92b6300c90d08daebc2dc80edc9302beb3de038647f6c50059ae092bc3c908e3

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
08/09/2024, 00:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92b6300c90d08daebc2dc80edc9302beb3de038647f6c50059ae092bc3c908e3.exe
Size

468KB
MD5

8a5357d4862a022ff54c1ebd2b70c4e8
SHA1

55b40c7706f7a48699337ea9033f74eccc5a945f
SHA256

92b6300c90d08daebc2dc80edc9302beb3de038647f6c50059ae092bc3c908e3
SHA512

18d3eb473ebeb92430a46904a7ffa0f0448afc1069bdc1da21dc8c4fc54b675c6afb1bba3a1b73b757afc3fcee4d7016e785d5cb09da2ed1af8add00eb9b1f1f
SSDEEP

3072:2bedovI76q5yubYjPYmhff8g/EOCP3p0PmHexVoTiY37md4crSlF:2b0oVuyuIPrhffCZeSiYLO4cr

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2304	Unicorn-21763.exe
2180	Unicorn-14863.exe
2768	Unicorn-2642.exe
2804	Unicorn-50629.exe
2796	Unicorn-23842.exe
2744	Unicorn-15149.exe
2604	Unicorn-9019.exe
2644	Unicorn-46351.exe
2060	Unicorn-44129.exe
2816	Unicorn-33539.exe
2012	Unicorn-26606.exe
1636	Unicorn-26871.exe
2020	Unicorn-17314.exe
872	Unicorn-34709.exe
3000	Unicorn-9223.exe
2096	Unicorn-22421.exe
2532	Unicorn-17939.exe
2480	Unicorn-26824.exe
1536	Unicorn-8670.exe
1756	Unicorn-62953.exe
1592	Unicorn-36638.exe
1280	Unicorn-4287.exe
2680	Unicorn-38194.exe
2484	Unicorn-28185.exe
1896	Unicorn-58060.exe
1692	Unicorn-48155.exe
828	Unicorn-9998.exe
1076	Unicorn-20597.exe
2408	Unicorn-11725.exe
1172	Unicorn-19303.exe
2080	Unicorn-18255.exe
880	Unicorn-12124.exe
2420	Unicorn-27326.exe
2148	Unicorn-16255.exe
1780	Unicorn-32232.exe
2316	Unicorn-44475.exe
2092	Unicorn-25399.exe
2712	Unicorn-10562.exe
2708	Unicorn-61277.exe
380	Unicorn-7351.exe
2772	Unicorn-10151.exe
2832	Unicorn-56790.exe
2968	Unicorn-49324.exe
2612	Unicorn-55454.exe
1740	Unicorn-36762.exe
672	Unicorn-20248.exe
1000	Unicorn-20612.exe
2032	Unicorn-34474.exe
2764	Unicorn-34474.exe
1992	Unicorn-32905.exe
2600	Unicorn-13039.exe
804	Unicorn-13039.exe
2956	Unicorn-31944.exe
2924	Unicorn-35911.exe
2124	Unicorn-24758.exe
2400	Unicorn-29788.exe
1964	Unicorn-11369.exe
696	Unicorn-20048.exe
2560	Unicorn-50720.exe
2460	Unicorn-30854.exe
1932	Unicorn-18566.exe
1596	Unicorn-59672.exe
2552	Unicorn-54628.exe
2332	Unicorn-36144.exe

Loads dropped DLL 64 IoCs

pid	Process
1560	92b6300c90d08daebc2dc80edc9302beb3de038647f6c50059ae092bc3c908e3.exe
1560	92b6300c90d08daebc2dc80edc9302beb3de038647f6c50059ae092bc3c908e3.exe
2304	Unicorn-21763.exe
1560	92b6300c90d08daebc2dc80edc9302beb3de038647f6c50059ae092bc3c908e3.exe
2304	Unicorn-21763.exe
1560	92b6300c90d08daebc2dc80edc9302beb3de038647f6c50059ae092bc3c908e3.exe
2304	Unicorn-21763.exe
2180	Unicorn-14863.exe
2304	Unicorn-21763.exe
2180	Unicorn-14863.exe
2768	Unicorn-2642.exe
2768	Unicorn-2642.exe
1560	92b6300c90d08daebc2dc80edc9302beb3de038647f6c50059ae092bc3c908e3.exe
1560	92b6300c90d08daebc2dc80edc9302beb3de038647f6c50059ae092bc3c908e3.exe
2804	Unicorn-50629.exe
2804	Unicorn-50629.exe
2304	Unicorn-21763.exe
2304	Unicorn-21763.exe
2604	Unicorn-9019.exe
2604	Unicorn-9019.exe
1560	92b6300c90d08daebc2dc80edc9302beb3de038647f6c50059ae092bc3c908e3.exe
2744	Unicorn-15149.exe
1560	92b6300c90d08daebc2dc80edc9302beb3de038647f6c50059ae092bc3c908e3.exe
2744	Unicorn-15149.exe
2180	Unicorn-14863.exe
2180	Unicorn-14863.exe
2644	Unicorn-46351.exe
2644	Unicorn-46351.exe
2804	Unicorn-50629.exe
2804	Unicorn-50629.exe
2060	Unicorn-44129.exe
2060	Unicorn-44129.exe
2796	Unicorn-23842.exe
2796	Unicorn-23842.exe
2304	Unicorn-21763.exe
2304	Unicorn-21763.exe
2768	Unicorn-2642.exe
2768	Unicorn-2642.exe
2012	Unicorn-26606.exe
2012	Unicorn-26606.exe
1560	92b6300c90d08daebc2dc80edc9302beb3de038647f6c50059ae092bc3c908e3.exe
1560	92b6300c90d08daebc2dc80edc9302beb3de038647f6c50059ae092bc3c908e3.exe
2816	Unicorn-33539.exe
2816	Unicorn-33539.exe
2604	Unicorn-9019.exe
2604	Unicorn-9019.exe
1636	Unicorn-26871.exe
1636	Unicorn-26871.exe
2020	Unicorn-17314.exe
2020	Unicorn-17314.exe
2180	Unicorn-14863.exe
2180	Unicorn-14863.exe
2744	Unicorn-15149.exe
2744	Unicorn-15149.exe
872	Unicorn-34709.exe
872	Unicorn-34709.exe
2644	Unicorn-46351.exe
2644	Unicorn-46351.exe
2532	Unicorn-17939.exe
2532	Unicorn-17939.exe
1536	Unicorn-8670.exe
1536	Unicorn-8670.exe
2796	Unicorn-23842.exe
2796	Unicorn-23842.exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18566.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9564.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19524.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28870.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26415.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37533.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34266.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49346.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23774.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65290.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41254.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51053.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6548.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20248.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56267.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29734.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2711.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51053.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27607.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35823.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51053.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58165.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9019.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34753.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29788.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18785.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18941.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49665.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19343.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	92b6300c90d08daebc2dc80edc9302beb3de038647f6c50059ae092bc3c908e3.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58868.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18238.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49665.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54628.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52300.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37799.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51053.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36590.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19303.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16255.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32268.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35878.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10562.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36904.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42135.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45133.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27506.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61071.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24651.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51053.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51053.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31933.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34266.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12496.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32179.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20048.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21775.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64717.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61988.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56158.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27607.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5547.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64788.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51053.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1560	92b6300c90d08daebc2dc80edc9302beb3de038647f6c50059ae092bc3c908e3.exe
2304	Unicorn-21763.exe
2180	Unicorn-14863.exe
2768	Unicorn-2642.exe
2804	Unicorn-50629.exe
2796	Unicorn-23842.exe
2604	Unicorn-9019.exe
2744	Unicorn-15149.exe
2644	Unicorn-46351.exe
2060	Unicorn-44129.exe
2012	Unicorn-26606.exe
2816	Unicorn-33539.exe
2020	Unicorn-17314.exe
1636	Unicorn-26871.exe
872	Unicorn-34709.exe
3000	Unicorn-9223.exe
2096	Unicorn-22421.exe
2532	Unicorn-17939.exe
2480	Unicorn-26824.exe
1536	Unicorn-8670.exe
1756	Unicorn-62953.exe
1592	Unicorn-36638.exe
1280	Unicorn-4287.exe
2680	Unicorn-38194.exe
2484	Unicorn-28185.exe
1896	Unicorn-58060.exe
828	Unicorn-9998.exe
1692	Unicorn-48155.exe
1076	Unicorn-20597.exe
2408	Unicorn-11725.exe
1172	Unicorn-19303.exe
2080	Unicorn-18255.exe
2420	Unicorn-27326.exe
880	Unicorn-12124.exe
2148	Unicorn-16255.exe
1780	Unicorn-32232.exe
2092	Unicorn-25399.exe
2316	Unicorn-44475.exe
2712	Unicorn-10562.exe
2708	Unicorn-61277.exe
2832	Unicorn-56790.exe
380	Unicorn-7351.exe
2772	Unicorn-10151.exe
2968	Unicorn-49324.exe
2612	Unicorn-55454.exe
1740	Unicorn-36762.exe
1000	Unicorn-20612.exe
672	Unicorn-20248.exe
2032	Unicorn-34474.exe
2764	Unicorn-34474.exe
2600	Unicorn-13039.exe
1992	Unicorn-32905.exe
804	Unicorn-13039.exe
2956	Unicorn-31944.exe
2124	Unicorn-24758.exe
2924	Unicorn-35911.exe
2400	Unicorn-29788.exe
1964	Unicorn-11369.exe
2560	Unicorn-50720.exe
696	Unicorn-20048.exe
2460	Unicorn-30854.exe
1932	Unicorn-18566.exe
1596	Unicorn-59672.exe
2552	Unicorn-54628.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1560 wrote to memory of 2304	1560	92b6300c90d08daebc2dc80edc9302beb3de038647f6c50059ae092bc3c908e3.exe	30
PID 1560 wrote to memory of 2304	1560	92b6300c90d08daebc2dc80edc9302beb3de038647f6c50059ae092bc3c908e3.exe	30
PID 1560 wrote to memory of 2304	1560	92b6300c90d08daebc2dc80edc9302beb3de038647f6c50059ae092bc3c908e3.exe	30
PID 1560 wrote to memory of 2304	1560	92b6300c90d08daebc2dc80edc9302beb3de038647f6c50059ae092bc3c908e3.exe	30
PID 2304 wrote to memory of 2180	2304	Unicorn-21763.exe	32
PID 2304 wrote to memory of 2180	2304	Unicorn-21763.exe	32
PID 2304 wrote to memory of 2180	2304	Unicorn-21763.exe	32
PID 2304 wrote to memory of 2180	2304	Unicorn-21763.exe	32
PID 1560 wrote to memory of 2768	1560	92b6300c90d08daebc2dc80edc9302beb3de038647f6c50059ae092bc3c908e3.exe	33
PID 1560 wrote to memory of 2768	1560	92b6300c90d08daebc2dc80edc9302beb3de038647f6c50059ae092bc3c908e3.exe	33
PID 1560 wrote to memory of 2768	1560	92b6300c90d08daebc2dc80edc9302beb3de038647f6c50059ae092bc3c908e3.exe	33
PID 1560 wrote to memory of 2768	1560	92b6300c90d08daebc2dc80edc9302beb3de038647f6c50059ae092bc3c908e3.exe	33
PID 2304 wrote to memory of 2804	2304	Unicorn-21763.exe	35
PID 2304 wrote to memory of 2804	2304	Unicorn-21763.exe	35
PID 2304 wrote to memory of 2804	2304	Unicorn-21763.exe	35
PID 2304 wrote to memory of 2804	2304	Unicorn-21763.exe	35
PID 2180 wrote to memory of 2796	2180	Unicorn-14863.exe	34
PID 2180 wrote to memory of 2796	2180	Unicorn-14863.exe	34
PID 2180 wrote to memory of 2796	2180	Unicorn-14863.exe	34
PID 2180 wrote to memory of 2796	2180	Unicorn-14863.exe	34
PID 2768 wrote to memory of 2744	2768	Unicorn-2642.exe	36
PID 2768 wrote to memory of 2744	2768	Unicorn-2642.exe	36
PID 2768 wrote to memory of 2744	2768	Unicorn-2642.exe	36
PID 2768 wrote to memory of 2744	2768	Unicorn-2642.exe	36
PID 1560 wrote to memory of 2604	1560	92b6300c90d08daebc2dc80edc9302beb3de038647f6c50059ae092bc3c908e3.exe	37
PID 1560 wrote to memory of 2604	1560	92b6300c90d08daebc2dc80edc9302beb3de038647f6c50059ae092bc3c908e3.exe	37
PID 1560 wrote to memory of 2604	1560	92b6300c90d08daebc2dc80edc9302beb3de038647f6c50059ae092bc3c908e3.exe	37
PID 1560 wrote to memory of 2604	1560	92b6300c90d08daebc2dc80edc9302beb3de038647f6c50059ae092bc3c908e3.exe	37
PID 2804 wrote to memory of 2644	2804	Unicorn-50629.exe	38
PID 2804 wrote to memory of 2644	2804	Unicorn-50629.exe	38
PID 2804 wrote to memory of 2644	2804	Unicorn-50629.exe	38
PID 2804 wrote to memory of 2644	2804	Unicorn-50629.exe	38
PID 2304 wrote to memory of 2060	2304	Unicorn-21763.exe	39
PID 2304 wrote to memory of 2060	2304	Unicorn-21763.exe	39
PID 2304 wrote to memory of 2060	2304	Unicorn-21763.exe	39
PID 2304 wrote to memory of 2060	2304	Unicorn-21763.exe	39
PID 2604 wrote to memory of 2816	2604	Unicorn-9019.exe	40
PID 2604 wrote to memory of 2816	2604	Unicorn-9019.exe	40
PID 2604 wrote to memory of 2816	2604	Unicorn-9019.exe	40
PID 2604 wrote to memory of 2816	2604	Unicorn-9019.exe	40
PID 1560 wrote to memory of 2012	1560	92b6300c90d08daebc2dc80edc9302beb3de038647f6c50059ae092bc3c908e3.exe	41
PID 1560 wrote to memory of 2012	1560	92b6300c90d08daebc2dc80edc9302beb3de038647f6c50059ae092bc3c908e3.exe	41
PID 1560 wrote to memory of 2012	1560	92b6300c90d08daebc2dc80edc9302beb3de038647f6c50059ae092bc3c908e3.exe	41
PID 1560 wrote to memory of 2012	1560	92b6300c90d08daebc2dc80edc9302beb3de038647f6c50059ae092bc3c908e3.exe	41
PID 2744 wrote to memory of 1636	2744	Unicorn-15149.exe	42
PID 2744 wrote to memory of 1636	2744	Unicorn-15149.exe	42
PID 2744 wrote to memory of 1636	2744	Unicorn-15149.exe	42
PID 2744 wrote to memory of 1636	2744	Unicorn-15149.exe	42
PID 2180 wrote to memory of 2020	2180	Unicorn-14863.exe	43
PID 2180 wrote to memory of 2020	2180	Unicorn-14863.exe	43
PID 2180 wrote to memory of 2020	2180	Unicorn-14863.exe	43
PID 2180 wrote to memory of 2020	2180	Unicorn-14863.exe	43
PID 2644 wrote to memory of 872	2644	Unicorn-46351.exe	44
PID 2644 wrote to memory of 872	2644	Unicorn-46351.exe	44
PID 2644 wrote to memory of 872	2644	Unicorn-46351.exe	44
PID 2644 wrote to memory of 872	2644	Unicorn-46351.exe	44
PID 2804 wrote to memory of 3000	2804	Unicorn-50629.exe	45
PID 2804 wrote to memory of 3000	2804	Unicorn-50629.exe	45
PID 2804 wrote to memory of 3000	2804	Unicorn-50629.exe	45
PID 2804 wrote to memory of 3000	2804	Unicorn-50629.exe	45
PID 2060 wrote to memory of 2096	2060	Unicorn-44129.exe	46
PID 2060 wrote to memory of 2096	2060	Unicorn-44129.exe	46
PID 2060 wrote to memory of 2096	2060	Unicorn-44129.exe	46
PID 2060 wrote to memory of 2096	2060	Unicorn-44129.exe	46

C:\Users\Admin\AppData\Local\Temp\92b6300c90d08daebc2dc80edc9302beb3de038647f6c50059ae092bc3c908e3.exe
"C:\Users\Admin\AppData\Local\Temp\92b6300c90d08daebc2dc80edc9302beb3de038647f6c50059ae092bc3c908e3.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1560
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21763.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21763.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14863.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14863.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23842.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17939.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19303.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20048.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36904.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51053.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13598.exe
        8⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47801.exe
        8⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29734.exe
        8⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1702.exe
        7⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64788.exe
        7⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19463.exe
        7⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39136.exe
        7⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13199.exe
        7⤵
        
        PID:7156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30854.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44677.exe
        7⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14940.exe
        7⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32179.exe
        7⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49665.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12664.exe
        6⤵
        
        PID:1988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43682.exe
        6⤵
        
        PID:3464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18941.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36590.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12124.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21368.exe
        6⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17825.exe
        7⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24081.exe
        7⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21741.exe
        7⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35878.exe
        7⤵
        
        PID:7024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64466.exe
        6⤵
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60489.exe
        6⤵
        
        PID:3352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44467.exe
        6⤵
        
        PID:4824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19524.exe
        6⤵
        
        PID:6680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24651.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48941.exe
        6⤵
        
        PID:2872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51053.exe
        6⤵
        
        PID:3996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15821.exe
        6⤵
        
        PID:4544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49665.exe
        6⤵
        
        PID:6468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49817.exe
        5⤵
        
        PID:2564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45452.exe
        5⤵
        
        PID:3356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63475.exe
        5⤵
        
        PID:4524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31188.exe
        5⤵
        
        PID:6000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17314.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58060.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32905.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49346.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51053.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27607.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49665.exe
        7⤵
        
        PID:6288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10904.exe
        6⤵
        
        PID:2164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64788.exe
        6⤵
        
        PID:3960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35801.exe
        6⤵
        
        PID:4768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36590.exe
        6⤵
        
        PID:6852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31944.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62842.exe
        6⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11594.exe
        7⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51053.exe
        7⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32482.exe
        7⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64661.exe
        7⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35878.exe
        7⤵
        
        PID:7016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21449.exe
        6⤵
        
        PID:2728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64788.exe
        6⤵
        
        PID:4068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38348.exe
        6⤵
        
        PID:4852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55996.exe
        6⤵
        
        PID:6084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19343.exe
        6⤵
        
        PID:7068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22039.exe
        5⤵
        
        PID:1452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26631.exe
        6⤵
        
        PID:1108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29674.exe
        6⤵
        
        PID:4184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26313.exe
        6⤵
        
        PID:5492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29734.exe
        6⤵
        
        PID:5316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22269.exe
        5⤵
        
        PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33207.exe
        5⤵
        
        PID:4312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23838.exe
        5⤵
        
        PID:5084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-283.exe
        5⤵
        
        PID:5296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48155.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48155.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36762.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62842.exe
        6⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8097.exe
        7⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51053.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23736.exe
        7⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26812.exe
        7⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60918.exe
        7⤵
        
        PID:6196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51320.exe
        6⤵
        
        PID:976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64788.exe
        6⤵
        
        PID:3312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38222.exe
        6⤵
        
        PID:4680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19524.exe
        6⤵
        
        PID:6860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-543.exe
        5⤵
        
        PID:2156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43947.exe
        6⤵
        
        PID:4124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52976.exe
        6⤵
        
        PID:5732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58534.exe
        6⤵
        
        PID:6744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58587.exe
        5⤵
        
        PID:4016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41708.exe
        5⤵
        
        PID:4928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23513.exe
        5⤵
        
        PID:5540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33129.exe
        5⤵
        
        PID:6596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20612.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20612.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-78.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-78.exe
        5⤵
        
        PID:2828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44754.exe
        6⤵
        
        PID:2076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16541.exe
        6⤵
        
        PID:4508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26313.exe
        6⤵
        
        PID:5484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35878.exe
        6⤵
        
        PID:6972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15292.exe
        5⤵
        
        PID:688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65237.exe
        5⤵
        
        PID:4404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37799.exe
        5⤵
        
        PID:5148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59670.exe
        5⤵
        
        PID:6284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5547.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5547.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41254.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1205.exe
        5⤵
        
        PID:4660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42135.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8418.exe
        5⤵
        
        PID:6164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54494.exe
      4⤵
      PID:3432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12670.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12670.exe
      4⤵
      PID:4572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8133.exe
      4⤵
      PID:5140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47785.exe
      4⤵
      PID:7092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50629.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50629.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46351.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46351.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34709.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20597.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35911.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27879.exe
        8⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64717.exe
        9⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54373.exe
        9⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31933.exe
        9⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58330.exe
        9⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44852.exe
        8⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35843.exe
        8⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37799.exe
        8⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49665.exe
        8⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12402.exe
        7⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64717.exe
        8⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22107.exe
        8⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31933.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2798.exe
        8⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34576.exe
        8⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58587.exe
        7⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49500.exe
        7⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35087.exe
        7⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50195.exe
        7⤵
        
        PID:6620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24758.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36904.exe
        7⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51053.exe
        7⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3699.exe
        7⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60854.exe
        7⤵
        
        PID:6040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61542.exe
        6⤵
        
        PID:2652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5116.exe
        6⤵
        
        PID:3496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56158.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50195.exe
        6⤵
        
        PID:6548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11725.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29788.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7980.exe
        7⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51053.exe
        7⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3374.exe
        7⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49665.exe
        7⤵
        
        PID:6448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61362.exe
        6⤵
        
        PID:2984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64788.exe
        6⤵
        
        PID:3212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18361.exe
        6⤵
        
        PID:1920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18146.exe
        6⤵
        
        PID:4716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11369.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11263.exe
        6⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12995.exe
        7⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5766.exe
        7⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-208.exe
        7⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36059.exe
        7⤵
        
        PID:6768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1669.exe
        6⤵
        
        PID:2112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37817.exe
        6⤵
        
        PID:3412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27607.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49665.exe
        6⤵
        
        PID:6368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32003.exe
        5⤵
        
        PID:2356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2601.exe
        6⤵
        
        PID:3288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1205.exe
        6⤵
        
        PID:4644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43174.exe
        6⤵
        
        PID:4416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30368.exe
        6⤵
        
        PID:7072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55787.exe
        5⤵
        
        PID:3964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48772.exe
        5⤵
        
        PID:4216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24043.exe
        5⤵
        
        PID:5460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28664.exe
        5⤵
        
        PID:6572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9223.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9223.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25399.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35096.exe
        6⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45411.exe
        7⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51053.exe
        7⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12496.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26812.exe
        7⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62677.exe
        7⤵
        
        PID:7148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33737.exe
        6⤵
        
        PID:2144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64788.exe
        6⤵
        
        PID:4084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19463.exe
        6⤵
        
        PID:2508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55996.exe
        6⤵
        
        PID:6080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19343.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42462.exe
        5⤵
        
        PID:284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48273.exe
        6⤵
        
        PID:3260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58165.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53719.exe
        6⤵
        
        PID:5348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39273.exe
        6⤵
        
        PID:6032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35511.exe
        5⤵
        
        PID:304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34172.exe
        5⤵
        
        PID:3408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-899.exe
        5⤵
        
        PID:4808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35653.exe
        5⤵
        
        PID:5960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10151.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10151.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32268.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54801.exe
        6⤵
        
        PID:1192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51053.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13598.exe
        6⤵
        
        PID:4284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47801.exe
        6⤵
        
        PID:5132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29734.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37507.exe
        5⤵
        
        PID:2784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64788.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18941.exe
        5⤵
        
        PID:4324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33129.exe
        5⤵
        
        PID:6500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46911.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46911.exe
      4⤵
      PID:2028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57213.exe
        5⤵
        
        PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-290.exe
        5⤵
        
        PID:5612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58085.exe
        5⤵
        
        PID:6440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61988.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3877.exe
      4⤵
      PID:4756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15059.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15059.exe
      4⤵
      PID:6880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44129.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44129.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22421.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22421.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16255.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59672.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34524.exe
        7⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14571.exe
        7⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3374.exe
        7⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49665.exe
        7⤵
        
        PID:6516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64466.exe
        6⤵
        
        PID:1392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60489.exe
        6⤵
        
        PID:3304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27607.exe
        6⤵
        
        PID:920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55809.exe
        6⤵
        
        PID:5280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54628.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49659.exe
        6⤵
        
        PID:2016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27539.exe
        6⤵
        
        PID:4256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9956.exe
        6⤵
        
        PID:4452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64474.exe
        6⤵
        
        PID:6024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62677.exe
        6⤵
        
        PID:7152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29692.exe
        5⤵
        
        PID:2668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53113.exe
        5⤵
        
        PID:4272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40374.exe
        5⤵
        
        PID:4676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39273.exe
        5⤵
        
        PID:5304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61448.exe
        5⤵
        
        PID:6324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32232.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36144.exe
        5⤵
        Executes dropped EXE
        
        PID:2332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18795.exe
        6⤵
        
        PID:1212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40914.exe
        6⤵
        
        PID:4168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26313.exe
        6⤵
        
        PID:5452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58330.exe
        6⤵
        
        PID:6820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42081.exe
        5⤵
        
        PID:2976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25528.exe
        5⤵
        
        PID:4108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27607.exe
        5⤵
        
        PID:4412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65290.exe
        5⤵
        
        PID:5420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15237.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15237.exe
      4⤵
      PID:2404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53561.exe
        5⤵
        
        PID:1632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51053.exe
        5⤵
        
        PID:3080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3374.exe
        5⤵
        
        PID:6100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49665.exe
        5⤵
        
        PID:6564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61488.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61488.exe
      4⤵
      PID:2240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61988.exe
      4⤵
      PID:3384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49900.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49900.exe
      4⤵
      PID:4304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52719.exe
      4⤵
      PID:5988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26824.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26824.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10562.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10562.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32268.exe
        5⤵
        
        PID:3048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64717.exe
        6⤵
        
        PID:4048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19463.exe
        6⤵
        
        PID:4252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55996.exe
        6⤵
        
        PID:4696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19343.exe
        6⤵
        
        PID:7084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44852.exe
        5⤵
        
        PID:3148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2571.exe
        5⤵
        
        PID:4204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43419.exe
        5⤵
        
        PID:5244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49665.exe
        5⤵
        
        PID:6476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12402.exe
      4⤵
      PID:860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5648.exe
        5⤵
        
        PID:3012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51053.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13598.exe
        5⤵
        
        PID:4896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51665.exe
        5⤵
        
        PID:5984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2090.exe
      4⤵
      PID:548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5116.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5116.exe
      4⤵
      PID:3504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10798.exe
      4⤵
      PID:2328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39460.exe
      4⤵
      PID:6036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36409.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36409.exe
      4⤵
      PID:6976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7351.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7351.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-78.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-78.exe
      4⤵
      PID:2616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64717.exe
        5⤵
        
        PID:4036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56373.exe
        5⤵
        
        PID:4904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43174.exe
        5⤵
        
        PID:4888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35878.exe
        5⤵
        
        PID:7040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60094.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60094.exe
      4⤵
      PID:3420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58165.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58165.exe
      4⤵
      PID:4348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56267.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56267.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33129.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33129.exe
      4⤵
      PID:6336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37197.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37197.exe
    3⤵
    PID:2844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27237.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27237.exe
      4⤵
      PID:5376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61071.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65477.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65477.exe
      4⤵
      PID:7164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6022.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6022.exe
    3⤵
    PID:3444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
    3⤵
    PID:4628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62715.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62715.exe
    3⤵
    PID:5468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27529.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27529.exe
    3⤵
    PID:6612
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2642.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2642.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15149.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15149.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26871.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26871.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28185.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34474.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56935.exe
        7⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64717.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45133.exe
        8⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26313.exe
        8⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58330.exe
        8⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58587.exe
        7⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64733.exe
        7⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29133.exe
        7⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48754.exe
        7⤵
        
        PID:6148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42976.exe
        6⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18795.exe
        7⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46754.exe
        7⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21741.exe
        7⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64474.exe
        7⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60918.exe
        7⤵
        
        PID:6240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35885.exe
        6⤵
        
        PID:2576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62096.exe
        6⤵
        
        PID:4228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23513.exe
        6⤵
        
        PID:5532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33129.exe
        6⤵
        
        PID:6328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18785.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22774.exe
        6⤵
        
        PID:2272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42165.exe
        6⤵
        
        PID:4796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26313.exe
        6⤵
        
        PID:5524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58330.exe
        6⤵
        
        PID:6828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32201.exe
        5⤵
        
        PID:2640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41550.exe
        5⤵
        
        PID:4360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12598.exe
        5⤵
        
        PID:5180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50195.exe
        5⤵
        
        PID:6484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9998.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9998.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44475.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34266.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23774.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16541.exe
        7⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37554.exe
        7⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58330.exe
        7⤵
        
        PID:6796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3004.exe
        6⤵
        
        PID:3120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58165.exe
        6⤵
        
        PID:4288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51623.exe
        6⤵
        
        PID:5920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33129.exe
        6⤵
        
        PID:6460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42620.exe
        5⤵
        
        PID:1672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26415.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58587.exe
        5⤵
        
        PID:4008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49500.exe
        5⤵
        
        PID:4236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39731.exe
        5⤵
        
        PID:5628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-283.exe
        5⤵
        
        PID:5360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61277.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61277.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13675.exe
        5⤵
        
        PID:1368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57373.exe
        6⤵
        
        PID:2580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51053.exe
        6⤵
        
        PID:3204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3374.exe
        6⤵
        
        PID:6128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49665.exe
        6⤵
        
        PID:6300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23380.exe
        5⤵
        
        PID:996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64788.exe
        5⤵
        
        PID:3300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9564.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52189.exe
        5⤵
        
        PID:5992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18041.exe
        5⤵
        
        PID:6700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42083.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42083.exe
      4⤵
      PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57373.exe
        5⤵
        
        PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51053.exe
        5⤵
        
        PID:3928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27607.exe
        5⤵
        
        PID:4372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49665.exe
        5⤵
        
        PID:6604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40481.exe
      4⤵
      PID:2948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12670.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12670.exe
      4⤵
      PID:4580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2513.exe
      4⤵
      PID:5556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23329.exe
      4⤵
      PID:6704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8670.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8670.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18255.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50720.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63796.exe
        6⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38024.exe
        7⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45133.exe
        7⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26313.exe
        7⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58330.exe
        7⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60918.exe
        7⤵
        
        PID:6428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51053.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6270.exe
        6⤵
        
        PID:5768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35878.exe
        6⤵
        
        PID:7008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48721.exe
        5⤵
        
        PID:2108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64788.exe
        5⤵
        
        PID:3992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38348.exe
        5⤵
        
        PID:4832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60246.exe
        5⤵
        
        PID:6088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38749.exe
        5⤵
        
        PID:6276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18566.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18566.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36904.exe
        5⤵
        
        PID:2280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51053.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21640.exe
        5⤵
        
        PID:4636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36059.exe
        5⤵
        
        PID:6776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38966.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38966.exe
      4⤵
      PID:2336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5116.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5116.exe
      4⤵
      PID:3480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29682.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29682.exe
      4⤵
      PID:4872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39460.exe
      4⤵
      PID:6136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37533.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27326.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27326.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27464.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27464.exe
      4⤵
      PID:2476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17825.exe
        5⤵
        
        PID:1552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24081.exe
        5⤵
        
        PID:3452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21741.exe
        5⤵
        
        PID:4868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41672.exe
        5⤵
        
        PID:5220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64466.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64466.exe
      4⤵
      PID:2676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37817.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37817.exe
      4⤵
      PID:3512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27607.exe
      4⤵
      PID:2496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59670.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59670.exe
      4⤵
      PID:6308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62281.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62281.exe
    3⤵
    PID:2588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11263.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11263.exe
      4⤵
      PID:2792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26332.exe
        5⤵
        
        PID:1168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35843.exe
        5⤵
        
        PID:4968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37799.exe
        5⤵
        
        PID:4784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32482.exe
        5⤵
        
        PID:6492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18041.exe
        5⤵
        
        PID:6652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21775.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21775.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28306.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28306.exe
      4⤵
      PID:3456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27506.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27506.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19524.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19524.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51335.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51335.exe
    3⤵
    PID:2244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64717.exe
      4⤵
      PID:3128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45133.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31933.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31933.exe
      4⤵
      PID:5156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41148.exe
      4⤵
      PID:6720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56317.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56317.exe
    3⤵
    PID:3948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12042.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12042.exe
    3⤵
    PID:4952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14038.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14038.exe
    3⤵
    PID:4828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27529.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27529.exe
    3⤵
    PID:6228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50242.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50242.exe
    3⤵
    PID:6648
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9019.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9019.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33539.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33539.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4287.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4287.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34474.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34266.exe
        6⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64717.exe
        7⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52300.exe
        7⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26972.exe
        7⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32482.exe
        7⤵
        
        PID:6532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44852.exe
        6⤵
        
        PID:3156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58868.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32179.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49665.exe
        6⤵
        
        PID:6420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57762.exe
        5⤵
        
        PID:1236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7434.exe
        6⤵
        
        PID:4516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2275.exe
        6⤵
        
        PID:5656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13049.exe
        6⤵
        
        PID:7100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58587.exe
        5⤵
        
        PID:4024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8436.exe
        5⤵
        
        PID:4196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34753.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33129.exe
        5⤵
        
        PID:6628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13039.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13039.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14737.exe
        5⤵
        
        PID:2008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31211.exe
        6⤵
        
        PID:3316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1205.exe
        6⤵
        
        PID:4652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26313.exe
        6⤵
        
        PID:5516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58330.exe
        6⤵
        
        PID:6788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11441.exe
        5⤵
        
        PID:3532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14940.exe
        5⤵
        
        PID:4612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37799.exe
        5⤵
        
        PID:4724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49665.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56712.exe
      4⤵
      PID:2624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35823.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16541.exe
        5⤵
        
        PID:4468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31933.exe
        5⤵
        
        PID:2376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35878.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54181.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54181.exe
      4⤵
      PID:2292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32964.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32964.exe
      4⤵
      PID:4164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6548.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28664.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28664.exe
      4⤵
      PID:6244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38194.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38194.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56790.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27879.exe
        5⤵
        
        PID:2236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44852.exe
        6⤵
        
        PID:3140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58868.exe
        6⤵
        
        PID:5116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37799.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65290.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18041.exe
        6⤵
        
        PID:6636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34580.exe
        5⤵
        
        PID:1972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58165.exe
        5⤵
        
        PID:4328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6018.exe
        5⤵
        
        PID:5840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33129.exe
        5⤵
        
        PID:6412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56935.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56935.exe
      4⤵
      PID:2172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37062.exe
        5⤵
        
        PID:344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62742.exe
        5⤵
        
        PID:4340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31933.exe
        5⤵
        
        PID:932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63950.exe
        5⤵
        
        PID:6264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34576.exe
        5⤵
        
        PID:6260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5116.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5116.exe
      4⤵
      PID:3236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20936.exe
      4⤵
      PID:4712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1611.exe
      4⤵
      PID:5272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63207.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63207.exe
      4⤵
      PID:7132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49324.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49324.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64067.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64067.exe
      4⤵
      PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61731.exe
        5⤵
        
        PID:4564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52976.exe
        5⤵
        
        PID:5724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52465.exe
        5⤵
        
        PID:6736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5116.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5116.exe
      4⤵
      PID:3336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20412.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20412.exe
      4⤵
      PID:4772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36590.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36590.exe
      4⤵
      PID:6876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2711.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2711.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64717.exe
      4⤵
      PID:3108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52300.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52300.exe
      4⤵
      PID:4132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14683.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14683.exe
      4⤵
      PID:5848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49665.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49665.exe
      4⤵
      PID:6432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12670.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12670.exe
    3⤵
    PID:4588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19373.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19373.exe
    3⤵
    PID:4476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38954.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38954.exe
    3⤵
    PID:5372
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26606.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26606.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62953.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62953.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51020.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51020.exe
      4⤵
      PID:2264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45096.exe
        5⤵
        
        PID:2880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51053.exe
        5⤵
        
        PID:3544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13598.exe
        5⤵
        
        PID:5028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64661.exe
        5⤵
        
        PID:6052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35878.exe
        5⤵
        
        PID:7000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20201.exe
      4⤵
      PID:2436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63009.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63009.exe
      4⤵
      PID:3416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2406.exe
      4⤵
      PID:4392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50195.exe
      4⤵
      PID:6396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13039.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13039.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62663.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62663.exe
      4⤵
      PID:1996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28870.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16541.exe
        5⤵
        
        PID:4480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37554.exe
        5⤵
        
        PID:5208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63950.exe
        5⤵
        
        PID:6376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21388.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21388.exe
      4⤵
      PID:3188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14940.exe
      4⤵
      PID:4620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43419.exe
      4⤵
      PID:5224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49665.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49665.exe
      4⤵
      PID:6360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43745.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43745.exe
    3⤵
    PID:776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40120.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40120.exe
      4⤵
      PID:3180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52300.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52300.exe
      4⤵
      PID:5016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64932.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64932.exe
      4⤵
      PID:5712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32482.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32482.exe
      4⤵
      PID:6556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31042.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31042.exe
    3⤵
    PID:3520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12140.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12140.exe
    3⤵
    PID:4596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23838.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23838.exe
    3⤵
    PID:4400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-283.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-283.exe
    3⤵
    PID:5164
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36638.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36638.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55454.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55454.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32268.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32268.exe
      4⤵
      PID:2688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58033.exe
        5⤵
        
        PID:3256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47291.exe
        6⤵
        
        PID:5412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52300.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60288.exe
        5⤵
        
        PID:5952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49665.exe
        5⤵
        
        PID:6580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54649.exe
      4⤵
      PID:3404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13598.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13598.exe
      4⤵
      PID:4264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47801.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47801.exe
      4⤵
      PID:5196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29734.exe
      4⤵
      PID:4900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56935.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56935.exe
    3⤵
    PID:1732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45261.exe
      4⤵
      PID:1724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35843.exe
      4⤵
      PID:4976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43419.exe
      4⤵
      PID:5236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49665.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49665.exe
      4⤵
      PID:6524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12664.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12664.exe
    3⤵
    PID:2820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43682.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43682.exe
    3⤵
    PID:3400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18941.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18941.exe
    3⤵
    PID:4844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33129.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33129.exe
    3⤵
    PID:6344
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20248.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20248.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34266.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34266.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35823.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35823.exe
      4⤵
      PID:1436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51502.exe
      4⤵
      PID:4380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43174.exe
      4⤵
      PID:4460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41148.exe
      4⤵
      PID:6748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17196.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17196.exe
    3⤵
    PID:2504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30276.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30276.exe
    3⤵
    PID:4496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32179.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32179.exe
    3⤵
    PID:5436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49665.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49665.exe
    3⤵
    PID:6540
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19478.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19478.exe
  2⤵
  PID:2256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64717.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64717.exe
    3⤵
    PID:2136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52300.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52300.exe
    3⤵
    PID:5064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64932.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64932.exe
    3⤵
    PID:5704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49665.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49665.exe
    3⤵
    PID:6404
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34786.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34786.exe
  2⤵
  PID:3940
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6707.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6707.exe
  2⤵
  PID:4992
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18238.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18238.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4736
- C:\Users\Admin\AppData\Local\Temp\Unicorn-65330.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-65330.exe
  2⤵
  PID:6352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12124.exe

Filesize
468KB

MD5
962f352dcd2f42ef4ca92b5cba605461

SHA1
1c457bbc2206e302fd9fc7a3afe71dd860c0b368

SHA256
974729cf9bbbeb0e6a1773b5b8c4712af04b28428eb74fa50337baeb695ddf2e

SHA512
146fd6a7900ccb40da305b7ed1074f7d9365e476152f828d354d07142b2ed65f89b327f7d7f0db16a212cb80c4aaaaf14371de3075fc4097b4e28cee81bdb421

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17314.exe

Filesize
468KB

MD5
a04ae67e2d8943d68a9019eb5e56ff94

SHA1
9e7970b86499663bf1addd70dbfaf304aec35333

SHA256
6aca19c8f9c2325fe9e7621858e36ba3931da39587586da2f7302973de727b0a

SHA512
ae51ce79afda2ba8ff75aaa85575030e479a9c8a0908ac52bde53ccde1cc2276782e7862d8ed03e6c99aab9209358161b40b8896e0083c9ee18352fe5ba8242c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22421.exe

Filesize
468KB

MD5
cf411adf99e378d7c63f36e5e99d4e19

SHA1
2bb4f9c791d4da78590ae1f535145bb663cb475f

SHA256
5154e929335386425c7de92d4598078c272f41c4844d0e9d2b49e1fd373f04b8

SHA512
a57bf5c0df6f4721adac92305e060c3596a28587486b01e8315257cf311826ae6d11229a81b5deb318953f9ded8e257e8cd9d760b56144d7e5c0a4154d448c5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33539.exe

Filesize
468KB

MD5
f3be72adfe52a75d36911e653a85e04d

SHA1
f6510c21120966cbcf1ed356f03a7b5be363b200

SHA256
68d3ee50a9c5631a5f56b77b5b670d4fe1beee74b07fc83bd3fb62517526144c

SHA512
d13b2ef34f4c03477279f03d05d21c6014aa18bf81c7775e7bb56c45041c26879a8b31a76f604fa6628bee33e5ebde3e28432df1f4e72f755de3337aba909d96

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43947.exe

Filesize
468KB

MD5
1c9ec8735f09e19b7bba4c68f2b2d3ea

SHA1
2a69233c0a86cfe5ede06f0a4e4659bd7dedd770

SHA256
50b20dd54f1f9ed11ef9bf0cdddbb0fbbc532f3b6661b871cc2611a48c4454a6

SHA512
57224b169e075744d78438e17fcbe544ff9ea063a484ee2b11e38593c0d0cb552e37d9b348a05dd75bd0e2f1c6f2e559d2620fb3e7def5ea4ca815922c61b98b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46351.exe

Filesize
468KB

MD5
0ecb73b077ac3320dc0dd362e39252f4

SHA1
147640b5e69f24642c7c91df93652b40833fda6c

SHA256
e4129e3d9bc498a5423610f4c9928b9386349dc0292394a66354b31ed2b6e788

SHA512
124bb666fe79b7f7c7276bcdcd8562c571a5eeee64656c900abab8a166ed4fa4982de01aa43ec21134a3ab1ab70b09d419b760fd36286ee6ef0c09a3f569abdd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5648.exe

Filesize
468KB

MD5
09040083a4021d247cff6c05dc75b4d4

SHA1
984e9ae701886fb73d3a8ce7ef7a969b4c884c36

SHA256
90cee42beb8d3d1d52fbbceec57c505f458616d9a1f929a6b0b9eba177fb65e2

SHA512
a509fffe533763040956e71603085c77f8d87f7a22eb0f9be50d7e4773a95dcbef9f2a8fcc9e3b20df40a9bbdb7bce5e884e646cfa57f012a879759db590200a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9019.exe

Filesize
468KB

MD5
9a5a6a6e6d2d9ba9c2f1b8dcd1bd7a9a

SHA1
68d47810d5054c08fa4b7adc9074e15cafb6edc3

SHA256
a18f2684c361d743343300f6c055b2344fd7b1c4c00cb2d2569c54b74b0d4632

SHA512
79c68fcad0bb10e3044f8f3225659d2ceca24c085b60fd1cb5bf5d91373f3d5a05554bedb6d16bcd0dee2ee86031fefe1d053c9f950eafb64b863e83ee40ee60

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9223.exe

Filesize
468KB

MD5
eb3a60de6b038793c5883d7e6e597ffc

SHA1
56df3486597a0222244aac67f1cba22d31c72478

SHA256
1e96f5ec61f9f795925be2cb8831a4727faa09866c9fa219c7d05b533c6ad125

SHA512
a656c09a35f8c0dce7ff592384e6ed048d5a2f82dd9dd4d16371d6725b021b721daf7f16eb6ff20152b5b94f83c38f5d3e51dbe4e20133aff0eccb8400556375

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14863.exe

Filesize
468KB

MD5
55cae20f9273d863ba4db927be0674de

SHA1
535bb70f54c245ebdc1d91136e163d66a052f41b

SHA256
b8feb1187ec48b4c9aa3c876cf947a41d02601e6619090248a0f786ea846e4f4

SHA512
9a93127f2a2a7bc6c66db92a576b5dc8b65cc8e0cf1b10cabd808a847aac60d14d99ea5823e6c88f188d10dad581e9e664506ade4d162a6c0d2484e49e1b8905

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15149.exe

Filesize
468KB

MD5
829c924ff4002b5e2b07babaaf76fe63

SHA1
c268e8e0dc16a40675640019cab3b20c6cc1dad7

SHA256
428f25199e28bebf9e4725973446847ae7709229e8ce01a06a53982cddafa1d1

SHA512
5276ef6346dc79a4085d83c8a7577f6be5daf0d4d6f0739b1181941fb4fc8d025ec0b3115131be7894193ea40aea23ecd74d09273940009eb00b8826c345cd7e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17939.exe

Filesize
468KB

MD5
e68ca6cee48e45c377a2146e95b1bf03

SHA1
190e15fb750d58edd36e547cd5097b8db9bc7a6e

SHA256
9242fbf61c37d3e313e661d2704c1d58e45e831ac6fcb8d11e44e5b97dc839ba

SHA512
1d2c89a4fb58a76fbd28fd5fc6753afd1277413fb1df750607bae0eb8c12ccf0e220a78bad6f5277f850291c086ebda92625af4cadf28721891f27ad547cc0f5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21763.exe

Filesize
468KB

MD5
d463c1169185a04cb11095743882f523

SHA1
0ab25f783bdc8d0c7a25edc6626980b9b355a7b5

SHA256
46806ecca583ab2867da34dc2ef7d487629f558c9306a3852af2fd4faa475458

SHA512
edd94a42afe0f4e24033e9c58814eed75e6e1a66afc20131c124bd3b4a974dbea84f0810db1fdef1506b9ddcf251d921af5ce99ad176b8afc0db1173405eead7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23842.exe

Filesize
468KB

MD5
86c7378b6a220d2fe165609cf38febc1

SHA1
91d6260d10fe82ec2aba7a40c230e94043dea6e3

SHA256
20ce3e2144ee806102fdb6c9868cc4fcb90365fdbd28798b97c351fb58a9a56d

SHA512
8ca5aa8fdc2d2a86a4f4237e2d1533772ceec0c02e2614a22d8674883e3b73f550b78b37048d0ad8b3d760814e06fa708d23ac3a76d5154cf463e0f110a054ca

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2642.exe

Filesize
468KB

MD5
9429073aeda712893298b50781c7ece4

SHA1
88cb1ef406ae9dda901e64c45658edb13b2acf47

SHA256
af87642e5537c55602d38e89fdc4fdbe4e76b4b3a4c58e8f59e780e1f7b8b719

SHA512
d285794164c856b2fc8bf9cae8bf60ef88ac2afde8cddedbf28a34cc2e7214187b6a76a690356ef6191fa8b30ae793e7c887d5c9f591392f44e07e676c609e6c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26606.exe

Filesize
468KB

MD5
bd3c3fdc48d831fed0cf635c398b603a

SHA1
78a76b956f51bb0ddbcc3f6c4701a98915412d5f

SHA256
8e26fd749a8dbe46207078e98f1007cd522635155d53cd571c604488d4e0281d

SHA512
1af1b051cc60db77b461d474432c827b11b9947698c19ebf00eb88b0d86b90cb6be2d72791457491d1bfce697f4ca6de49404bdeecc49a6eee7ee99f06c296ec

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26824.exe

Filesize
468KB

MD5
051a0f9caf091c5f411b9f99e984da64

SHA1
356dcf557b90482fda6ffbf38d730d5297acd951

SHA256
7301e2e737b616b2e3dae646e109a61a32be20728a1ad590394b6adfa4fa8915

SHA512
2c9fcd75f183c5186baf9f4302ce80e923c73709011a7d457ec2dca56fb9b94be3c46f1c6d7c8a0cb74dfff12ea1e582315b95f75c5f6603137a71d54620c40b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26871.exe

Filesize
468KB

MD5
168b37e81e75a16002387e62b5cecfa5

SHA1
8c215cb1a9e70679e68903d90e7a48e82bcf25bf

SHA256
9917174411f31b0a98d72e5f3b9e30f735e731af8c1ecbe81f04e3d7106649e5

SHA512
3a42cb1c66da803d2f45904f6e228d7fe5251f3511b6940aaf22a372e39903fe01ca9bb9369026faaa75633e0fb8d2c9faea1f3991fc900432fda198f08be466

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34709.exe

Filesize
468KB

MD5
fcf984fb5dfb893c92cfcd0d236a7afa

SHA1
627a507ebc351d344f1602739b6f2d9d03555344

SHA256
636c6664b422c9abb7732107efd72a6ad2cd56df7eeea8e6ab1e06640ea5033c

SHA512
d9f8adae4216ae31c1a91e707218a0f60098c43237f587df6023947a758426ead51ef72fb0e0a4516a5ce45f231ff9fa99c496c06df03a602b638a6c303a546d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44129.exe

Filesize
468KB

MD5
cedc445e1925aabcae6b36a4ace9233f

SHA1
3615c29eddf8679341a6c8825016e285b64eb5b7

SHA256
6ed4ec7a55682d9bacad861ff156b1cd5222d6a75276aa928644d66e8ed81be3

SHA512
17cd3495a3939e0ac62444106d446827794b858c1adba6b2b288d81cd2c7fba8d4e3b58aa8aa1a5237a9fdb7eaf382b4ec87657b3881933b7462f717598e4c3f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50629.exe

Filesize
468KB

MD5
cf40bc4c6f5e473e54221714c4fbff9e

SHA1
97d998ef700e3bb0e6922b047fc8719467867f91

SHA256
c9a5ad2df5426e8c1900fe278a2fd0c5852853180959137347a0b97467c8f0a8

SHA512
c5751b0b30016d695ea1468539497112b39e5d053ab55596fd9ff5d324cba818789e17cfb03637dbb26f725bca620c1387a6bcd120732d29e075682f88d1e65b

Download Submit