
        
        PID:3188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54909.exe
        5⤵
        
        PID:4512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32699.exe
        5⤵
        
        PID:6032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7991.exe
        5⤵
        
        PID:6508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37449.exe
        5⤵
        
        PID:7780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58828.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58828.exe
      4⤵
      PID:2904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20213.exe
      4⤵
      PID:3660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38867.exe
      4⤵
      PID:4060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14485.exe
      4⤵
      PID:4224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11699.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11699.exe
      4⤵
      PID:5348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43307.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43307.exe
      4⤵
      PID:6804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47367.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47367.exe
      4⤵
      PID:7176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20021.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20021.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59639.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59639.exe
      4⤵
      PID:1576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13619.exe
        5⤵
        
        PID:760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33753.exe
        6⤵
        
        PID:5468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-452.exe
        6⤵
        
        PID:7960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35645.exe
        5⤵
        
        PID:3096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17663.exe
        5⤵
        
        PID:924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54909.exe
        5⤵
        
        PID:4408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32699.exe
        5⤵
        
        PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53108.exe
        5⤵
        
        PID:6636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24563.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24563.exe
      4⤵
      PID:1580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33895.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33895.exe
      4⤵
      PID:3800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51624.exe
      4⤵
      PID:3832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13955.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13955.exe
      4⤵
      PID:5104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16164.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16164.exe
      4⤵
      PID:6100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
      4⤵
      PID:6772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18316.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18316.exe
      4⤵
      PID:7348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8035.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8035.exe
    3⤵
    PID:2792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20452.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20452.exe
      4⤵
      PID:2540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47234.exe
      4⤵
      PID:3488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50414.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50414.exe
      4⤵
      PID:4968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51671.exe
      4⤵
      PID:5636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41247.exe
      4⤵
      PID:5692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22781.exe
      4⤵
      PID:7692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61298.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61298.exe
    3⤵
    PID:1192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18901.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18901.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28175.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28175.exe
    3⤵
    PID:4872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16670.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16670.exe
    3⤵
    PID:5576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19111.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19111.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54982.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54982.exe
    3⤵
    PID:7320
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28352.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28352.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44159.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44159.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40734.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7916.exe
        5⤵
        Executes dropped EXE
        
        PID:1304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4826.exe
        6⤵
        
        PID:1872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36896.exe
        6⤵
        
        PID:5260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62081.exe
        6⤵
        
        PID:5644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39317.exe
        6⤵
        
        PID:7496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50363.exe
        5⤵
        
        PID:1624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60969.exe
        5⤵
        
        PID:3564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56663.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12279.exe
        5⤵
        
        PID:5696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21247.exe
        5⤵
        
        PID:6232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9655.exe
        5⤵
        
        PID:7400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45996.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45996.exe
      4⤵
      PID:2872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8227.exe
        5⤵
        
        PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44202.exe
        5⤵
        
        PID:3968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29834.exe
        5⤵
        
        PID:4164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13955.exe
        5⤵
        
        PID:4160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16164.exe
        5⤵
        
        PID:5940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
        5⤵
        
        PID:6524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13692.exe
        5⤵
        
        PID:7356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14348.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14348.exe
      4⤵
      PID:2744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58169.exe
      4⤵
      PID:3508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31078.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31078.exe
      4⤵
      PID:4976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43536.exe
      4⤵
      PID:5560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20246.exe
      4⤵
      PID:6176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12981.exe
      4⤵
      PID:7432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39150.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39150.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63723.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63723.exe
      4⤵
      PID:1984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14276.exe
        5⤵
        
        PID:4756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17680.exe
        5⤵
        
        PID:5456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6906.exe
        5⤵
        
        PID:6468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16715.exe
        5⤵
        
        PID:7164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52501.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52501.exe
      4⤵
      PID:2384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60969.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60969.exe
      4⤵
      PID:3556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37613.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43006.exe
      4⤵
      PID:5660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24711.exe
      4⤵
      PID:6168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
      4⤵
      PID:7548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-224.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-224.exe
    3⤵
    PID:2688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26731.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26731.exe
      4⤵
      PID:3412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23968.exe
      4⤵
      PID:4108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22621.exe
      4⤵
      PID:4268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32699.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32699.exe
      4⤵
      PID:5912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53108.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53108.exe
      4⤵
      PID:6588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35223.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35223.exe
      4⤵
      PID:7268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46581.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46581.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63865.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63865.exe
    3⤵
    PID:4052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12503.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12503.exe
    3⤵
    PID:5324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45286.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45286.exe
    3⤵
    PID:6004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50358.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50358.exe
    3⤵
    PID:7204
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27636.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27636.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18176.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18176.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47003.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47003.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18882.exe
        5⤵
        
        PID:1568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58537.exe
        6⤵
        
        PID:7128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11168.exe
        6⤵
        
        PID:8000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49381.exe
        5⤵
        
        PID:3192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58339.exe
        5⤵
        
        PID:3436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46244.exe
        5⤵
        
        PID:4396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16164.exe
        5⤵
        
        PID:5436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
        5⤵
        
        PID:6780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15778.exe
        5⤵
        
        PID:7944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1651.exe
      4⤵
      PID:332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55246.exe
      4⤵
      PID:408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49674.exe
      4⤵
      PID:3676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29708.exe
      4⤵
      PID:4668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33230.exe
      4⤵
      PID:5356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48642.exe
      4⤵
      PID:6812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58873.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58873.exe
      4⤵
      PID:7920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45420.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45420.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9278.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9278.exe
      4⤵
      PID:3612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58203.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58203.exe
      4⤵
      PID:3056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22621.exe
      4⤵
      PID:4308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32699.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32699.exe
      4⤵
      PID:5332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53108.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53108.exe
      4⤵
      PID:6716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
      4⤵
      PID:7564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46581.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46581.exe
    3⤵
    PID:3184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3678.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3678.exe
    3⤵
    PID:3644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55933.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55933.exe
    3⤵
    PID:3956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58491.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58491.exe
    3⤵
    PID:4180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6364.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6364.exe
    3⤵
    PID:5340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47507.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47507.exe
    3⤵
    PID:6868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19632.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19632.exe
    3⤵
    PID:7220
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15268.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15268.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10054.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10054.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45968.exe
      4⤵
      PID:3916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10612.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10612.exe
      4⤵
      PID:4788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35500.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35500.exe
      4⤵
      PID:6008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12771.exe
      4⤵
      PID:6604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3966.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3966.exe
      4⤵
      PID:7080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60285.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60285.exe
    3⤵
    PID:2036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60969.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60969.exe
    3⤵
    PID:3544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56279.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56279.exe
    3⤵
    PID:4996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43006.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43006.exe
    3⤵
    PID:5680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24711.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24711.exe
    3⤵
    PID:5928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60007.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60007.exe
    3⤵
    PID:7872
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50663.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50663.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7047.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7047.exe
    3⤵
    PID:4480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29169.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29169.exe
    3⤵
    PID:4960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23631.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23631.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5371.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5371.exe
    3⤵
    PID:6240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43100.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43100.exe
    3⤵
    PID:8172
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40297.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40297.exe
  2⤵
  PID:1932
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31833.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31833.exe
  2⤵
  PID:3580
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25862.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25862.exe
  2⤵
  PID:4204
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58671.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58671.exe
  2⤵
  PID:5604
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38712.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38712.exe
  2⤵
  PID:6152
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52182.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52182.exe
  2⤵
  PID:7304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-25243.exe

Filesize
468KB

MD5
71c5d551984806567d6ba49ec1daf57a

SHA1
a42ff9e2172865a48ff9cfd76616ffc4763e79c2

SHA256
84eb27a1fc3e7de8fecaaae09acafa8b7fca43702bde533470e3801cbdf5e1d1

SHA512
173b3f2da96d9e21895062899ef9ceaeb8ef89fc110a930dbfc962e3495300d4fef224ee1a0c70c5491975b721250a8e17d5c32a73f2cb1437c6f13932a02899

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27053.exe

Filesize
468KB

MD5
6fb6a285f24f1147932b031ab99c8c9b

SHA1
0a356391d159a3804063362da79bf7f6904ac011

SHA256
012d49b024055f7eabc58ab9d48e4a32ac729dd9014516679ad85d76c0bcab59

SHA512
d2c02d2f4eba1c40355ac2dedc76a0ee63ea8a6e97e0f1616ac3ca83a7885d514d5581fc5a99209e0db60b35ee875bfbfaa570f941b45c75a75a69a7dd798968

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27574.exe

Filesize
468KB

MD5
718ffdcc53e484095ecb7553b574faf8

SHA1
0e0064384913e2135116ece046e4e4955b4b4d6a

SHA256
2174a9fb18adb1add94064067d8ba7f2acbc71b988c0892621ae8f4edcfffb02

SHA512
cf99eb54d8dd1fa889b5a1f56c0865a869c27ded5eb86e9d2452f5d87a51c61d39882e8bfba477ecb06a666cb5a8e64ef793e1a951de7403d4fd890eeb00a602

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41777.exe

Filesize
468KB

MD5
78f2624a6239d63fea210f681a7bb825

SHA1
58d9293e769958ed8cd3e9554e1253d7d0f2aa67

SHA256
ee294fcb9dd9e1051e81d20870a86df0d35ed4f485d99c981bbcaa3fd77893c2

SHA512
76adcd5395e761189b8b75a9a33510e3bfd745de0ca283cdd173705bba1c3d056a289c33999a636b4c3fbbedf9b48d127018f3b76ed46d4cf5dab2d91554ebf9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12948.exe

Filesize
468KB

MD5
32616ed654576ad7ecbce7b57a2dc65b

SHA1
705ca40d80a7f48e719fad8b07213f5b40072f07

SHA256
6f8bd1672be55fd7d2fdd2585615e3b3d82dd9309e9e4f47e656a41f459a0a44

SHA512
879c270f023d5eb3216c4712a9184ed25645567cb6779064c68d914fbfb30d39add9acabecfa01ac326147b56bbd1a402f0cae644dcf302e50d4eea8ff44e383

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20457.exe

Filesize
468KB

MD5
6cccc077732bc6cfd60635173b3929b3

SHA1
758cedcd3021628b764a41c4b9b8007487c10468

SHA256
25d828337972f047f7c709d8e836acecb1af9ed6d5ab38b0c73105964b686eba

SHA512
0629f403930c2c8ddbbba19ad953ae27f3fb630eed8deb95188fbbb406e1a3e9bb1f76a31d221efbc48446da575e76ee7e964496444dbd750b381d53d436024e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22731.exe

Filesize
468KB

MD5
6d52f2bf1072baab62d8ecf17ae673ee

SHA1
fec3a29eba6db4c510c549445e3743328499928d

SHA256
07b358b1e6e6b0eee9d93ef4ac742458d29b1b098bff61669d92a6a63e337b6f

SHA512
8592439fbdf2d6e565366a59fb3c8855339ff16bffeb9a99befc7ee2c14032f58cfdff1317f44c5a8bc3c831c681d9e35fe3770b8f3690e6da54608d80c1b53c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23163.exe

Filesize
468KB

MD5
e22078c1285f5f1c8e275a943f07c87c

SHA1
ddf37815dcf1d7c9843d5c094a70fc4ac7d688da

SHA256
5e80c167631e097c3c3418ee5b65c3f528d925ef931964647ad6ccc35243b29e

SHA512
57c04c61db1609c1c871addbd975d1261d418d068b339bcd3bed245d5fb089c88f364e43063a75650a2a5fea0d56847eaf27f418a584f7b5b70a477806564607

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2446.exe

Filesize
468KB

MD5
28436b15a323c825c86bf5302c8cb8b9

SHA1
54f0491f557c28987541544ca500f3ddd0a29c60

SHA256
4afd49e0db940989f70e9a30504ee1be214f6df5613444575da1917f97ba71e3

SHA512
e4556d54ee55abf36f983ddf20e6f645869a57368c7eeb6e2821242248a0cd3ba0907a210f774579fd57bc6d096189f87f1aa78bae561da98ae9952cfa41196c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26588.exe

Filesize
468KB

MD5
71416d583b2635760af691276822c6ad

SHA1
d3167b773450e0e8e95eeb74b06e65181c1291c7

SHA256
2d1cf0b00719a120ffa573f2182c810c1b8d0068dc3516ad708997e0018787be

SHA512
e0b2a0be4ac14efd861839ff3dc4761bd5cbafd8e19c931f7986c6a7c0e7222878219315d5b1382e444934b50367f3c7bf974f2c7421e7a50a73c855241dd59a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27636.exe

Filesize
468KB

MD5
b4f2e43c6191f38de950e893058c7d27

SHA1
4ac540ab9699bcc878234a4fdd37792ebbb4ee81

SHA256
ebc800c5877cacbb51177f12cf29e6cb43aebd9177b5fa09a4cab1a22e7a3a12

SHA512
d13fd91bca76718812adce7357c2f0dc49f9975602eabae559f196e7e1dc6fadb30fa4ca680a489d36028356cf319b0d1c0cdab160eea962b88d4518124226ba

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28352.exe

Filesize
468KB

MD5
17dd4be622c1d6fd43077c01de4e8367

SHA1
a2662bc070ec58f0cfdc6787ee5f62c18603c073

SHA256
3ad3f6e8e6775ece3e3668e213eb10636fec1dcfa47802253f7ef45105873d69

SHA512
5c94feab916c14beff84b06b6e8135ccaa3b3bf053b05f85129f89337a2f83b0c0dc15b31473f001600f78df8e668449b282541c09f810e4a6b732306f0c485f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30672.exe

Filesize
468KB

MD5
da5e3c4057affe0b868ec93dd1f536c6

SHA1
b3ace49e05452e2893d7e06fa5f8672223c18e7f

SHA256
539973646b6c079c785f255a95b7c5dbea5d7a3f1834f5e669f41ad6927498a0

SHA512
f9857c770461b88c45740fb71218c20528a1341d6ba1e0c5d6b3b1a8f82c7a1733426dbc45c9a1067cc123faee0657db3161ab935ebb3ed643ae3dd0f22825fb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44159.exe

Filesize
468KB

MD5
9c8419c5ae4c369ca28adfc16bc7d856

SHA1
1c62ed897f0c583638ac91bb23b6aafe01991e58

SHA256
403f8db99bfcb96f93a92bdedf9d025c8b58bf43f17a17d81367b0e586581c89

SHA512
30834c355f2591e38cf7e8ef765468f310d079798be7a876bcdb8a30d315b070f2875ec9f78133392d38b041e9b6e61f09e99ae67784c9e61b694f276831ad03

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52306.exe

Filesize
468KB

MD5
b0e2d4063f2d303eec11eb8130dbe9ce

SHA1
ed337b1715e28e3ac33024da4597c61669bab293

SHA256
9b0ccbc72fb5a3f2351e9c12921765aafc47d5309de3425f8e053802ac407d2b

SHA512
1b8738a0a0ff5b04daf6e39f1f9d602118c26f5a2e249a765589845f8faddf551764830794e0b8df30f599dba35dcb1c44521fa3c37d28ffa4d640e6ed1892e3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55259.exe

Filesize
468KB

MD5
0046a647763b8de66af773ee3216c4b9

SHA1
fc2a79e8b882d6d1ec5a074244ef8c2834ad713c

SHA256
9d9565552cd2b8a53138a6d703f52bc9eeb6890ac0f1c4eb28f19eaf853a7abc

SHA512
961399dd5875599c036c117f79f56b87477e0ed1ea6860fe107206a1c394ba7755e25546603748c6406000950ea67037a9484935262eba813356fe50a39d8770

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63209.exe

Filesize
468KB

MD5
ad4f60cd1fe21db825c1296802f0d341

SHA1
52c5e177df2f01f1c550eb8365c8fe6d568d149f

SHA256
e354d57a3c5a4b06f427b630d31bb41af2298b2e2eea719ef4a6476e08fe5116

SHA512
4700c8162100ca7497dd677d3ea887a8dec392b78e05016f10b1d9b3aed9612d2eb99b8c3109cd3e79d7c8bdc626a0240170b36f31d236c68fe4362d524b2bb9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63427.exe

Filesize
468KB

MD5
ceeb0b1f751fbb6a2b4b913c2005cb7b

SHA1
b05282825258f2a4cdaeb1c0b6ef59aa119e0f3a

SHA256
0a773dabedb751eb9b6fe220aad9094e69f5037b9d12ec78188c8fe04b154fcd

SHA512
cb8507623d9d3527ec65bf9c592387317c3043a324e4b131e0247a0eb6894a07dd97d04c8eaf60a0728c8d019905bf4be25bcc9ff4c9e30c5ea9bde23e877e30

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64283.exe

Filesize
468KB

MD5
5fde90b322d909679e0b71cfb481c98a

SHA1
79576f4fc2c44e8c7cfda484207bfc5086c6c36f

SHA256
bebcfe9e5a2ba3c379e6910de4327c082ffb85e0a299f85f849093c994fd0894

SHA512
513032e73d509ae1c5f188be30628d2fa04be6f4ef1facaad924f159a1cc8eab98f0aed318a7a688506a0207e4b254f2b3ca5ed1697ee87a0cb9fb0d8328fbc3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6634.exe

Filesize
468KB

MD5
f0b76010bdc02323d1c29e31390bab7b

SHA1
ec3da8e890ee3f6e73700c5f5abaeec790cc7b78

SHA256
6ba5721465a70188b697e433f120c4c3bdd0ce264014f82aad8d85a6c28a0298

SHA512
23309e74424328461b6385d5f10a42ddd9a88e748cfa1526013981e42ef3809cb23e8f29169a2c40988090d0536af70f9106608b8681b71558b162462fa2b1f1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7381.exe

Filesize
468KB

MD5
0606441a04cab188ef9b9243eaf13632

SHA1
c1fe307009d632e8004948f54257e2c69015e054

SHA256
5f4b951dec277bb602d699cb5de4b8352693737a4db78d89cabd0bff31469f07

SHA512
57dfe39740f5ef2c421e9f1ef4039ba062b8330277197ab7e64010de88434f6b05c0c9c7d686a109dcd3de7d3c429403cf734b662e116253b17a7f6c732e6691

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8585.exe

Filesize
468KB

MD5
90f9ffc25f37cdea40d2d4c98e00411c

SHA1
d52f0aff5c74a7f96030f54f961cdca44c8042c0

SHA256
e27bef85ce47d297cc06df0119426c53eb71ffdaea2e8a63269b160ebb827251

SHA512
67f03f569f5d5a38f2c3a9f22741de3e4ab0a538d8bc52830107d8d9e0ee08a909c7a7c13e717c4cf194608f5c5c75aed5bb96685a891cdabc3ad9a22e2b8882

Download Submit