5b483d51eb29ab84902db3df07ffcb7f775a274dbd1fe4385adb283fe2aae1e8

Analysis

max time kernel
120s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 04:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5b483d51eb29ab84902db3df07ffcb7f775a274dbd1fe4385adb283fe2aae1e8N.exe
Size

468KB
MD5

ea18cd6647f25b2383a4c2d2bcde7770
SHA1

e8a85a08486412bfb2c7051afcc785c41cde0018
SHA256

5b483d51eb29ab84902db3df07ffcb7f775a274dbd1fe4385adb283fe2aae1e8
SHA512

ca481b9d44671ff9a02a3ca4cbdccc1751229ce914aaa968dc896ab91d3ac5aa21c3004c99ea228d0f1d2a9688ed9219637a837ba3ffe004021750fe8b289f75
SSDEEP

3072:W+dSogdEIc5AHbYbofdcffkwAnIBHhnLJEH0gdSd1nmIFDGDqefe:W+UoE0AHwo1cfffJnR1nrJGDq

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1524	Unicorn-53664.exe
2328	Unicorn-43986.exe
2340	Unicorn-49694.exe
2824	Unicorn-1656.exe
2868	Unicorn-51926.exe
2736	Unicorn-32060.exe
1776	Unicorn-13123.exe
2320	Unicorn-18320.exe
1288	Unicorn-30166.exe
1884	Unicorn-1023.exe
876	Unicorn-33888.exe
2896	Unicorn-27757.exe
1936	Unicorn-19113.exe
1792	Unicorn-38714.exe
2916	Unicorn-38167.exe
2940	Unicorn-19562.exe
2536	Unicorn-54311.exe
1844	Unicorn-50206.exe
2188	Unicorn-63941.exe
3044	Unicorn-7222.exe
376	Unicorn-40014.exe
1984	Unicorn-39895.exe
1772	Unicorn-46917.exe
1916	Unicorn-55847.exe
1336	Unicorn-10408.exe
1976	Unicorn-30274.exe
3036	Unicorn-13361.exe
2448	Unicorn-26360.exe
2252	Unicorn-23759.exe
1964	Unicorn-62614.exe
1328	Unicorn-32572.exe
2028	Unicorn-19766.exe
1716	Unicorn-29587.exe
1956	Unicorn-35142.exe
1516	Unicorn-30351.exe
2268	Unicorn-17279.exe
2852	Unicorn-17545.exe
3024	Unicorn-65328.exe
2720	Unicorn-36185.exe
2772	Unicorn-35801.exe
2084	Unicorn-48800.exe
1780	Unicorn-9958.exe
1292	Unicorn-35417.exe
768	Unicorn-37036.exe
380	Unicorn-30905.exe
572	Unicorn-11186.exe
1760	Unicorn-53180.exe
2576	Unicorn-53180.exe
2840	Unicorn-13417.exe
2900	Unicorn-19548.exe
1140	Unicorn-65219.exe
1324	Unicorn-38764.exe
2996	Unicorn-18898.exe
2392	Unicorn-32633.exe
2548	Unicorn-1109.exe
2784	Unicorn-3413.exe
2148	Unicorn-33549.exe
1372	Unicorn-48852.exe
2968	Unicorn-36237.exe
1896	Unicorn-12317.exe
2460	Unicorn-63735.exe
2208	Unicorn-18064.exe
824	Unicorn-1955.exe
1960	Unicorn-36320.exe

Loads dropped DLL 64 IoCs

pid	Process
2384	5b483d51eb29ab84902db3df07ffcb7f775a274dbd1fe4385adb283fe2aae1e8N.exe
2384	5b483d51eb29ab84902db3df07ffcb7f775a274dbd1fe4385adb283fe2aae1e8N.exe
1524	Unicorn-53664.exe
2384	5b483d51eb29ab84902db3df07ffcb7f775a274dbd1fe4385adb283fe2aae1e8N.exe
2384	5b483d51eb29ab84902db3df07ffcb7f775a274dbd1fe4385adb283fe2aae1e8N.exe
1524	Unicorn-53664.exe
2328	Unicorn-43986.exe
2328	Unicorn-43986.exe
1524	Unicorn-53664.exe
1524	Unicorn-53664.exe
2340	Unicorn-49694.exe
2340	Unicorn-49694.exe
2384	5b483d51eb29ab84902db3df07ffcb7f775a274dbd1fe4385adb283fe2aae1e8N.exe
2384	5b483d51eb29ab84902db3df07ffcb7f775a274dbd1fe4385adb283fe2aae1e8N.exe
2824	Unicorn-1656.exe
2824	Unicorn-1656.exe
2328	Unicorn-43986.exe
2328	Unicorn-43986.exe
2736	Unicorn-32060.exe
2736	Unicorn-32060.exe
2868	Unicorn-51926.exe
2868	Unicorn-51926.exe
1524	Unicorn-53664.exe
1524	Unicorn-53664.exe
2340	Unicorn-49694.exe
2340	Unicorn-49694.exe
2384	5b483d51eb29ab84902db3df07ffcb7f775a274dbd1fe4385adb283fe2aae1e8N.exe
2384	5b483d51eb29ab84902db3df07ffcb7f775a274dbd1fe4385adb283fe2aae1e8N.exe
2320	Unicorn-18320.exe
2320	Unicorn-18320.exe
2824	Unicorn-1656.exe
2824	Unicorn-1656.exe
1288	Unicorn-30166.exe
1288	Unicorn-30166.exe
2328	Unicorn-43986.exe
1776	Unicorn-13123.exe
2328	Unicorn-43986.exe
1776	Unicorn-13123.exe
2896	Unicorn-27757.exe
2896	Unicorn-27757.exe
1524	Unicorn-53664.exe
1524	Unicorn-53664.exe
1792	Unicorn-38714.exe
1792	Unicorn-38714.exe
2384	5b483d51eb29ab84902db3df07ffcb7f775a274dbd1fe4385adb283fe2aae1e8N.exe
2384	5b483d51eb29ab84902db3df07ffcb7f775a274dbd1fe4385adb283fe2aae1e8N.exe
876	Unicorn-33888.exe
876	Unicorn-33888.exe
2868	Unicorn-51926.exe
2868	Unicorn-51926.exe
1884	Unicorn-1023.exe
1884	Unicorn-1023.exe
1936	Unicorn-19113.exe
1936	Unicorn-19113.exe
2736	Unicorn-32060.exe
2736	Unicorn-32060.exe
2340	Unicorn-49694.exe
2340	Unicorn-49694.exe
2916	Unicorn-38167.exe
2916	Unicorn-38167.exe
2320	Unicorn-18320.exe
2320	Unicorn-18320.exe
2940	Unicorn-19562.exe
2940	Unicorn-19562.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
3676	2460	WerFault.exe	92
4636	1732	WerFault.exe	117

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60564.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2679.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5479.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30833.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56278.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-81.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58539.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23700.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65165.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36769.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51484.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53845.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42392.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36320.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45566.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16626.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5b483d51eb29ab84902db3df07ffcb7f775a274dbd1fe4385adb283fe2aae1e8N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50129.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-81.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19416.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51582.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15416.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62143.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24998.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11344.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46917.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30274.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36237.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41862.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50527.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5479.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2679.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16983.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8026.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30199.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5479.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14306.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50206.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49086.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4217.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34948.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50527.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37036.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58507.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2679.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2679.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62778.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52344.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51094.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42392.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41880.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3209.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51681.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20861.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19766.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41228.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5479.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-81.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41862.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55604.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13207.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16616.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2384	5b483d51eb29ab84902db3df07ffcb7f775a274dbd1fe4385adb283fe2aae1e8N.exe
1524	Unicorn-53664.exe
2328	Unicorn-43986.exe
2340	Unicorn-49694.exe
2824	Unicorn-1656.exe
2736	Unicorn-32060.exe
1776	Unicorn-13123.exe
2868	Unicorn-51926.exe
2320	Unicorn-18320.exe
1288	Unicorn-30166.exe
1884	Unicorn-1023.exe
2896	Unicorn-27757.exe
1936	Unicorn-19113.exe
876	Unicorn-33888.exe
1792	Unicorn-38714.exe
2916	Unicorn-38167.exe
2940	Unicorn-19562.exe
2536	Unicorn-54311.exe
1844	Unicorn-50206.exe
2188	Unicorn-63941.exe
3044	Unicorn-7222.exe
376	Unicorn-40014.exe
1984	Unicorn-39895.exe
1976	Unicorn-30274.exe
1772	Unicorn-46917.exe
3036	Unicorn-13361.exe
1916	Unicorn-55847.exe
1336	Unicorn-10408.exe
2448	Unicorn-26360.exe
2252	Unicorn-23759.exe
1964	Unicorn-62614.exe
1328	Unicorn-32572.exe
1716	Unicorn-29587.exe
1956	Unicorn-35142.exe
1516	Unicorn-30351.exe
2852	Unicorn-17545.exe
2268	Unicorn-17279.exe
3024	Unicorn-65328.exe
2720	Unicorn-36185.exe
2772	Unicorn-35801.exe
2084	Unicorn-48800.exe
1292	Unicorn-35417.exe
1780	Unicorn-9958.exe
380	Unicorn-30905.exe
768	Unicorn-37036.exe
1760	Unicorn-53180.exe
572	Unicorn-11186.exe
2576	Unicorn-53180.exe
1140	Unicorn-65219.exe
2840	Unicorn-13417.exe
2900	Unicorn-19548.exe
1324	Unicorn-38764.exe
2392	Unicorn-32633.exe
2996	Unicorn-18898.exe
2548	Unicorn-1109.exe
2784	Unicorn-3413.exe
2148	Unicorn-33549.exe
1372	Unicorn-48852.exe
2968	Unicorn-36237.exe
1896	Unicorn-12317.exe
2460	Unicorn-63735.exe
1808	Unicorn-2220.exe
2208	Unicorn-18064.exe
824	Unicorn-1955.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2384 wrote to memory of 1524	2384	5b483d51eb29ab84902db3df07ffcb7f775a274dbd1fe4385adb283fe2aae1e8N.exe	30
PID 2384 wrote to memory of 1524	2384	5b483d51eb29ab84902db3df07ffcb7f775a274dbd1fe4385adb283fe2aae1e8N.exe	30
PID 2384 wrote to memory of 1524	2384	5b483d51eb29ab84902db3df07ffcb7f775a274dbd1fe4385adb283fe2aae1e8N.exe	30
PID 2384 wrote to memory of 1524	2384	5b483d51eb29ab84902db3df07ffcb7f775a274dbd1fe4385adb283fe2aae1e8N.exe	30
PID 2384 wrote to memory of 2340	2384	5b483d51eb29ab84902db3df07ffcb7f775a274dbd1fe4385adb283fe2aae1e8N.exe	32
PID 2384 wrote to memory of 2340	2384	5b483d51eb29ab84902db3df07ffcb7f775a274dbd1fe4385adb283fe2aae1e8N.exe	32
PID 2384 wrote to memory of 2340	2384	5b483d51eb29ab84902db3df07ffcb7f775a274dbd1fe4385adb283fe2aae1e8N.exe	32
PID 2384 wrote to memory of 2340	2384	5b483d51eb29ab84902db3df07ffcb7f775a274dbd1fe4385adb283fe2aae1e8N.exe	32
PID 1524 wrote to memory of 2328	1524	Unicorn-53664.exe	31
PID 1524 wrote to memory of 2328	1524	Unicorn-53664.exe	31
PID 1524 wrote to memory of 2328	1524	Unicorn-53664.exe	31
PID 1524 wrote to memory of 2328	1524	Unicorn-53664.exe	31
PID 2328 wrote to memory of 2824	2328	Unicorn-43986.exe	33
PID 2328 wrote to memory of 2824	2328	Unicorn-43986.exe	33
PID 2328 wrote to memory of 2824	2328	Unicorn-43986.exe	33
PID 2328 wrote to memory of 2824	2328	Unicorn-43986.exe	33
PID 1524 wrote to memory of 2736	1524	Unicorn-53664.exe	34
PID 1524 wrote to memory of 2736	1524	Unicorn-53664.exe	34
PID 1524 wrote to memory of 2736	1524	Unicorn-53664.exe	34
PID 1524 wrote to memory of 2736	1524	Unicorn-53664.exe	34
PID 2340 wrote to memory of 2868	2340	Unicorn-49694.exe	35
PID 2340 wrote to memory of 2868	2340	Unicorn-49694.exe	35
PID 2340 wrote to memory of 2868	2340	Unicorn-49694.exe	35
PID 2340 wrote to memory of 2868	2340	Unicorn-49694.exe	35
PID 2384 wrote to memory of 1776	2384	5b483d51eb29ab84902db3df07ffcb7f775a274dbd1fe4385adb283fe2aae1e8N.exe	36
PID 2384 wrote to memory of 1776	2384	5b483d51eb29ab84902db3df07ffcb7f775a274dbd1fe4385adb283fe2aae1e8N.exe	36
PID 2384 wrote to memory of 1776	2384	5b483d51eb29ab84902db3df07ffcb7f775a274dbd1fe4385adb283fe2aae1e8N.exe	36
PID 2384 wrote to memory of 1776	2384	5b483d51eb29ab84902db3df07ffcb7f775a274dbd1fe4385adb283fe2aae1e8N.exe	36
PID 2824 wrote to memory of 2320	2824	Unicorn-1656.exe	38
PID 2824 wrote to memory of 2320	2824	Unicorn-1656.exe	38
PID 2824 wrote to memory of 2320	2824	Unicorn-1656.exe	38
PID 2824 wrote to memory of 2320	2824	Unicorn-1656.exe	38
PID 2328 wrote to memory of 1288	2328	Unicorn-43986.exe	39
PID 2328 wrote to memory of 1288	2328	Unicorn-43986.exe	39
PID 2328 wrote to memory of 1288	2328	Unicorn-43986.exe	39
PID 2328 wrote to memory of 1288	2328	Unicorn-43986.exe	39
PID 2736 wrote to memory of 1884	2736	Unicorn-32060.exe	40
PID 2736 wrote to memory of 1884	2736	Unicorn-32060.exe	40
PID 2736 wrote to memory of 1884	2736	Unicorn-32060.exe	40
PID 2736 wrote to memory of 1884	2736	Unicorn-32060.exe	40
PID 2868 wrote to memory of 876	2868	Unicorn-51926.exe	41
PID 2868 wrote to memory of 876	2868	Unicorn-51926.exe	41
PID 2868 wrote to memory of 876	2868	Unicorn-51926.exe	41
PID 2868 wrote to memory of 876	2868	Unicorn-51926.exe	41
PID 1524 wrote to memory of 2896	1524	Unicorn-53664.exe	42
PID 1524 wrote to memory of 2896	1524	Unicorn-53664.exe	42
PID 1524 wrote to memory of 2896	1524	Unicorn-53664.exe	42
PID 1524 wrote to memory of 2896	1524	Unicorn-53664.exe	42
PID 2340 wrote to memory of 1936	2340	Unicorn-49694.exe	43
PID 2340 wrote to memory of 1936	2340	Unicorn-49694.exe	43
PID 2340 wrote to memory of 1936	2340	Unicorn-49694.exe	43
PID 2340 wrote to memory of 1936	2340	Unicorn-49694.exe	43
PID 2384 wrote to memory of 1792	2384	5b483d51eb29ab84902db3df07ffcb7f775a274dbd1fe4385adb283fe2aae1e8N.exe	44
PID 2384 wrote to memory of 1792	2384	5b483d51eb29ab84902db3df07ffcb7f775a274dbd1fe4385adb283fe2aae1e8N.exe	44
PID 2384 wrote to memory of 1792	2384	5b483d51eb29ab84902db3df07ffcb7f775a274dbd1fe4385adb283fe2aae1e8N.exe	44
PID 2384 wrote to memory of 1792	2384	5b483d51eb29ab84902db3df07ffcb7f775a274dbd1fe4385adb283fe2aae1e8N.exe	44
PID 2320 wrote to memory of 2916	2320	Unicorn-18320.exe	45
PID 2320 wrote to memory of 2916	2320	Unicorn-18320.exe	45
PID 2320 wrote to memory of 2916	2320	Unicorn-18320.exe	45
PID 2320 wrote to memory of 2916	2320	Unicorn-18320.exe	45
PID 2824 wrote to memory of 2940	2824	Unicorn-1656.exe	46
PID 2824 wrote to memory of 2940	2824	Unicorn-1656.exe	46
PID 2824 wrote to memory of 2940	2824	Unicorn-1656.exe	46
PID 2824 wrote to memory of 2940	2824	Unicorn-1656.exe	46

C:\Users\Admin\AppData\Local\Temp\5b483d51eb29ab84902db3df07ffcb7f775a274dbd1fe4385adb283fe2aae1e8N.exe
"C:\Users\Admin\AppData\Local\Temp\5b483d51eb29ab84902db3df07ffcb7f775a274dbd1fe4385adb283fe2aae1e8N.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2384
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43986.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43986.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1656.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1656.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18320.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38167.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62614.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33549.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22325.exe
        9⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42931.exe
        10⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6048.exe
        10⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30235.exe
        9⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2679.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-81.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-81.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7088.exe
        9⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53170.exe
        8⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31100.exe
        9⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30926.exe
        9⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46001.exe
        8⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3499.exe
        8⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2679.exe
        8⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-81.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-81.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42392.exe
        8⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48852.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53679.exe
        8⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48078.exe
        9⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51477.exe
        8⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56278.exe
        8⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60149.exe
        8⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52344.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45336.exe
        7⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59187.exe
        8⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27627.exe
        7⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53478.exe
        7⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31741.exe
        7⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46979.exe
        7⤵
        
        PID:7072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32572.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36237.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7498.exe
        8⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58539.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35472.exe
        8⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63171.exe
        8⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11344.exe
        8⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16616.exe
        8⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52594.exe
        7⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41228.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33789.exe
        8⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5479.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25282.exe
        8⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41862.exe
        8⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63624.exe
        7⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12570.exe
        7⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2679.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-81.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-81.exe
        7⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42392.exe
        7⤵
        
        PID:6524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12317.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58228.exe
        8⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38978.exe
        8⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5479.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25282.exe
        8⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41862.exe
        8⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38362.exe
        7⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52714.exe
        7⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11344.exe
        7⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16616.exe
        7⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25326.exe
        7⤵
        
        PID:6576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5230.exe
        6⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62322.exe
        7⤵
        
        PID:6556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-777.exe
        6⤵
        
        PID:3092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14458.exe
        6⤵
        
        PID:4088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3209.exe
        6⤵
        
        PID:4988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61152.exe
        6⤵
        
        PID:5896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15526.exe
        6⤵
        
        PID:6444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19562.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19766.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2220.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20.exe
        8⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57266.exe
        9⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26138.exe
        9⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25222.exe
        9⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22898.exe
        8⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14852.exe
        8⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11344.exe
        8⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16616.exe
        8⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-747.exe
        8⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10822.exe
        7⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41769.exe
        7⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51681.exe
        7⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17146.exe
        7⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49402.exe
        7⤵
        
        PID:6816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16454.exe
        6⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52370.exe
        7⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57281.exe
        7⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19416.exe
        7⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50527.exe
        7⤵
        
        PID:6668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2565.exe
        6⤵
        
        PID:2244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24641.exe
        6⤵
        
        PID:3556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2679.exe
        6⤵
        
        PID:4412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-81.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-81.exe
        6⤵
        
        PID:5924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42392.exe
        6⤵
        
        PID:6548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29587.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18064.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11087.exe
        7⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30833.exe
        7⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5479.exe
        7⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25282.exe
        7⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59203.exe
        7⤵
        
        PID:6824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56759.exe
        6⤵
        
        PID:408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42786.exe
        7⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30926.exe
        7⤵
        
        PID:6336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44569.exe
        6⤵
        
        PID:3476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11344.exe
        6⤵
        
        PID:5068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16616.exe
        6⤵
        
        PID:5596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-747.exe
        6⤵
        
        PID:6960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1955.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18883.exe
        6⤵
        
        PID:3408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16187.exe
        6⤵
        
        PID:3220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57001.exe
        6⤵
        
        PID:5084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37073.exe
        6⤵
        
        PID:6296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5887.exe
        6⤵
        
        PID:6496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15416.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13856.exe
        5⤵
        
        PID:3332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3209.exe
        5⤵
        
        PID:4980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61152.exe
        5⤵
        
        PID:5528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15526.exe
        5⤵
        
        PID:6428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30166.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54311.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63735.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58228.exe
        7⤵
        
        PID:2908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 236
        7⤵
        Program crash
        
        PID:3676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30447.exe
        6⤵
        
        PID:1860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48740.exe
        6⤵
        
        PID:3196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2679.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-81.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-81.exe
        6⤵
        
        PID:5756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42392.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30351.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36320.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11087.exe
        7⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30833.exe
        7⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5479.exe
        7⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25282.exe
        7⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41862.exe
        7⤵
        
        PID:6188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56759.exe
        6⤵
        
        PID:620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44569.exe
        6⤵
        
        PID:3424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48336.exe
        6⤵
        
        PID:4876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20538.exe
        6⤵
        
        PID:6304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22952.exe
        6⤵
        
        PID:7032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45566.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4850.exe
        6⤵
        
        PID:3468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60471.exe
        6⤵
        
        PID:4572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60149.exe
        6⤵
        
        PID:6084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35815.exe
        6⤵
        
        PID:6368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8430.exe
        5⤵
        
        PID:288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-728.exe
        6⤵
        
        PID:6740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30199.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51681.exe
        5⤵
        
        PID:5044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17146.exe
        5⤵
        
        PID:5500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20861.exe
        5⤵
        
        PID:6276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63941.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63941.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35142.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50129.exe
        6⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52370.exe
        7⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57281.exe
        7⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19416.exe
        7⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50527.exe
        7⤵
        
        PID:6652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51430.exe
        6⤵
        
        PID:1244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63119.exe
        6⤵
        
        PID:3724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11344.exe
        6⤵
        
        PID:4260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16616.exe
        6⤵
        
        PID:6056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25326.exe
        6⤵
        
        PID:6400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30538.exe
        5⤵
        
        PID:2700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51466.exe
        6⤵
        
        PID:2912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8026.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56278.exe
        6⤵
        
        PID:4356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27285.exe
        6⤵
        
        PID:5828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16983.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47448.exe
        5⤵
        
        PID:1684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26283.exe
        5⤵
        
        PID:3188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24998.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34948.exe
        5⤵
        
        PID:5976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49994.exe
        5⤵
        
        PID:5496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17279.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17279.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2656.exe
        5⤵
        
        PID:2176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46676.exe
        6⤵
        
        PID:2836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54434.exe
        6⤵
        
        PID:3984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62143.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51484.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32928.exe
        6⤵
        
        PID:5400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16626.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30235.exe
        5⤵
        
        PID:3796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62143.exe
        5⤵
        
        PID:4536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51484.exe
        5⤵
        
        PID:5140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6276.exe
        5⤵
        
        PID:6628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24369.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24369.exe
      4⤵
      PID:1732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54179.exe
        5⤵
        
        PID:3680
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 236
        5⤵
        Program crash
        
        PID:4636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45829.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45829.exe
      4⤵
      PID:1624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28369.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28369.exe
      4⤵
      PID:3232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47215.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47215.exe
      4⤵
      PID:4924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55817.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55817.exe
      4⤵
      PID:5696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19726.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19726.exe
      4⤵
      PID:6224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32060.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32060.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1023.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1023.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30274.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53066.exe
        6⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51441.exe
        7⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42542.exe
        7⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54284.exe
        7⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22442.exe
        7⤵
        
        PID:7160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58263.exe
        6⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18883.exe
        7⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-427.exe
        7⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5479.exe
        7⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25282.exe
        7⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41862.exe
        7⤵
        
        PID:7096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13158.exe
        6⤵
        
        PID:3580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53478.exe
        6⤵
        
        PID:4520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34948.exe
        6⤵
        
        PID:6120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49994.exe
        6⤵
        
        PID:5252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18898.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53578.exe
        6⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53845.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11487.exe
        7⤵
        
        PID:6744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6682.exe
        6⤵
        
        PID:3180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56278.exe
        6⤵
        
        PID:4500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56942.exe
        6⤵
        
        PID:5880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16983.exe
        6⤵
        
        PID:7052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47064.exe
        5⤵
        
        PID:1440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42811.exe
        5⤵
        
        PID:3168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24998.exe
        5⤵
        
        PID:4608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34948.exe
        5⤵
        
        PID:6012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49994.exe
        5⤵
        
        PID:5504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26360.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26360.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53180.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49733.exe
        7⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29139.exe
        7⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5479.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25282.exe
        7⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49891.exe
        7⤵
        
        PID:7140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16712.exe
        6⤵
        
        PID:2592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43451.exe
        6⤵
        
        PID:3120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11344.exe
        6⤵
        
        PID:2132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16616.exe
        6⤵
        
        PID:5804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25326.exe
        6⤵
        
        PID:5304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45692.exe
        5⤵
        
        PID:2348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35849.exe
        6⤵
        
        PID:4672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22733.exe
        6⤵
        
        PID:5248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42223.exe
        6⤵
        
        PID:6760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51752.exe
        5⤵
        
        PID:3744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53478.exe
        5⤵
        
        PID:4512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34948.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3481.exe
        5⤵
        
        PID:6380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13417.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13417.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20.exe
        5⤵
        
        PID:2100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37757.exe
        6⤵
        
        PID:5476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3033.exe
        6⤵
        
        PID:6788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22898.exe
        5⤵
        
        PID:2512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12942.exe
        5⤵
        
        PID:4276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51484.exe
        5⤵
        
        PID:6040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62778.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65292.exe
      4⤵
      PID:1620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9311.exe
        5⤵
        
        PID:3844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57281.exe
        5⤵
        
        PID:4624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19416.exe
        5⤵
        
        PID:5548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50527.exe
        5⤵
        
        PID:6632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33833.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33833.exe
      4⤵
      PID:2240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26515.exe
        5⤵
        
        PID:6928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61054.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61054.exe
      4⤵
      PID:3588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3209.exe
      4⤵
      PID:4956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61152.exe
      4⤵
      PID:5904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15526.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15526.exe
      4⤵
      PID:6464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27757.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27757.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7222.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7222.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17545.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49086.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11127.exe
        7⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57281.exe
        7⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19416.exe
        7⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16060.exe
        7⤵
        
        PID:6768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51430.exe
        6⤵
        
        PID:2140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63119.exe
        6⤵
        
        PID:3388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11344.exe
        6⤵
        
        PID:5088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16616.exe
        6⤵
        
        PID:5524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55560.exe
        6⤵
        
        PID:6832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64389.exe
        5⤵
        
        PID:320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22090.exe
        6⤵
        
        PID:3416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16187.exe
        6⤵
        
        PID:3280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5479.exe
        6⤵
        
        PID:4732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25282.exe
        6⤵
        
        PID:5280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41862.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65165.exe
        5⤵
        
        PID:1920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3447.exe
        5⤵
        
        PID:3728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2679.exe
        5⤵
        
        PID:4336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-81.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-81.exe
        5⤵
        
        PID:5796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60596.exe
        5⤵
        
        PID:6772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65328.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65328.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2687.exe
        5⤵
        
        PID:1752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52370.exe
        6⤵
        
        PID:3300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57281.exe
        6⤵
        
        PID:4792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19416.exe
        6⤵
        
        PID:5932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50527.exe
        6⤵
        
        PID:6680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54367.exe
        5⤵
        
        PID:2360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33383.exe
        5⤵
        
        PID:3392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11344.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16616.exe
        5⤵
        
        PID:5872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25326.exe
        5⤵
        
        PID:6604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35774.exe
      4⤵
      PID:2172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4217.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58507.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5479.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25282.exe
        5⤵
        
        PID:5452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41862.exe
        5⤵
        
        PID:7000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64128.exe
      4⤵
      PID:1444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30832.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30832.exe
      4⤵
      PID:3828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51681.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51681.exe
      4⤵
      PID:5052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17146.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17146.exe
      4⤵
      PID:5944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20861.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40014.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40014.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35801.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35801.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33518.exe
        5⤵
        
        PID:1800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22844.exe
        6⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7290.exe
        7⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30926.exe
        7⤵
        
        PID:6332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16500.exe
        6⤵
        
        PID:3776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56278.exe
        6⤵
        
        PID:4380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27285.exe
        6⤵
        
        PID:5844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16983.exe
        6⤵
        
        PID:6976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33813.exe
        5⤵
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54331.exe
        6⤵
        
        PID:2936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52513.exe
        6⤵
        
        PID:2336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5479.exe
        6⤵
        
        PID:4724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25282.exe
        6⤵
        
        PID:5344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41862.exe
        6⤵
        
        PID:7152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35098.exe
        5⤵
        
        PID:2196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53390.exe
        5⤵
        
        PID:3160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2679.exe
        5⤵
        
        PID:4352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-81.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-81.exe
        5⤵
        
        PID:5724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42392.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55370.exe
      4⤵
      PID:2680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53854.exe
        5⤵
        
        PID:3656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5479.exe
        5⤵
        
        PID:4700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25282.exe
        5⤵
        
        PID:5468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41862.exe
        5⤵
        
        PID:7016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65165.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65165.exe
      4⤵
      PID:600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4277.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4277.exe
      4⤵
      PID:4264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34948.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34948.exe
      4⤵
      PID:6024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14306.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14306.exe
      4⤵
      PID:5488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9958.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9958.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50129.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50129.exe
      4⤵
      PID:2920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11127.exe
        5⤵
        
        PID:3616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57281.exe
        5⤵
        
        PID:4388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19416.exe
        5⤵
        
        PID:5588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50527.exe
        5⤵
        
        PID:6696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51430.exe
      4⤵
      PID:2828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63119.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63119.exe
      4⤵
      PID:3740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11344.exe
      4⤵
      PID:4248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16616.exe
      4⤵
      PID:5808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25326.exe
      4⤵
      PID:6592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24554.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24554.exe
    3⤵
    PID:448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36769.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36769.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57281.exe
      4⤵
      PID:4632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19416.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19416.exe
      4⤵
      PID:5704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50527.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50527.exe
      4⤵
      PID:1556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62895.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62895.exe
    3⤵
    PID:1224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6838.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6838.exe
    3⤵
    PID:3376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41880.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41880.exe
    3⤵
    PID:4972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60018.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60018.exe
    3⤵
    PID:5876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57527.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57527.exe
    3⤵
    PID:6364
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49694.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49694.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51926.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51926.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33888.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33888.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55847.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38764.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32962.exe
        7⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45826.exe
        8⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64252.exe
        7⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62143.exe
        7⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51484.exe
        7⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46441.exe
        7⤵
        
        PID:6264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45692.exe
        6⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54179.exe
        7⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57281.exe
        7⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19416.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50527.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36634.exe
        6⤵
        
        PID:2264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20717.exe
        6⤵
        
        PID:3564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2679.exe
        6⤵
        
        PID:4940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-81.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-81.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42392.exe
        6⤵
        
        PID:6540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1109.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22325.exe
        6⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9311.exe
        7⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57281.exe
        7⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19416.exe
        7⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50527.exe
        7⤵
        
        PID:6660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59956.exe
        6⤵
        
        PID:3124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33793.exe
        6⤵
        
        PID:4072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11344.exe
        6⤵
        
        PID:5104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16616.exe
        6⤵
        
        PID:5668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25326.exe
        6⤵
        
        PID:6568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17045.exe
        5⤵
        
        PID:2668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35704.exe
        6⤵
        
        PID:3524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5479.exe
        6⤵
        
        PID:4688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25282.exe
        6⤵
        
        PID:5352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41862.exe
        6⤵
        
        PID:6156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20179.exe
        5⤵
        
        PID:3208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37153.exe
        5⤵
        
        PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51681.exe
        5⤵
        
        PID:5012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17146.exe
        5⤵
        
        PID:5408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51094.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10408.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19548.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24359.exe
        6⤵
        
        PID:716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20049.exe
        7⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57281.exe
        7⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19416.exe
        7⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50527.exe
        7⤵
        
        PID:6724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22898.exe
        6⤵
        
        PID:1184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2679.exe
        6⤵
        
        PID:4344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-81.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-81.exe
        6⤵
        
        PID:5748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42392.exe
        6⤵
        
        PID:6516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46698.exe
        5⤵
        
        PID:2644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48393.exe
        6⤵
        
        PID:6780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4580.exe
        5⤵
        
        PID:3692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53478.exe
        5⤵
        
        PID:4400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34948.exe
        5⤵
        
        PID:5996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14306.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32633.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32633.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29047.exe
        5⤵
        
        PID:1680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11896.exe
        5⤵
        
        PID:3548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11344.exe
        5⤵
        
        PID:4256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16616.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25326.exe
        5⤵
        
        PID:6532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6133.exe
      4⤵
      PID:1572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51634.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51634.exe
      4⤵
      PID:3956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36942.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36942.exe
      4⤵
      PID:4416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52014.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52014.exe
      4⤵
      PID:6072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25448.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25448.exe
      4⤵
      PID:7024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19113.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19113.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13361.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36185.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41904.exe
        6⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60564.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42542.exe
        7⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54284.exe
        7⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55114.exe
        7⤵
        
        PID:7128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44528.exe
        6⤵
        
        PID:784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33632.exe
        6⤵
        
        PID:3784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11344.exe
        6⤵
        
        PID:5096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16616.exe
        6⤵
        
        PID:5764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-747.exe
        6⤵
        
        PID:6916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6361.exe
        5⤵
        
        PID:2860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26952.exe
        6⤵
        
        PID:2724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34313.exe
        6⤵
        
        PID:3652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5479.exe
        6⤵
        
        PID:4768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25282.exe
        6⤵
        
        PID:5376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41862.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58263.exe
        5⤵
        
        PID:1612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39498.exe
        5⤵
        
        PID:3756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2679.exe
        5⤵
        
        PID:4292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37604.exe
        5⤵
        
        PID:6268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1422.exe
        5⤵
        
        PID:7080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48800.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50129.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61480.exe
        6⤵
        
        PID:3712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21588.exe
        6⤵
        
        PID:4828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51674.exe
        6⤵
        
        PID:5992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15223.exe
        6⤵
        
        PID:6896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51430.exe
        5⤵
        
        PID:2652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63119.exe
        5⤵
        
        PID:3832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11344.exe
        5⤵
        
        PID:5076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16616.exe
        5⤵
        
        PID:5628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65215.exe
        5⤵
        
        PID:6944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62063.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62063.exe
      4⤵
      PID:2976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58228.exe
        5⤵
        
        PID:2656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13187.exe
        5⤵
        
        PID:3076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5479.exe
        5⤵
        
        PID:3444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25282.exe
        5⤵
        
        PID:5256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41862.exe
        5⤵
        
        PID:6320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57963.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57963.exe
      4⤵
      PID:2788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1481.exe
      4⤵
      PID:3900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51681.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51681.exe
      4⤵
      PID:4908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17146.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17146.exe
      4⤵
      PID:5392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51094.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51094.exe
      4⤵
      PID:6848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23759.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23759.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45941.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45941.exe
      4⤵
      PID:2872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34887.exe
        5⤵
        
        PID:3852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42542.exe
        5⤵
        
        PID:4528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54284.exe
        5⤵
        
        PID:6128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25130.exe
        5⤵
        
        PID:6392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65165.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65165.exe
      4⤵
      PID:2712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62016.exe
      4⤵
      PID:4056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34948.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34948.exe
      4⤵
      PID:6032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14306.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14306.exe
      4⤵
      PID:5244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3413.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3413.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11087.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11087.exe
      4⤵
      PID:3048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30833.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30833.exe
      4⤵
      PID:3512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5479.exe
      4⤵
      PID:4704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25282.exe
      4⤵
      PID:5436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6558.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6558.exe
      4⤵
      PID:6836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49298.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49298.exe
    3⤵
    PID:2160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33378.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33378.exe
    3⤵
    PID:4048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3209.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3209.exe
    3⤵
    PID:5004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61152.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61152.exe
    3⤵
    PID:5644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15526.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15526.exe
    3⤵
    PID:6484
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13123.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13123.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50206.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50206.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35417.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35417.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55604.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6950.exe
        6⤵
        
        PID:3940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57281.exe
        6⤵
        
        PID:4584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19416.exe
        6⤵
        
        PID:5936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50527.exe
        6⤵
        
        PID:6704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33997.exe
        5⤵
        
        PID:3540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5144.exe
        5⤵
        
        PID:3964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51484.exe
        5⤵
        
        PID:5952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-448.exe
        5⤵
        
        PID:6984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19210.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19210.exe
      4⤵
      PID:2104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24906.exe
        5⤵
        
        PID:3448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57281.exe
        5⤵
        
        PID:4560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19416.exe
        5⤵
        
        PID:5620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50527.exe
        5⤵
        
        PID:6352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15772.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15772.exe
      4⤵
      PID:896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51681.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51681.exe
      4⤵
      PID:5020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17146.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17146.exe
      4⤵
      PID:5680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20861.exe
      4⤵
      PID:6260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30905.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30905.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18718.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18718.exe
      4⤵
      PID:484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27508.exe
        5⤵
        
        PID:3104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42542.exe
        5⤵
        
        PID:4544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21419.exe
        5⤵
        
        PID:5856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25649.exe
        5⤵
        
        PID:6872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51430.exe
      4⤵
      PID:1692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30638.exe
      4⤵
      PID:3216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11344.exe
      4⤵
      PID:5060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16616.exe
      4⤵
      PID:5712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18462.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18462.exe
      4⤵
      PID:6728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49864.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49864.exe
    3⤵
    PID:604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29139.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29139.exe
      4⤵
      PID:3152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5479.exe
      4⤵
      PID:4716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25282.exe
      4⤵
      PID:5380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41862.exe
      4⤵
      PID:7136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62365.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62365.exe
    3⤵
    PID:2308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11303.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11303.exe
    3⤵
    PID:3284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3209.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3209.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61152.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61152.exe
    3⤵
    PID:5612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15526.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15526.exe
    3⤵
    PID:6420
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38714.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38714.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39895.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39895.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53180.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53180.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23700.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5409.exe
        6⤵
        
        PID:3592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40548.exe
        6⤵
        
        PID:6104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52264.exe
        6⤵
        
        PID:6180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51430.exe
        5⤵
        
        PID:1804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5144.exe
        5⤵
        
        PID:3996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51484.exe
        5⤵
        
        PID:5960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29913.exe
        5⤵
        
        PID:7040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51582.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51582.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52370.exe
        5⤵
        
        PID:3292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57281.exe
        5⤵
        
        PID:4592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19416.exe
        5⤵
        
        PID:5640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50527.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65165.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65165.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36504.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36504.exe
      4⤵
      PID:3240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2679.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2679.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-81.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-81.exe
      4⤵
      PID:5660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42392.exe
      4⤵
      PID:6528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65219.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65219.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46676.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46676.exe
      4⤵
      PID:1268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40355.exe
        5⤵
        
        PID:6192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54434.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54434.exe
      4⤵
      PID:3968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62143.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62143.exe
      4⤵
      PID:4472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51484.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51484.exe
      4⤵
      PID:6136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35808.exe
      4⤵
      PID:6456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59012.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59012.exe
    3⤵
    PID:1096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13207.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13207.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40548.exe
      4⤵
      PID:6048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5751.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5751.exe
      4⤵
      PID:6324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4585.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4585.exe
    3⤵
    PID:3480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46640.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46640.exe
    3⤵
    PID:3568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51681.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51681.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17146.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17146.exe
    3⤵
    PID:5404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51094.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51094.exe
    3⤵
    PID:6856
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46917.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46917.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37036.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37036.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55132.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55132.exe
      4⤵
      PID:2032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16500.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16500.exe
      4⤵
      PID:3788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56278.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56278.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60149.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60149.exe
      4⤵
      PID:936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52344.exe
      4⤵
      PID:6480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52070.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52070.exe
    3⤵
    PID:2476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65265.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65265.exe
      4⤵
      PID:6716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54434.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54434.exe
    3⤵
    PID:3976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62143.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62143.exe
    3⤵
    PID:4444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51484.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51484.exe
    3⤵
    PID:5984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29913.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29913.exe
    3⤵
    PID:7064
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11186.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11186.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11087.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11087.exe
    3⤵
    PID:2040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30833.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30833.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5479.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5479.exe
    3⤵
    PID:4752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25282.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25282.exe
    3⤵
    PID:5652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41862.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41862.exe
    3⤵
    PID:7104
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2687.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2687.exe
  2⤵
  PID:2944
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20768.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20768.exe
  2⤵
  PID:3496
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41880.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41880.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4932
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60018.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60018.exe
  2⤵
  PID:5564
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57527.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57527.exe
  2⤵
  PID:6208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1023.exe

Filesize
468KB

MD5
ca8fb230e251a08df610891c07d8b63c

SHA1
de15f5264ed050241399eec99b0d77354ef53ea3

SHA256
b50fad3c08f302ceb7a10ed7af5bca95e7ca6271f251347488a4f9b713b27df3

SHA512
682d80ae3958a716e6f8ac4164b1ce9b8cf5629b1db7175f1ad3e3b15e00218a06716dba2d54eb3cc2e11254413045ac2bf8da95cf2ed480249d7fb205c920a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18320.exe

Filesize
468KB

MD5
d1e15ef622288f76b1403ef8f1b225f4

SHA1
ef7cf264290d9ecf2e7cc33a58051a09b72ba5cb

SHA256
beca71bf8e247820263b0d28a527ffd8bd941a40789851e7931c06bca696ba9b

SHA512
b6a8693414a8d55e39d4881830f0bef82e5ba4f374f0497e2c2963325b475ff81d4c6f5ffe09767aef97fa37d7acd84b13d2f25b575bacc7d4c7a9dcc1bdd973

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19113.exe

Filesize
468KB

MD5
9d09cd9f67c29fa8765700de97c040d2

SHA1
2079b7fb41331396459ab18a52e2a8721024e953

SHA256
a76ab1e5e1e116cce45ef40ab94e3c93e095ae530bbb385055f2063e8e69ab69

SHA512
7157be3974ff5969db118dffbd3fac325d893674ce035d672f46a5cfc6a01fc01c9440a62634626afc9a8c037d4e88bde32d3e3f28406789385bd562c37f0ed8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32060.exe

Filesize
468KB

MD5
5e576532fc355f58e712391450567a18

SHA1
3e0e7113198ca9162650b1784c4eada247a0c976

SHA256
a212d93243a33f391b9f6f4d39d339340857d6bfa72ad6109dc068cd02b823c3

SHA512
c6623f443dedf95f900e9a3c9f724d4759d70b7acb94d17a073ae4355ab590934618049eecbb851bba64dd5934e20125b736ca1cff45b337e1f45732e840bf69

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33888.exe

Filesize
468KB

MD5
794b2da804f32e72340bc03a0c99cc92

SHA1
3efa6c51b294b2addca993f2db4995cd35723af3

SHA256
62a97fb46c20df51945b027443d2d84317c7842e43da36a72ec98767ab287884

SHA512
4f3e5f93f065538334c166d010a325317ae1ffb88db13dd418692ff6a2d662f65fa7d9d986296c805b90a2939b9e1622e70d17a585e473877e9a7ef8cbb026eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36504.exe

Filesize
468KB

MD5
20a107ef8dd9383c5f87da8a9c006c10

SHA1
ec5d15aa886044c7bcb532fe161a210a1ae38e2d

SHA256
0ee67f9a6e4023e9954703b4f00dfc32eb21fe88c7f82a9ec7d711a2253ad4a4

SHA512
8e7c11f6ec225141921835d91afbf9a17dee64b1f5c679618406783e1914a0462e03cd5173bb3091199c96cd3d6dbba8793f84d625122996e1d4f813ece4b440

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49694.exe

Filesize
468KB

MD5
ff1b6477a144679343d9a253af468252

SHA1
518a1321764f9e32ca291585ae5b6c6a56afa4d5

SHA256
1824e578c47edf1e8d1028e4160d645251d68f6f5c03d09bc8af952ba306a793

SHA512
353ec1d003cc8e4c36f1ccaefb198a582eec22063c6dc05641b905e5389cced8de26e94785ac02b56fce40202f2e6b1a01f4f125cb436d485ccb74b440027f12

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51926.exe

Filesize
468KB

MD5
bd35809546c31a8b0f17bed52f0b956b

SHA1
80d0344d1fda939596efbe6f35ce274790212261

SHA256
5ed97b64c15d871000eaa604b2bed95f2a601dd1d6046e5f2df91f81a17b5b6e

SHA512
5201606db6a23f0fd05b5e8e88913fcbd9e0d7a377d343d2d87483bc11cb471ba05e068a875b217fa34a16f9067d2d9a5fafccc79f5bdc3fd3f13c4e31b27085

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13123.exe

Filesize
468KB

MD5
073d124979a6552503d271a8e34af356

SHA1
4d61b477895575a6b0776151a84a57bc75293f54

SHA256
46ea3bf541e3433331ed13e6e938e5db1e96efdabda87798d2cdf6d2503de9e3

SHA512
57e2beba5fce2a753897c28882bd4cc39fbd6595d477fc7071a7672d455dd303e2ef4e2c9cd388135e7da00f944cbb5e3fb071430b683ecd9ffc62fcedf2a4ab

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1656.exe

Filesize
468KB

MD5
cb3c0cda2c50830808b03ef43ea2addd

SHA1
9463f60463ea55b30e6d69d16aa242e569d9a0d0

SHA256
6d447c338e3d20d13905613c024c7c0d977d13eef07f5dbefb95dec151dcc29b

SHA512
a52185869ffb1de83ca6139f778f81ab39ea45413114182ebb93f0c68907eaf4d9bfb7d4dcc8f98b00881b2fc6a92fa8fb8488e41b78c9816938956202507a36

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19562.exe

Filesize
468KB

MD5
bcd5bb1a43d7563710a06e63fb4536e1

SHA1
d69fb9fe14f0bac54efe95f04e2291f719d5250d

SHA256
5a2401308053fbf56bb4e47b00304098f4adaef3fd5874b913d6ac85623bee4b

SHA512
260851ac09b76e2b1c367bf9b344bd46e6a7fb0c6648d7b645e0d62ba4ac3f55e28a73f2837118078f36b282b5578772f2288ae5c04ae0364c597677d22f8faf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27757.exe

Filesize
468KB

MD5
666238c8a628a20b4ea0aba33093b1ec

SHA1
cf0a3c952eff13b6abcb62c761fe4f7e6b9b5242

SHA256
f5a5ad7f1777f5f6930973830aa2ef55731f287aad103c8de042222a8d11af14

SHA512
ddbfd996ea64fcc417e8a50b234e19ddfa4bba3e228161910b09c34cdea7b9acb0bff824309563f729b25f71c14b1065e0e0876e0700f29d87261cdb4e491e9e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30166.exe

Filesize
468KB

MD5
a94511c63eb02829d9e953c2da39ca14

SHA1
6719285c58148b10b14140409e00f76664c45a0b

SHA256
775a5f66b6a229cdc5a8d97598f58352c86b1d67580f10060a2f3b5d72cdaa6a

SHA512
186680f55e038efde844ccde82f490607056c8f9df4e44177f79f7c1c742706ef7eb51bc2ac14b886d7670943ff790e29800e277d0a42e9cf68d023b3c36fc0b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38167.exe

Filesize
468KB

MD5
5926c649a62f338840f5a6601016ddba

SHA1
8eeb684ddd2449a860d47fae96891bf457dd21e9

SHA256
ab0f73acddf6dd7b88f0edd89edfca0b8b1f89575f847e12a85d6b3e5b512fa2

SHA512
73026fd1beacf740f8771316a1b2eb77032dcff780ff5eaa8d032ab976db98d556db2c88a4ce031b20350695995b070830836e7df6b9c756d4eaa7a5aa9c5d73

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38714.exe

Filesize
468KB

MD5
d153ea4a3ba1a579d819bbbf27a0947a

SHA1
d17e4728ead81fc53cfc51185cc270b0a3fe0ec6

SHA256
f80d5985f2e7810f6f1d5bb2155f0d0e119412c03b05bd034935ec621ed1a9cb

SHA512
edc12a12dbb174b98dd9784993708c74edc8572b44c4d8d5c4e9189cbabe2dd379c3b935005c4681442047286ab6d6408e3c109e71e78a8eb20171e48f22950a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43986.exe

Filesize
468KB

MD5
3a2e52ca1685f5ebad4bb20d8e582315

SHA1
9ec63105de696665c68f6defd3defd6debc365f6

SHA256
a35f9508c6cc2d81b9e75642895b49632ea7737601a8f75ef6c1a2ae7917ec73

SHA512
afd01f78029a076d1f83cd204fee47ebd2daea7c2544070d6cb969fa3c769149114a66ee678dd8a9cdf9ba059e82c9d6804260cb3613605d2caeaff1b80c5355

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50206.exe

Filesize
468KB

MD5
056a9df33879a24651081f944129cc9c

SHA1
346564794770683125c150ed2185dd91c1dc9025

SHA256
727d664817910f51b94d263998f72aa29c142a2dd98eb8d82477c8488fef1b54

SHA512
f359ad4220b963e149942312bad2b4ce915a964186acecd0bcc2eaa03ba9ab7116aa506e6cefb3caabe8b70d1848a836fb0d4b1526dfb5a3fd779b8cf7187755

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe

Filesize
468KB

MD5
c359936200c7c41db9e7d5712ff40b30

SHA1
363d856e4ddc4d170c10a90fc475f5bce89e2d52

SHA256
f29a00e391b2275f95de04a0bc08c372d77e8811c0ecb74a2030aabe64fab804

SHA512
cf73d55dc3e3dbca5de46ac24584dd39d884791576ee4a5ab41cee228cb058ecc5b523d74265b658b7ca55ee1bda386968d9bbffb8603a4d8da39e6734bdeb66

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54311.exe

Filesize
468KB

MD5
f25027a62e4961949859b25792298fb4

SHA1
cef5b5456e07e02fe3e679e4232d771c66612e12

SHA256
8314a80d9449f5da70f3a6e4b2b31aea13e511b042c6b001e7b445377eb8ae2e

SHA512
7d62b1cb51c59b59d1db08c90ae93b22c6d5ff5a50738e1177b81936834b69ac8b8495be86ec5201a3720b0ffa33f3ce65666120d60804a140105f8336aa8c5d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63941.exe

Filesize
468KB

MD5
1f62f2662d41d30f50ffe5ae9a2c5f5d

SHA1
5e11913aff93373ccbc7b84fddc559e46b0fde79

SHA256
4e6203483576ea163bc86af32baebf7cdfab366f9436c540183b0aeba724f845

SHA512
a680d988d46b436a0973efeec9da9be671ea3c670de0cfee425ee62626cb0c6fc48a0c02fdc193e4f3284f7da97fe6069dabf2d66d71d32fbb7844fe8fdd3328

Download Submit