3d8d2234fe9acd127e80c73318ea42ed6e1c380e05a061d2deaab930e19c5846

Analysis

max time kernel
147s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11/09/2024, 20:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3d8d2234fe9acd127e80c73318ea42ed6e1c380e05a061d2deaab930e19c5846.exe
Size

468KB
MD5

8edb3ac72c8452dac49be3545b484660
SHA1

929b0def9821b84f05640792d7e9613c79ee0ae2
SHA256

3d8d2234fe9acd127e80c73318ea42ed6e1c380e05a061d2deaab930e19c5846
SHA512

40ed14857a876232b37eb7adbe6cbcb50fbd3f6bbef3f80e5a314a7f9ace84112c17c830372d6a908d26477cbead318382a842dc5dac60989abebd0269e0a2d1
SSDEEP

3072:FbXdovI76Z5yubYjPYmhSf8g/EbCP3p0PmHexV2uiJI7md7crSly:FbNoVvyuIPrhSfFZeJiJ6O7cr

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
616	Unicorn-11939.exe
3004	Unicorn-62100.exe
3048	Unicorn-46319.exe
2772	Unicorn-8898.exe
2920	Unicorn-39625.exe
2692	Unicorn-62738.exe
2556	Unicorn-10936.exe
2584	Unicorn-11119.exe
2260	Unicorn-49199.exe
1448	Unicorn-22002.exe
1896	Unicorn-31851.exe
1660	Unicorn-32116.exe
1676	Unicorn-50490.exe
624	Unicorn-36754.exe
336	Unicorn-51802.exe
852	Unicorn-40104.exe
2868	Unicorn-8823.exe
2392	Unicorn-39450.exe
832	Unicorn-3156.exe
2032	Unicorn-29244.exe
1228	Unicorn-42050.exe
1724	Unicorn-14661.exe
1684	Unicorn-53556.exe
1948	Unicorn-48710.exe
932	Unicorn-29052.exe
1524	Unicorn-35174.exe
788	Unicorn-41304.exe
1072	Unicorn-41039.exe
808	Unicorn-1594.exe
1440	Unicorn-27381.exe
988	Unicorn-42133.exe
3052	Unicorn-8714.exe
2500	Unicorn-12890.exe
1540	Unicorn-23105.exe
2968	Unicorn-44080.exe
532	Unicorn-47609.exe
2660	Unicorn-33886.exe
2636	Unicorn-15512.exe
2684	Unicorn-29446.exe
2740	Unicorn-64521.exe
2752	Unicorn-33795.exe
2620	Unicorn-36487.exe
2704	Unicorn-56253.exe
2588	Unicorn-31657.exe
2980	Unicorn-930.exe
2992	Unicorn-50131.exe
1100	Unicorn-34349.exe
1788	Unicorn-17821.exe
528	Unicorn-47993.exe
2076	Unicorn-41863.exe
1968	Unicorn-12367.exe
1648	Unicorn-30841.exe
2600	Unicorn-33914.exe
2036	Unicorn-34179.exe
2804	Unicorn-11620.exe
2872	Unicorn-545.exe
1472	Unicorn-62005.exe
740	Unicorn-29410.exe
1556	Unicorn-15766.exe
1680	Unicorn-53914.exe
2824	Unicorn-35532.exe
948	Unicorn-51776.exe
1464	Unicorn-8532.exe
2276	Unicorn-8797.exe

Loads dropped DLL 64 IoCs

pid	Process
2892	3d8d2234fe9acd127e80c73318ea42ed6e1c380e05a061d2deaab930e19c5846.exe
2892	3d8d2234fe9acd127e80c73318ea42ed6e1c380e05a061d2deaab930e19c5846.exe
616	Unicorn-11939.exe
616	Unicorn-11939.exe
2892	3d8d2234fe9acd127e80c73318ea42ed6e1c380e05a061d2deaab930e19c5846.exe
2892	3d8d2234fe9acd127e80c73318ea42ed6e1c380e05a061d2deaab930e19c5846.exe
3048	Unicorn-46319.exe
3004	Unicorn-62100.exe
3048	Unicorn-46319.exe
3004	Unicorn-62100.exe
616	Unicorn-11939.exe
616	Unicorn-11939.exe
2892	3d8d2234fe9acd127e80c73318ea42ed6e1c380e05a061d2deaab930e19c5846.exe
2892	3d8d2234fe9acd127e80c73318ea42ed6e1c380e05a061d2deaab930e19c5846.exe
2920	Unicorn-39625.exe
2920	Unicorn-39625.exe
3004	Unicorn-62100.exe
3004	Unicorn-62100.exe
2556	Unicorn-10936.exe
2556	Unicorn-10936.exe
2892	3d8d2234fe9acd127e80c73318ea42ed6e1c380e05a061d2deaab930e19c5846.exe
2892	3d8d2234fe9acd127e80c73318ea42ed6e1c380e05a061d2deaab930e19c5846.exe
2772	Unicorn-8898.exe
2772	Unicorn-8898.exe
616	Unicorn-11939.exe
3048	Unicorn-46319.exe
616	Unicorn-11939.exe
3048	Unicorn-46319.exe
2584	Unicorn-11119.exe
2584	Unicorn-11119.exe
2920	Unicorn-39625.exe
2920	Unicorn-39625.exe
2260	Unicorn-49199.exe
2260	Unicorn-49199.exe
3004	Unicorn-62100.exe
3004	Unicorn-62100.exe
2692	Unicorn-62738.exe
2692	Unicorn-62738.exe
1448	Unicorn-22002.exe
1448	Unicorn-22002.exe
2556	Unicorn-10936.exe
2556	Unicorn-10936.exe
1896	Unicorn-31851.exe
1896	Unicorn-31851.exe
624	Unicorn-36754.exe
624	Unicorn-36754.exe
2892	3d8d2234fe9acd127e80c73318ea42ed6e1c380e05a061d2deaab930e19c5846.exe
2892	3d8d2234fe9acd127e80c73318ea42ed6e1c380e05a061d2deaab930e19c5846.exe
1676	Unicorn-50490.exe
1676	Unicorn-50490.exe
3048	Unicorn-46319.exe
1660	Unicorn-32116.exe
616	Unicorn-11939.exe
3048	Unicorn-46319.exe
1660	Unicorn-32116.exe
616	Unicorn-11939.exe
2772	Unicorn-8898.exe
2772	Unicorn-8898.exe
336	Unicorn-51802.exe
336	Unicorn-51802.exe
2584	Unicorn-11119.exe
2584	Unicorn-11119.exe
832	Unicorn-3156.exe
832	Unicorn-3156.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1652	2824	WerFault.exe	91

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30941.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35286.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25798.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61610.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35674.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19622.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2518.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7538.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47111.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11895.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55304.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33620.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21486.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9808.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54720.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38673.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8449.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56884.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53307.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16253.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13493.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15940.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10447.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15355.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15673.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44265.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31673.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12072.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23537.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29797.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63321.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1044.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11252.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62135.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31851.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53717.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1044.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30841.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34671.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37397.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40271.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11128.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58812.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61610.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53034.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61434.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21100.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29446.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55891.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59154.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41464.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51544.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24144.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6472.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31584.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63338.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30977.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13453.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22806.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15940.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29244.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52504.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30559.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25676.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2892	3d8d2234fe9acd127e80c73318ea42ed6e1c380e05a061d2deaab930e19c5846.exe
616	Unicorn-11939.exe
3004	Unicorn-62100.exe
3048	Unicorn-46319.exe
2920	Unicorn-39625.exe
2556	Unicorn-10936.exe
2772	Unicorn-8898.exe
2692	Unicorn-62738.exe
2584	Unicorn-11119.exe
2260	Unicorn-49199.exe
1448	Unicorn-22002.exe
1896	Unicorn-31851.exe
1676	Unicorn-50490.exe
624	Unicorn-36754.exe
1660	Unicorn-32116.exe
336	Unicorn-51802.exe
832	Unicorn-3156.exe
2392	Unicorn-39450.exe
2868	Unicorn-8823.exe
852	Unicorn-40104.exe
2032	Unicorn-29244.exe
1228	Unicorn-42050.exe
1684	Unicorn-53556.exe
1724	Unicorn-14661.exe
1948	Unicorn-48710.exe
932	Unicorn-29052.exe
1524	Unicorn-35174.exe
1072	Unicorn-41039.exe
808	Unicorn-1594.exe
788	Unicorn-41304.exe
1440	Unicorn-27381.exe
988	Unicorn-42133.exe
3052	Unicorn-8714.exe
2500	Unicorn-12890.exe
1540	Unicorn-23105.exe
2968	Unicorn-44080.exe
532	Unicorn-47609.exe
2660	Unicorn-33886.exe
2636	Unicorn-15512.exe
2684	Unicorn-29446.exe
2752	Unicorn-33795.exe
2620	Unicorn-36487.exe
2740	Unicorn-64521.exe
2704	Unicorn-56253.exe
2588	Unicorn-31657.exe
2980	Unicorn-930.exe
2992	Unicorn-50131.exe
1788	Unicorn-17821.exe
1100	Unicorn-34349.exe
528	Unicorn-47993.exe
2076	Unicorn-41863.exe
1968	Unicorn-12367.exe
1648	Unicorn-30841.exe
2600	Unicorn-33914.exe
2036	Unicorn-34179.exe
2804	Unicorn-11620.exe
1472	Unicorn-62005.exe
2872	Unicorn-545.exe
740	Unicorn-29410.exe
1556	Unicorn-15766.exe
1680	Unicorn-53914.exe
2824	Unicorn-35532.exe
948	Unicorn-51776.exe
1464	Unicorn-8532.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2892 wrote to memory of 616	2892	3d8d2234fe9acd127e80c73318ea42ed6e1c380e05a061d2deaab930e19c5846.exe	31
PID 2892 wrote to memory of 616	2892	3d8d2234fe9acd127e80c73318ea42ed6e1c380e05a061d2deaab930e19c5846.exe	31
PID 2892 wrote to memory of 616	2892	3d8d2234fe9acd127e80c73318ea42ed6e1c380e05a061d2deaab930e19c5846.exe	31
PID 2892 wrote to memory of 616	2892	3d8d2234fe9acd127e80c73318ea42ed6e1c380e05a061d2deaab930e19c5846.exe	31
PID 616 wrote to memory of 3004	616	Unicorn-11939.exe	32
PID 616 wrote to memory of 3004	616	Unicorn-11939.exe	32
PID 616 wrote to memory of 3004	616	Unicorn-11939.exe	32
PID 616 wrote to memory of 3004	616	Unicorn-11939.exe	32
PID 2892 wrote to memory of 3048	2892	3d8d2234fe9acd127e80c73318ea42ed6e1c380e05a061d2deaab930e19c5846.exe	33
PID 2892 wrote to memory of 3048	2892	3d8d2234fe9acd127e80c73318ea42ed6e1c380e05a061d2deaab930e19c5846.exe	33
PID 2892 wrote to memory of 3048	2892	3d8d2234fe9acd127e80c73318ea42ed6e1c380e05a061d2deaab930e19c5846.exe	33
PID 2892 wrote to memory of 3048	2892	3d8d2234fe9acd127e80c73318ea42ed6e1c380e05a061d2deaab930e19c5846.exe	33
PID 3048 wrote to memory of 2772	3048	Unicorn-46319.exe	34
PID 3048 wrote to memory of 2772	3048	Unicorn-46319.exe	34
PID 3048 wrote to memory of 2772	3048	Unicorn-46319.exe	34
PID 3048 wrote to memory of 2772	3048	Unicorn-46319.exe	34
PID 3004 wrote to memory of 2920	3004	Unicorn-62100.exe	35
PID 3004 wrote to memory of 2920	3004	Unicorn-62100.exe	35
PID 3004 wrote to memory of 2920	3004	Unicorn-62100.exe	35
PID 3004 wrote to memory of 2920	3004	Unicorn-62100.exe	35
PID 616 wrote to memory of 2692	616	Unicorn-11939.exe	36
PID 616 wrote to memory of 2692	616	Unicorn-11939.exe	36
PID 616 wrote to memory of 2692	616	Unicorn-11939.exe	36
PID 616 wrote to memory of 2692	616	Unicorn-11939.exe	36
PID 2892 wrote to memory of 2556	2892	3d8d2234fe9acd127e80c73318ea42ed6e1c380e05a061d2deaab930e19c5846.exe	37
PID 2892 wrote to memory of 2556	2892	3d8d2234fe9acd127e80c73318ea42ed6e1c380e05a061d2deaab930e19c5846.exe	37
PID 2892 wrote to memory of 2556	2892	3d8d2234fe9acd127e80c73318ea42ed6e1c380e05a061d2deaab930e19c5846.exe	37
PID 2892 wrote to memory of 2556	2892	3d8d2234fe9acd127e80c73318ea42ed6e1c380e05a061d2deaab930e19c5846.exe	37
PID 2920 wrote to memory of 2584	2920	Unicorn-39625.exe	38
PID 2920 wrote to memory of 2584	2920	Unicorn-39625.exe	38
PID 2920 wrote to memory of 2584	2920	Unicorn-39625.exe	38
PID 2920 wrote to memory of 2584	2920	Unicorn-39625.exe	38
PID 3004 wrote to memory of 2260	3004	Unicorn-62100.exe	39
PID 3004 wrote to memory of 2260	3004	Unicorn-62100.exe	39
PID 3004 wrote to memory of 2260	3004	Unicorn-62100.exe	39
PID 3004 wrote to memory of 2260	3004	Unicorn-62100.exe	39
PID 2556 wrote to memory of 1448	2556	Unicorn-10936.exe	40
PID 2556 wrote to memory of 1448	2556	Unicorn-10936.exe	40
PID 2556 wrote to memory of 1448	2556	Unicorn-10936.exe	40
PID 2556 wrote to memory of 1448	2556	Unicorn-10936.exe	40
PID 2892 wrote to memory of 1896	2892	3d8d2234fe9acd127e80c73318ea42ed6e1c380e05a061d2deaab930e19c5846.exe	41
PID 2892 wrote to memory of 1896	2892	3d8d2234fe9acd127e80c73318ea42ed6e1c380e05a061d2deaab930e19c5846.exe	41
PID 2892 wrote to memory of 1896	2892	3d8d2234fe9acd127e80c73318ea42ed6e1c380e05a061d2deaab930e19c5846.exe	41
PID 2892 wrote to memory of 1896	2892	3d8d2234fe9acd127e80c73318ea42ed6e1c380e05a061d2deaab930e19c5846.exe	41
PID 2772 wrote to memory of 1660	2772	Unicorn-8898.exe	42
PID 2772 wrote to memory of 1660	2772	Unicorn-8898.exe	42
PID 2772 wrote to memory of 1660	2772	Unicorn-8898.exe	42
PID 2772 wrote to memory of 1660	2772	Unicorn-8898.exe	42
PID 616 wrote to memory of 1676	616	Unicorn-11939.exe	43
PID 616 wrote to memory of 1676	616	Unicorn-11939.exe	43
PID 616 wrote to memory of 1676	616	Unicorn-11939.exe	43
PID 616 wrote to memory of 1676	616	Unicorn-11939.exe	43
PID 3048 wrote to memory of 624	3048	Unicorn-46319.exe	44
PID 3048 wrote to memory of 624	3048	Unicorn-46319.exe	44
PID 3048 wrote to memory of 624	3048	Unicorn-46319.exe	44
PID 3048 wrote to memory of 624	3048	Unicorn-46319.exe	44
PID 2584 wrote to memory of 336	2584	Unicorn-11119.exe	45
PID 2584 wrote to memory of 336	2584	Unicorn-11119.exe	45
PID 2584 wrote to memory of 336	2584	Unicorn-11119.exe	45
PID 2584 wrote to memory of 336	2584	Unicorn-11119.exe	45
PID 2920 wrote to memory of 852	2920	Unicorn-39625.exe	46
PID 2920 wrote to memory of 852	2920	Unicorn-39625.exe	46
PID 2920 wrote to memory of 852	2920	Unicorn-39625.exe	46
PID 2920 wrote to memory of 852	2920	Unicorn-39625.exe	46

C:\Users\Admin\AppData\Local\Temp\3d8d2234fe9acd127e80c73318ea42ed6e1c380e05a061d2deaab930e19c5846.exe
"C:\Users\Admin\AppData\Local\Temp\3d8d2234fe9acd127e80c73318ea42ed6e1c380e05a061d2deaab930e19c5846.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2892
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11939.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11939.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62100.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62100.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39625.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39625.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11119.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51802.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27381.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29410.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51366.exe
        9⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16728.exe
        10⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21034.exe
        10⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48854.exe
        10⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45772.exe
        9⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56010.exe
        9⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30559.exe
        9⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-647.exe
        9⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27592.exe
        9⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55891.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36012.exe
        9⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13453.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56010.exe
        8⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24144.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4145.exe
        8⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54611.exe
        8⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15766.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51366.exe
        8⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50074.exe
        9⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34116.exe
        9⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55304.exe
        9⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31673.exe
        9⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17048.exe
        9⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15355.exe
        8⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53717.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52504.exe
        8⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6472.exe
        8⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9526.exe
        8⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47182.exe
        7⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56629.exe
        8⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20753.exe
        7⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10796.exe
        7⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53034.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2007.exe
        7⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17471.exe
        7⤵
        
        PID:5380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42133.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53914.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47277.exe
        8⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47852.exe
        8⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61169.exe
        8⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23007.exe
        8⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27271.exe
        8⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11376.exe
        7⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16253.exe
        7⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15673.exe
        7⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11362.exe
        7⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6472.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12583.exe
        7⤵
        
        PID:6668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35532.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 240
        7⤵
        Program crash
        
        PID:1652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11734.exe
        6⤵
        
        PID:2228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13453.exe
        6⤵
        
        PID:3760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56010.exe
        6⤵
        
        PID:744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30559.exe
        6⤵
        
        PID:4996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47123.exe
        6⤵
        
        PID:5504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54611.exe
        6⤵
        
        PID:5912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40104.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33795.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42622.exe
        7⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10277.exe
        8⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47065.exe
        8⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46872.exe
        7⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16253.exe
        7⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15673.exe
        7⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59186.exe
        7⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43766.exe
        7⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59946.exe
        7⤵
        
        PID:6208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47261.exe
        6⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21486.exe
        7⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9808.exe
        7⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22165.exe
        7⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23007.exe
        7⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57998.exe
        7⤵
        
        PID:6064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63321.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22118.exe
        6⤵
        
        PID:3664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7008.exe
        6⤵
        
        PID:3120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11163.exe
        6⤵
        
        PID:4668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23537.exe
        6⤵
        
        PID:4860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53532.exe
        6⤵
        
        PID:5824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56253.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51366.exe
        6⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21486.exe
        7⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34116.exe
        7⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55304.exe
        7⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31673.exe
        7⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8996.exe
        7⤵
        
        PID:6128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13405.exe
        6⤵
        
        PID:2044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48407.exe
        6⤵
        
        PID:3580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10925.exe
        6⤵
        
        PID:4540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56583.exe
        6⤵
        
        PID:4768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19622.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58530.exe
        6⤵
        
        PID:6592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20374.exe
        5⤵
        
        PID:444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6058.exe
        5⤵
        
        PID:1020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63882.exe
        5⤵
        
        PID:3620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2790.exe
        5⤵
        
        PID:4496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35582.exe
        5⤵
        
        PID:4548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9822.exe
        5⤵
        
        PID:5756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35864.exe
        5⤵
        
        PID:6572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49199.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49199.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8823.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64521.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51366.exe
        7⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13323.exe
        8⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48216.exe
        7⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48407.exe
        7⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10925.exe
        7⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1044.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51737.exe
        7⤵
        
        PID:5332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8449.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39969.exe
        6⤵
        
        PID:3056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54272.exe
        6⤵
        
        PID:3584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35968.exe
        6⤵
        
        PID:4100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23537.exe
        6⤵
        
        PID:4888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7248.exe
        6⤵
        
        PID:6688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36487.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44376.exe
        6⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-687.exe
        7⤵
        
        PID:6364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2331.exe
        6⤵
        
        PID:824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16253.exe
        6⤵
        
        PID:3708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15673.exe
        6⤵
        
        PID:3856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42089.exe
        6⤵
        
        PID:4356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6472.exe
        6⤵
        
        PID:4956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12583.exe
        6⤵
        
        PID:6676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34737.exe
        5⤵
        
        PID:1688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44849.exe
        6⤵
        
        PID:5696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60800.exe
        6⤵
        
        PID:6536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-333.exe
        5⤵
        
        PID:1900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10796.exe
        5⤵
        
        PID:3468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28516.exe
        5⤵
        
        PID:3864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53034.exe
        5⤵
        
        PID:1564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2007.exe
        5⤵
        
        PID:5204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54611.exe
        5⤵
        
        PID:5632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39450.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39450.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15512.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20339.exe
        6⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4018.exe
        7⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61610.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17068.exe
        7⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11252.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15410.exe
        7⤵
        
        PID:5792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1620.exe
        6⤵
        
        PID:2640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15673.exe
        6⤵
        
        PID:3928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27698.exe
        6⤵
        
        PID:4692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6472.exe
        6⤵
        
        PID:4560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9526.exe
        6⤵
        
        PID:5988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24147.exe
        5⤵
        
        PID:108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16253.exe
        5⤵
        
        PID:3804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15673.exe
        5⤵
        
        PID:3624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13500.exe
        5⤵
        
        PID:4596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8610.exe
        5⤵
        
        PID:5400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15940.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29446.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29446.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60712.exe
        5⤵
        
        PID:2192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65284.exe
        6⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1481.exe
        7⤵
        
        PID:6728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2518.exe
        6⤵
        
        PID:3700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9808.exe
        6⤵
        
        PID:3208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44340.exe
        6⤵
        
        PID:4792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10447.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50258.exe
        6⤵
        
        PID:6864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6031.exe
        5⤵
        
        PID:660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16253.exe
        5⤵
        
        PID:3732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15673.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11362.exe
        5⤵
        
        PID:4436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6472.exe
        5⤵
        
        PID:5140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9526.exe
        5⤵
        
        PID:6012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31361.exe
      4⤵
      PID:1876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57775.exe
        5⤵
        
        PID:1248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65398.exe
        5⤵
        
        PID:3488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5060.exe
        5⤵
        
        PID:4480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65248.exe
        5⤵
        
        PID:4328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36157.exe
        5⤵
        
        PID:5820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41464.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19289.exe
      4⤵
      PID:1860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13983.exe
      4⤵
      PID:3748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51544.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44149.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44149.exe
      4⤵
      PID:4828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45988.exe
      4⤵
      PID:5432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59472.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59472.exe
      4⤵
      PID:5628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62738.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62738.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3156.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8714.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8797.exe
        6⤵
        Executes dropped EXE
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61434.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12072.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46607.exe
        7⤵
        
        PID:5320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61951.exe
        6⤵
        
        PID:2480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54272.exe
        6⤵
        
        PID:3536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35968.exe
        6⤵
        
        PID:5088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23537.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22806.exe
        6⤵
        
        PID:5600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42792.exe
        5⤵
        
        PID:2100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52129.exe
        6⤵
        
        PID:2668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34671.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47852.exe
        6⤵
        
        PID:4052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61169.exe
        6⤵
        
        PID:5116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23007.exe
        6⤵
        
        PID:5156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57998.exe
        6⤵
        
        PID:6068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33006.exe
        5⤵
        
        PID:2356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4766.exe
        5⤵
        
        PID:3256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51262.exe
        5⤵
        
        PID:4488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57113.exe
        5⤵
        
        PID:4520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15157.exe
        5⤵
        
        PID:5928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31664.exe
        5⤵
        
        PID:6532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12890.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51776.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42493.exe
        6⤵
        
        PID:4620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45648.exe
        6⤵
        
        PID:4564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38958.exe
        6⤵
        
        PID:5808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1128.exe
        6⤵
        
        PID:6488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62455.exe
        5⤵
        
        PID:3640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7538.exe
        5⤵
        
        PID:3900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35286.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37711.exe
        5⤵
        
        PID:5800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47111.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8532.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8532.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11895.exe
        5⤵
        
        PID:2996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52735.exe
        5⤵
        
        PID:3360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7008.exe
        5⤵
        
        PID:4056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6887.exe
        5⤵
        
        PID:4928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60486.exe
        5⤵
        
        PID:5456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59946.exe
        5⤵
        
        PID:6264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25798.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61557.exe
      4⤵
      PID:1908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45582.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45582.exe
      4⤵
      PID:3648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31503.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31503.exe
      4⤵
      PID:4136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62209.exe
      4⤵
      PID:5264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58812.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58812.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50490.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50490.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29052.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29052.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30841.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34729.exe
        5⤵
        
        PID:1980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62135.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1620.exe
        5⤵
        
        PID:2984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15673.exe
        5⤵
        
        PID:3904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35674.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51589.exe
        5⤵
        
        PID:5512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15940.exe
        5⤵
        
        PID:5772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13222.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13222.exe
      4⤵
      PID:2532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21220.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21220.exe
      4⤵
      PID:2604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56010.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56010.exe
      4⤵
      PID:2468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30559.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38955.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38955.exe
      4⤵
      PID:5472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54611.exe
      4⤵
      PID:5680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41039.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41039.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11620.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51366.exe
        5⤵
        
        PID:1140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36873.exe
        6⤵
        
        PID:6040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31584.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60660.exe
        5⤵
        
        PID:1744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48407.exe
        5⤵
        
        PID:3564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52504.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6472.exe
        5⤵
        
        PID:5172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9526.exe
        5⤵
        
        PID:5952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31500.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31500.exe
      4⤵
      PID:1456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63338.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2518.exe
        5⤵
        
        PID:3812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9808.exe
        5⤵
        
        PID:3860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35186.exe
        5⤵
        
        PID:4460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2587.exe
        5⤵
        
        PID:5520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64412.exe
        5⤵
        
        PID:6192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29880.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29880.exe
      4⤵
      PID:2956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22118.exe
      4⤵
      PID:3684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7008.exe
      4⤵
      PID:3248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13493.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13493.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3117.exe
      4⤵
      PID:5528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59946.exe
      4⤵
      PID:6256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62005.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62005.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9565.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9565.exe
      4⤵
      PID:2352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37968.exe
        5⤵
        
        PID:5992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4475.exe
        5⤵
        
        PID:5300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24889.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24889.exe
      4⤵
      PID:1160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2549.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2549.exe
      4⤵
      PID:3192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40724.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40724.exe
      4⤵
      PID:3924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59186.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59186.exe
      4⤵
      PID:4772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43766.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43766.exe
      4⤵
      PID:6084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59946.exe
      4⤵
      PID:6240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15402.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15402.exe
    3⤵
    PID:1224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57735.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57735.exe
    3⤵
    PID:2256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49302.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49302.exe
    3⤵
    PID:3400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41461.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41461.exe
    3⤵
    PID:4468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34447.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34447.exe
    3⤵
    PID:4764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51823.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51823.exe
    3⤵
    PID:5324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55465.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55465.exe
    3⤵
    PID:6340
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8898.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8898.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32116.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32116.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41304.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31657.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1013.exe
        7⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38537.exe
        8⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21570.exe
        9⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42621.exe
        8⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7008.exe
        8⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11163.exe
        8⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23537.exe
        8⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22806.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14479.exe
        7⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33495.exe
        8⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15355.exe
        7⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53717.exe
        7⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52504.exe
        7⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6472.exe
        7⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9526.exe
        7⤵
        
        PID:6036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49399.exe
        6⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55824.exe
        7⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61610.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16300.exe
        7⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33811.exe
        7⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15410.exe
        7⤵
        
        PID:5672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60607.exe
        6⤵
        
        PID:1012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59421.exe
        6⤵
        
        PID:3200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24188.exe
        6⤵
        
        PID:3420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10714.exe
        6⤵
        
        PID:4568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22235.exe
        6⤵
        
        PID:6100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54611.exe
        6⤵
        
        PID:6124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34349.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64324.exe
        6⤵
        
        PID:2360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2518.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9808.exe
        6⤵
        
        PID:2156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22165.exe
        6⤵
        
        PID:4572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23007.exe
        6⤵
        
        PID:5180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57998.exe
        6⤵
        
        PID:6112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29797.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22118.exe
        5⤵
        
        PID:3608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7008.exe
        5⤵
        
        PID:3468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13493.exe
        5⤵
        
        PID:5000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5982.exe
        5⤵
        
        PID:5868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23392.exe
        5⤵
        
        PID:6844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1594.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50131.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25897.exe
        6⤵
        
        PID:680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2518.exe
        6⤵
        
        PID:3692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9808.exe
        6⤵
        
        PID:3240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22934.exe
        6⤵
        
        PID:4308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37397.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64412.exe
        6⤵
        
        PID:6184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45419.exe
        5⤵
        
        PID:3040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62243.exe
        6⤵
        
        PID:1592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47852.exe
        6⤵
        
        PID:4008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61169.exe
        6⤵
        
        PID:5040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23007.exe
        6⤵
        
        PID:4376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57998.exe
        6⤵
        
        PID:5884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15355.exe
        5⤵
        
        PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7008.exe
        5⤵
        
        PID:4076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6887.exe
        5⤵
        
        PID:4900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5982.exe
        5⤵
        
        PID:5860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23392.exe
        5⤵
        
        PID:6836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41863.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30941.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48486.exe
        5⤵
        
        PID:3112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22610.exe
        5⤵
        
        PID:4332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44122.exe
        5⤵
        
        PID:4880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25529.exe
        5⤵
        
        PID:5304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56628.exe
        5⤵
        
        PID:6352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65019.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65019.exe
      4⤵
      PID:1436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13453.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13453.exe
      4⤵
      PID:3676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56010.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56010.exe
      4⤵
      PID:3280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30559.exe
      4⤵
      PID:5024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16397.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16397.exe
      4⤵
      PID:5536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54611.exe
      4⤵
      PID:5732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36754.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36754.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53556.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53556.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47993.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28315.exe
        6⤵
        
        PID:2068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26233.exe
        6⤵
        
        PID:2176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48407.exe
        6⤵
        
        PID:3568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10925.exe
        6⤵
        
        PID:4552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1044.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51737.exe
        6⤵
        
        PID:5396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8449.exe
        5⤵
        
        PID:1740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11128.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51947.exe
        5⤵
        
        PID:2732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45052.exe
        5⤵
        
        PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35968.exe
        5⤵
        
        PID:5096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23537.exe
        5⤵
        
        PID:4744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7248.exe
        5⤵
        
        PID:6660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12367.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12367.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1776.exe
        5⤵
        
        PID:2816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2518.exe
        5⤵
        
        PID:3596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9808.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63006.exe
        5⤵
        
        PID:4660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59956.exe
        5⤵
        
        PID:5440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64412.exe
        5⤵
        
        PID:6200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59154.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59154.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21486.exe
        5⤵
        
        PID:3124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34116.exe
        5⤵
        
        PID:3996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55304.exe
        5⤵
        
        PID:5080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31673.exe
        5⤵
        
        PID:4292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8996.exe
        5⤵
        
        PID:5236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21220.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21220.exe
      4⤵
      PID:1280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45052.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45052.exe
      4⤵
      PID:3940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35968.exe
      4⤵
      PID:4192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25676.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25676.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59946.exe
      4⤵
      PID:6232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35174.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35174.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33914.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33914.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11895.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11895.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58957.exe
      4⤵
      PID:3388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53717.exe
      4⤵
      PID:3968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52504.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52504.exe
      4⤵
      PID:4108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6472.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6472.exe
      4⤵
      PID:5132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9526.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9526.exe
      4⤵
      PID:6024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10422.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10422.exe
    3⤵
    PID:2700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13380.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13380.exe
      4⤵
      PID:4844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40271.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40271.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61557.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61557.exe
    3⤵
    PID:1720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51544.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51544.exe
    3⤵
    PID:2332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62624.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62624.exe
    3⤵
    PID:4916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37820.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37820.exe
    3⤵
    PID:5464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31076.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31076.exe
    3⤵
    PID:5880
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10936.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10936.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22002.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22002.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29244.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29244.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23105.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48268.exe
        6⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36271.exe
        7⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19005.exe
        7⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54007.exe
        7⤵
        
        PID:5356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11376.exe
        6⤵
        
        PID:1276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16253.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15673.exe
        6⤵
        
        PID:3872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59186.exe
        6⤵
        
        PID:4716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31514.exe
        6⤵
        
        PID:6132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59946.exe
        6⤵
        
        PID:6248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59129.exe
        5⤵
        
        PID:1536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50749.exe
        6⤵
        
        PID:3308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19093.exe
        6⤵
        
        PID:4980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62756.exe
        6⤵
        
        PID:5448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24076.exe
        6⤵
        
        PID:5684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25111.exe
        5⤵
        
        PID:1928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22118.exe
        5⤵
        
        PID:3820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7008.exe
        5⤵
        
        PID:3228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24183.exe
        5⤵
        
        PID:4832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37736.exe
        5⤵
        
        PID:6000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59946.exe
        5⤵
        
        PID:6224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44080.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62658.exe
        5⤵
        
        PID:1584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61434.exe
        6⤵
        
        PID:4296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12072.exe
        6⤵
        
        PID:5248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18210.exe
        6⤵
        
        PID:5292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27140.exe
        5⤵
        
        PID:2124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23546.exe
        5⤵
        
        PID:3844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2260.exe
        5⤵
        
        PID:4512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40047.exe
        5⤵
        
        PID:4688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36688.exe
        5⤵
        
        PID:5848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36999.exe
        5⤵
        
        PID:6560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40192.exe
      4⤵
      PID:2212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45518.exe
        5⤵
        
        PID:3880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61610.exe
        5⤵
        
        PID:1732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16300.exe
        5⤵
        
        PID:4608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31673.exe
        5⤵
        
        PID:5164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8996.exe
        5⤵
        
        PID:5312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30977.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30977.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13453.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13453.exe
      4⤵
      PID:3796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56010.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56010.exe
      4⤵
      PID:2944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30559.exe
      4⤵
      PID:5048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30595.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30595.exe
      4⤵
      PID:5544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54611.exe
      4⤵
      PID:5788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42050.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42050.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47609.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47609.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9565.exe
        5⤵
        
        PID:1932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24889.exe
        5⤵
        
        PID:412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45052.exe
        5⤵
        
        PID:3888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35968.exe
        5⤵
        
        PID:3428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25676.exe
        5⤵
        
        PID:5584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59946.exe
        5⤵
        
        PID:6216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21002.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21002.exe
      4⤵
      PID:1232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23490.exe
        5⤵
        
        PID:6120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14200.exe
        5⤵
        
        PID:6832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60005.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60005.exe
      4⤵
      PID:1800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53209.exe
        5⤵
        
        PID:6080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47921.exe
        5⤵
        
        PID:7088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19461.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19461.exe
      4⤵
      PID:3480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2260.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2260.exe
      4⤵
      PID:4504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40047.exe
      4⤵
      PID:4444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30206.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30206.exe
      4⤵
      PID:5388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33886.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33886.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50214.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50214.exe
      4⤵
      PID:1936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10754.exe
        5⤵
        
        PID:4704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57189.exe
        5⤵
        
        PID:5604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18210.exe
        5⤵
        
        PID:5340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37106.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37106.exe
      4⤵
      PID:3272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7538.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14674.exe
      4⤵
      PID:4800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33620.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58812.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58812.exe
      4⤵
      PID:6280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31475.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31475.exe
    3⤵
    PID:2168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43380.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43380.exe
      4⤵
      PID:4024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61610.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61610.exe
      4⤵
      PID:1616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44889.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44889.exe
      4⤵
      PID:4344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31673.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31673.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8996.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8996.exe
      4⤵
      PID:5256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41663.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41663.exe
    3⤵
    PID:2284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59951.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59951.exe
    3⤵
    PID:3176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40143.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40143.exe
    3⤵
    PID:3552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49385.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49385.exe
    3⤵
    PID:4652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21100.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21100.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31076.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31076.exe
    3⤵
    PID:5900
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31851.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31851.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14661.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14661.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-930.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-930.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50593.exe
        5⤵
        
        PID:1516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62221.exe
        5⤵
        
        PID:3212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49389.exe
        5⤵
        
        PID:1572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10184.exe
        5⤵
        
        PID:4612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26700.exe
        5⤵
        
        PID:5980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15940.exe
        5⤵
        
        PID:5592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57671.exe
      4⤵
      PID:2196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16253.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16253.exe
      4⤵
      PID:3784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15673.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15673.exe
      4⤵
      PID:2412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35674.exe
      4⤵
      PID:4820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20862.exe
      4⤵
      PID:5552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15940.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17821.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17821.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44568.exe
      4⤵
      PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41585.exe
        5⤵
        
        PID:4464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32408.exe
        5⤵
        
        PID:6316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8553.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8553.exe
      4⤵
      PID:2864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16253.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16253.exe
      4⤵
      PID:3716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15673.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15673.exe
      4⤵
      PID:3836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57113.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57113.exe
      4⤵
      PID:4424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15157.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15157.exe
      4⤵
      PID:5840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31664.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31664.exe
      4⤵
      PID:6544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32215.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32215.exe
    3⤵
    PID:2652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5378.exe
      4⤵
      PID:5768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47153.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47153.exe
      4⤵
      PID:6712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28154.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28154.exe
    3⤵
    PID:3064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42885.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42885.exe
    3⤵
    PID:3180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26864.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26864.exe
    3⤵
    PID:3444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54720.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54720.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47626.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47626.exe
    3⤵
    PID:5968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58812.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58812.exe
    3⤵
    PID:5888
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48710.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48710.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34179.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34179.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34729.exe
      4⤵
      PID:1656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2337.exe
        5⤵
        
        PID:4932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15004.exe
        5⤵
        
        PID:4872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54007.exe
        5⤵
        
        PID:5364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1620.exe
      4⤵
      PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47852.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47852.exe
      4⤵
      PID:4020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61169.exe
      4⤵
      PID:4124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25145.exe
      4⤵
      PID:5568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64412.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64412.exe
      4⤵
      PID:6168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14863.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14863.exe
    3⤵
    PID:2064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21486.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21486.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34116.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34116.exe
      4⤵
      PID:4000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55304.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55304.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31673.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31673.exe
      4⤵
      PID:4864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8996.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8996.exe
      4⤵
      PID:5876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15355.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15355.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53717.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53717.exe
    3⤵
    PID:3960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52504.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52504.exe
    3⤵
    PID:4144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8610.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8610.exe
    3⤵
    PID:5424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15940.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15940.exe
    3⤵
    PID:4260
- C:\Users\Admin\AppData\Local\Temp\Unicorn-545.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-545.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53307.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53307.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20857.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20857.exe
    3⤵
    PID:3920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61169.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61169.exe
    3⤵
    PID:4116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25145.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25145.exe
    3⤵
    PID:5576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64412.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64412.exe
    3⤵
    PID:6176
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56884.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56884.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3017.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3017.exe
    3⤵
    PID:6444
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57989.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57989.exe
  2⤵
  PID:3828
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46209.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46209.exe
  2⤵
  PID:3108
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44265.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44265.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4748
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38673.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38673.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4804
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6461.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6461.exe
  2⤵
  PID:5940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10936.exe

Filesize
468KB

MD5
66c4c5040f5d1dc442e2df657406a504

SHA1
8d7570a022696a3c389b23b867cfac4512ec0a3e

SHA256
04a5618ac9ad988475f845094056fe7b2533d599f4bc4606eee78582d0fff8e6

SHA512
661d960e5567982e66e83a254a3b27ae903b40d65050cf6d4ddd03500437883f0723c9977491106c0f6a5f2ecde20be78fb7719b7a8912f6cbf508e91159b836

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11119.exe

Filesize
468KB

MD5
f6ae6568c125e0ff53fd2269e855907f

SHA1
5c415f44179aed59bf0b4a0b60220306c75315ad

SHA256
b28e22d121e559d2f8d91c1f6875d2844aeb58e0d81ab8fddaf8d00a737e3190

SHA512
7da54cf528c47f558e2c5c069ac067e356558270411835b233fe8f3a442ebc4028ece54e5c805c6f80413cc3c3a02a3509cee0c4b6c17aafe3afb1dabb539bfc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22002.exe

Filesize
468KB

MD5
98ad9a653038ba3a281a6a1961d94e57

SHA1
b67cf6df78e5225be3eaed3f9f0b74ad696e69b0

SHA256
c39d92e2254c8d24bc42131bac2e35b067cac765948de7ffedf2eaa2d376c1e9

SHA512
abbfc68d890919d85b3175eb90ca136a7340beb586b13db09f0fc21c3b401106b0e8dc95f8a6e30acd69081f827f9b8ea33efaea06b97ce7b3849521846ca69e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2790.exe

Filesize
468KB

MD5
f0fab7ef1f75216f496256b85415b511

SHA1
0a87070c57df414a1aa30fcc3bed6a418e252a6a

SHA256
747eb0e6c3e2d0a0d29ec901716e4ee6453a9b49f1e659ab02e4568f971dc745

SHA512
011ecd5f715303fe46e7c33e021ab7267257f241b92968caf9f3a72b2350c67974d5f59509c2dc8441e68b07b6194f6b4a115d5fc0f2d837a3d21bb6b4c3895d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31584.exe

Filesize
468KB

MD5
277a083cc34f1b9cb6e62384df76bf40

SHA1
d86ab8da05c579c13e69c163faf7602baa7c1ead

SHA256
7744e781b1b2f3414c641ea3173d473cf2bec28290232d600ecd09f14da4cb08

SHA512
cab1939186f9dd2fb0b34eafedd9f10b40677bfa4c97b8245e0eeab4c141ff720558c8253a9fa745961507ca9e1c134b07a52592293e3c8cd4a20d4619c81522

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36271.exe

Filesize
468KB

MD5
002c7214c8df42eee8d5429eecc10501

SHA1
d73f83201638a04782c5d50d4bf8fa05c74686e6

SHA256
469b828b4fc5d5560fc29c5f839e43c5659af55b795a0a56d9efedb5d074fb46

SHA512
29a60799b30c86fa59a8b1918fc3a359550e308c41430e0c3b8a851c67df0cd903ca071ac41d2e844cc6974b029555b855b01bd89d01193955bdf99c19ef69eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62738.exe

Filesize
468KB

MD5
b7e67e67f455ac82888d6569e8ede7cc

SHA1
932effb5b0f57fa38b235d9c90a19d2d8c7141d3

SHA256
fa1d56d364a27e80a4fe4b88541d91cba1ec2bcae675fc165be66e33170aed36

SHA512
b88d0bd9ed4fa816d44aed8a4e6fd9f2ba8a1f1323e16825bee766f79ec9ac135dc01ab9ae6cad6fb01a61707bad49e78b3d16baedebd930ed4b69d485e1ef06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-647.exe

Filesize
468KB

MD5
415263b036ff879da1a335a42e933ae8

SHA1
f98d7f4d385945b75407e06d533626ac174bdec1

SHA256
db975309efe3daa960d8bb91ca4e25f3e8228bf40716e7fd899c053efb3ef908

SHA512
fa79f2c82ad36760c20a460137bdbf500b394feb90265bdf3f08feed27aec6bb19cfcd080a138a7667b4c8d9a5e2a564686a8cecbec8501ae77846e1fe2e55a6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11939.exe

Filesize
468KB

MD5
b8b5bb6fb6e8d7fc8042ccbbbef9be81

SHA1
fd1956118ad08ed4726c57915169afc20767fa21

SHA256
cd0e47204c5cb9d1125d4511d8e1a31c77d345dc72033c792d4f5287a576083b

SHA512
bda0c8f98279d5e35581b39571cf2f40ae178100020cf5ac95f966f731ec87132a693be734518d7b6211cae243faaf2c3f203b6c87acd03d892292c1001b5bad

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3156.exe

Filesize
468KB

MD5
fc0317c23f11a1a2e09ed6cdf88ccaa3

SHA1
db43b9d75ffe5a4b97e66542017f16d6ce98589c

SHA256
dd6ccfbbf0f07dd823dda1dcc924eef3677d8eaef9ca580fdaa9aaa26981004f

SHA512
a3faff8956bd5f23909787b59fdee3c509ef151445ac48c651916903a2ed2e6ac529ac5684e2671b7b7295a15535233dfac8dc8baaac21d5792dda265e4fd2cb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31851.exe

Filesize
468KB

MD5
ecaf371a2d2b8b8dedb18879ce9ff287

SHA1
df40edb1c7927c055dc3194f2998b96e2dbf0db0

SHA256
6844d01f88610c01b1d81ff1bd234d3dbbf5f82bec6720220b4ea87c7c6da5bf

SHA512
89c34f12801068b861a86bf2c965c7395e13e4e81cfafc567c9cb57b98bfbe3fea2844f60106fa46ce514528ef97fe227e07642bc36c81e9b81ed5c12a3af5ef

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32116.exe

Filesize
468KB

MD5
f07b5f67581cb209d2ac1db682c3f992

SHA1
8896f89e288e836d2b9744604387ff972521c323

SHA256
43a0abcafdd804c8f8279063ae8eeefa11cf68c9cca3d6fea29a643ca8f97c06

SHA512
45510e43424b25ca95bd352019e18be4d29eabcf089869ad63ea7b33badc036c6dc1c8410792ebea6311b51aa8706005be568fc9e966015a3f6cf8c102102bf7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36754.exe

Filesize
468KB

MD5
b7c0c65b22a028f23c3eb18751892c51

SHA1
3effe5a04f807b8bd1f2c019205c7cd23d34fdbe

SHA256
7cb2250a86ffabb9128548a3286a2c7b26fb36738d766a991820629ff6d57f2a

SHA512
0847af944fca3c1cc22aebe32a11daf1daade57a9b9b6c281af44402175df2a49e618ad55981b8a5758cc3c785ec2be903505c7fe86707765ade1e76c5832f15

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39450.exe

Filesize
468KB

MD5
0ca772969a062fa7d58fb355612c2d74

SHA1
45c11c2ac11fbc9b0b8467df167a69f465df0b79

SHA256
12ae174534b6d39fa8dc28c60b6adeef3596e919eaff9292647edfe99a8076f5

SHA512
ad9800daf19df7ac87af82b1da75db71d52e78d688b9cbdb9f9574e73592db4f9ad62f85808d79bee55ed9a5f68b6b6e26be2c0b6e1dd74446e36db72aef6412

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39625.exe

Filesize
468KB

MD5
21a0d2a192277671f19f09a149f2d604

SHA1
9692d59a0cfb02e811727d33a9511542822c7b1e

SHA256
625beada7410951f0bff0afd3b132b7df747fcac648165379142a98c35de8f63

SHA512
df7b9ec475c211a623e1815fa72edfbd97eca904f1817eb00a368d81f9018dd1ff794e7d89f097006305cdb7e5bf0929f0de0f96f488148163110e91fa0000de

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40104.exe

Filesize
468KB

MD5
087494d59e2be626bed6bb50d29f3b3f

SHA1
296c750724e9c719082b88a9f0b37cbed2e19381

SHA256
61f2919ecab9769b9103f65d86ce778f4dce2ec9760b81db5f37b5131ba8788a

SHA512
23cd66f64460cc815fa810cd9b4dd05a419061a894f36b3c7ff7831c07713bbf166ce45ecd73935925eb15de8da84d0812ca2a1f1397f5930668319bac0182b2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe

Filesize
468KB

MD5
4361251b4b0132880bb60020af29d31e

SHA1
aacd9c81c4f05c32e4f99dedf4dc7c6ce1bcc72f

SHA256
b77238a7891e690659f1e3986163549dea0d9307c39bd547d30b08d4f9d23696

SHA512
44147bc89ca2ee1a7cc4ee787235468666866a951bf75f95ac840f1731fe66542aa989b212d27b7b5ccdf2139b181c67c0b27bd7a1f0691fde83df627088a097

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49199.exe

Filesize
468KB

MD5
d2d94c5e17b250acb72224e0e5d35f1e

SHA1
9eb255319c79d1f80f91702eee5724f88612072b

SHA256
2b04e5c9bd6a34221cc5a184a191fe3dbeb278222189cf2a9741e28f7794b899

SHA512
d8fa892bc74299de5372d4036dcec39cdbee0ee7ff9344af689b5ddb4415dc43e26ca913249cf237c42108b5501756143b2ee31357184974e3d4ef340617f295

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50490.exe

Filesize
468KB

MD5
9c92f21f8b3d1716bede058c9481ddf3

SHA1
f2ff177741514484b88d13519ac3bc14244952ca

SHA256
cfb26ea7cbfb5d9c96105f8850be8851770dd6df66060a9fcb767e2b480ae35c

SHA512
0b9f083daf78cfba6e6fd765eba3b572bed3eb0f92966ed08933c47d2a680b606c8f8a5bd30348a7443f308bee1969aad5a896b72ac0676e4329b463210ec7be

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51802.exe

Filesize
468KB

MD5
c51b3c6ca36ade54cc555b8758f18439

SHA1
fe083be2d0abda2200cdb9ba225f4d4bb2a94aa2

SHA256
63f6620b3b13b94de3474e1ff4779283dd6b5962c5260af0abd74241e61e445b

SHA512
9d0b044df40f82b81046882809ba4e732a9a37b3bc3ef9b75bb90e73aa7f1bf03e49d1d425fa76a11484d0146193bc93112d6c3fd28618c4e1234bb2080e19bf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62100.exe

Filesize
468KB

MD5
1cc8ea6f7751416ec37ef44405232e2a

SHA1
4c0005120ad03c00be3d8ac3155338f5787793c0

SHA256
a1d418bf545fa39781274935e7502f82705947e690b0bd1ed422ad40086e8c40

SHA512
2ca31511f49a20de40c6bcaa52189310cea8096b88536886f0e58b2d6938e90a84f20bcf044121d7a8e05a80a4927e054a4480ed50db85f6ff6ffcda08f827be

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8823.exe

Filesize
468KB

MD5
852dd4b891dd5a7559321ddbfe7c4f23

SHA1
74b0ad4557c7f72e534e39cdee6c2938217a4a73

SHA256
7877bd64afc3b3a27fa3c1d98c77e41b53f8075491149c82aec1fa72fc80c1c9

SHA512
9ccf1367ec4f9bd596e2a43b01d466654f6ec5c0a5e0bd037862995504e90194c74304f55afb7332f3ded3ba70f751d23c25c5bb92f57d22163738998c999530

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8898.exe

Filesize
468KB

MD5
ec66a74fbf413bb7b6468817d3e3479d

SHA1
95778f9af53fe8e0a095f1a4e16d979c2906482f

SHA256
8810feb0407ccff727d23793cce658b6bfbae53b98a0510b80de51bea98326ba

SHA512
d2883defc4b19cf98d0c524eee5dbe2537b00d0d6997165502340d922b97577aea7a4a97b648b0b3631edeb1a0a50299350d615e080883a93bee617457afaa7e

Download Submit