aba888b57f187edfa3966b5698c347299c735217d54f6be4fa5dd399c0b1297c

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 06:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aba888b57f187edfa3966b5698c347299c735217d54f6be4fa5dd399c0b1297cN.exe
Size

468KB
MD5

819f8a2a67bd85f3b5f7086d02163ea0
SHA1

e7cce57acc3f45bc9a019b9e8f750354454e66e5
SHA256

aba888b57f187edfa3966b5698c347299c735217d54f6be4fa5dd399c0b1297c
SHA512

59df600d10ae0c5cb8e1dfa9a9186fba655924e191bf1af555775d323c0b321df23085a6582f182ebf413ebd050048e1bba944a293a7c23946d33a390ef0423e
SSDEEP

3072:1huUogIuIw5UqbYXHzcjrf8/EoOC3lSC6FH0tVPpwatk5bBzOsef:1hJo3gUq4H4jrfkE+hwaC5BzO

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2880	Unicorn-12911.exe
2756	Unicorn-32943.exe
2884	Unicorn-36621.exe
2588	Unicorn-55065.exe
1940	Unicorn-2143.exe
576	Unicorn-46513.exe
1412	Unicorn-32214.exe
2376	Unicorn-25512.exe
1864	Unicorn-30342.exe
2928	Unicorn-34448.exe
2972	Unicorn-1391.exe
2960	Unicorn-60798.exe
2912	Unicorn-22558.exe
3032	Unicorn-42424.exe
784	Unicorn-11406.exe
2304	Unicorn-36882.exe
1956	Unicorn-41712.exe
2432	Unicorn-61578.exe
2444	Unicorn-38728.exe
952	Unicorn-48423.exe
2300	Unicorn-36725.exe
2464	Unicorn-15751.exe
2344	Unicorn-58437.exe
2080	Unicorn-56399.exe
1288	Unicorn-55637.exe
1696	Unicorn-56399.exe
992	Unicorn-63607.exe
1664	Unicorn-35573.exe
2096	Unicorn-63342.exe
980	Unicorn-2901.exe
1888	Unicorn-32409.exe
1752	Unicorn-28687.exe
1680	Unicorn-34329.exe
2036	Unicorn-46944.exe
2232	Unicorn-1272.exe
2276	Unicorn-25777.exe
2268	Unicorn-1583.exe
2740	Unicorn-20222.exe
2796	Unicorn-39351.exe
2748	Unicorn-59217.exe
2652	Unicorn-47328.exe
484	Unicorn-51926.exe
1404	Unicorn-62512.exe
964	Unicorn-16841.exe
2372	Unicorn-45220.exe
2360	Unicorn-51350.exe
2828	Unicorn-36668.exe
1640	Unicorn-42798.exe
2764	Unicorn-3108.exe
2868	Unicorn-28574.exe
1568	Unicorn-44453.exe
1580	Unicorn-44718.exe
1160	Unicorn-3691.exe
848	Unicorn-58293.exe
2768	Unicorn-12621.exe
2508	Unicorn-49933.exe
2256	Unicorn-4261.exe
2428	Unicorn-4261.exe
2164	Unicorn-40612.exe
1016	Unicorn-54348.exe
1508	Unicorn-63991.exe
2500	Unicorn-58126.exe
1660	Unicorn-44391.exe
916	Unicorn-64256.exe

Loads dropped DLL 64 IoCs

pid	Process
2792	aba888b57f187edfa3966b5698c347299c735217d54f6be4fa5dd399c0b1297cN.exe
2792	aba888b57f187edfa3966b5698c347299c735217d54f6be4fa5dd399c0b1297cN.exe
2880	Unicorn-12911.exe
2880	Unicorn-12911.exe
2792	aba888b57f187edfa3966b5698c347299c735217d54f6be4fa5dd399c0b1297cN.exe
2792	aba888b57f187edfa3966b5698c347299c735217d54f6be4fa5dd399c0b1297cN.exe
2756	Unicorn-32943.exe
2756	Unicorn-32943.exe
2880	Unicorn-12911.exe
2880	Unicorn-12911.exe
2884	Unicorn-36621.exe
2884	Unicorn-36621.exe
2792	aba888b57f187edfa3966b5698c347299c735217d54f6be4fa5dd399c0b1297cN.exe
2792	aba888b57f187edfa3966b5698c347299c735217d54f6be4fa5dd399c0b1297cN.exe
2588	Unicorn-55065.exe
2588	Unicorn-55065.exe
2756	Unicorn-32943.exe
2756	Unicorn-32943.exe
1940	Unicorn-2143.exe
1940	Unicorn-2143.exe
576	Unicorn-46513.exe
2880	Unicorn-12911.exe
2880	Unicorn-12911.exe
576	Unicorn-46513.exe
2884	Unicorn-36621.exe
2884	Unicorn-36621.exe
1412	Unicorn-32214.exe
2792	aba888b57f187edfa3966b5698c347299c735217d54f6be4fa5dd399c0b1297cN.exe
1412	Unicorn-32214.exe
2792	aba888b57f187edfa3966b5698c347299c735217d54f6be4fa5dd399c0b1297cN.exe
2376	Unicorn-25512.exe
2376	Unicorn-25512.exe
2588	Unicorn-55065.exe
2588	Unicorn-55065.exe
1864	Unicorn-30342.exe
1864	Unicorn-30342.exe
2756	Unicorn-32943.exe
2756	Unicorn-32943.exe
3032	Unicorn-42424.exe
3032	Unicorn-42424.exe
1412	Unicorn-32214.exe
1412	Unicorn-32214.exe
784	Unicorn-11406.exe
784	Unicorn-11406.exe
2792	aba888b57f187edfa3966b5698c347299c735217d54f6be4fa5dd399c0b1297cN.exe
2884	Unicorn-36621.exe
2884	Unicorn-36621.exe
2792	aba888b57f187edfa3966b5698c347299c735217d54f6be4fa5dd399c0b1297cN.exe
2928	Unicorn-34448.exe
2928	Unicorn-34448.exe
2960	Unicorn-60798.exe
2960	Unicorn-60798.exe
2972	Unicorn-1391.exe
2880	Unicorn-12911.exe
1940	Unicorn-2143.exe
2972	Unicorn-1391.exe
1940	Unicorn-2143.exe
2880	Unicorn-12911.exe
576	Unicorn-46513.exe
576	Unicorn-46513.exe
2304	Unicorn-36882.exe
2304	Unicorn-36882.exe
2376	Unicorn-25512.exe
2376	Unicorn-25512.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2320	2868	WerFault.exe	79
3776	2832	WerFault.exe	138

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55065.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34448.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36882.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10741.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7003.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28374.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28036.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58170.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23193.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32718.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40034.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64035.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30342.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42798.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2149.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17713.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3691.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35423.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47975.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44757.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9545.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1391.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17713.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40318.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31931.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18549.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2143.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3327.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26902.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44435.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47910.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28071.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33010.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39529.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-808.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2308.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1011.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42424.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62751.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7469.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28374.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15380.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16411.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44458.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63294.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31436.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55370.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28249.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17555.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7043.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25512.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23193.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63230.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63294.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59710.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31021.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48423.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64256.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30440.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47388.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25583.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44391.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58170.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47778.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2792	aba888b57f187edfa3966b5698c347299c735217d54f6be4fa5dd399c0b1297cN.exe
2880	Unicorn-12911.exe
2756	Unicorn-32943.exe
2884	Unicorn-36621.exe
2588	Unicorn-55065.exe
1940	Unicorn-2143.exe
576	Unicorn-46513.exe
1412	Unicorn-32214.exe
2376	Unicorn-25512.exe
1864	Unicorn-30342.exe
2972	Unicorn-1391.exe
2928	Unicorn-34448.exe
3032	Unicorn-42424.exe
784	Unicorn-11406.exe
2912	Unicorn-22558.exe
2960	Unicorn-60798.exe
2304	Unicorn-36882.exe
1956	Unicorn-41712.exe
2432	Unicorn-61578.exe
2444	Unicorn-38728.exe
952	Unicorn-48423.exe
2300	Unicorn-36725.exe
2464	Unicorn-15751.exe
2344	Unicorn-58437.exe
1288	Unicorn-55637.exe
1696	Unicorn-56399.exe
1664	Unicorn-35573.exe
2080	Unicorn-56399.exe
992	Unicorn-63607.exe
2096	Unicorn-63342.exe
980	Unicorn-2901.exe
1888	Unicorn-32409.exe
1752	Unicorn-28687.exe
1680	Unicorn-34329.exe
2232	Unicorn-1272.exe
2276	Unicorn-25777.exe
2036	Unicorn-46944.exe
2740	Unicorn-20222.exe
2268	Unicorn-1583.exe
2796	Unicorn-39351.exe
2748	Unicorn-59217.exe
2652	Unicorn-47328.exe
484	Unicorn-51926.exe
1404	Unicorn-62512.exe
964	Unicorn-16841.exe
2360	Unicorn-51350.exe
2372	Unicorn-45220.exe
2828	Unicorn-36668.exe
1640	Unicorn-42798.exe
2764	Unicorn-3108.exe
2868	Unicorn-28574.exe
1568	Unicorn-44453.exe
1580	Unicorn-44718.exe
848	Unicorn-58293.exe
1160	Unicorn-3691.exe
2768	Unicorn-12621.exe
2256	Unicorn-4261.exe
2508	Unicorn-49933.exe
2428	Unicorn-4261.exe
1016	Unicorn-54348.exe
2164	Unicorn-40612.exe
936	Unicorn-64256.exe
2500	Unicorn-58126.exe
916	Unicorn-64256.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2792 wrote to memory of 2880	2792	aba888b57f187edfa3966b5698c347299c735217d54f6be4fa5dd399c0b1297cN.exe	30
PID 2792 wrote to memory of 2880	2792	aba888b57f187edfa3966b5698c347299c735217d54f6be4fa5dd399c0b1297cN.exe	30
PID 2792 wrote to memory of 2880	2792	aba888b57f187edfa3966b5698c347299c735217d54f6be4fa5dd399c0b1297cN.exe	30
PID 2792 wrote to memory of 2880	2792	aba888b57f187edfa3966b5698c347299c735217d54f6be4fa5dd399c0b1297cN.exe	30
PID 2880 wrote to memory of 2756	2880	Unicorn-12911.exe	31
PID 2880 wrote to memory of 2756	2880	Unicorn-12911.exe	31
PID 2880 wrote to memory of 2756	2880	Unicorn-12911.exe	31
PID 2880 wrote to memory of 2756	2880	Unicorn-12911.exe	31
PID 2792 wrote to memory of 2884	2792	aba888b57f187edfa3966b5698c347299c735217d54f6be4fa5dd399c0b1297cN.exe	32
PID 2792 wrote to memory of 2884	2792	aba888b57f187edfa3966b5698c347299c735217d54f6be4fa5dd399c0b1297cN.exe	32
PID 2792 wrote to memory of 2884	2792	aba888b57f187edfa3966b5698c347299c735217d54f6be4fa5dd399c0b1297cN.exe	32
PID 2792 wrote to memory of 2884	2792	aba888b57f187edfa3966b5698c347299c735217d54f6be4fa5dd399c0b1297cN.exe	32
PID 2756 wrote to memory of 2588	2756	Unicorn-32943.exe	33
PID 2756 wrote to memory of 2588	2756	Unicorn-32943.exe	33
PID 2756 wrote to memory of 2588	2756	Unicorn-32943.exe	33
PID 2756 wrote to memory of 2588	2756	Unicorn-32943.exe	33
PID 2880 wrote to memory of 1940	2880	Unicorn-12911.exe	34
PID 2880 wrote to memory of 1940	2880	Unicorn-12911.exe	34
PID 2880 wrote to memory of 1940	2880	Unicorn-12911.exe	34
PID 2880 wrote to memory of 1940	2880	Unicorn-12911.exe	34
PID 2884 wrote to memory of 576	2884	Unicorn-36621.exe	35
PID 2884 wrote to memory of 576	2884	Unicorn-36621.exe	35
PID 2884 wrote to memory of 576	2884	Unicorn-36621.exe	35
PID 2884 wrote to memory of 576	2884	Unicorn-36621.exe	35
PID 2792 wrote to memory of 1412	2792	aba888b57f187edfa3966b5698c347299c735217d54f6be4fa5dd399c0b1297cN.exe	36
PID 2792 wrote to memory of 1412	2792	aba888b57f187edfa3966b5698c347299c735217d54f6be4fa5dd399c0b1297cN.exe	36
PID 2792 wrote to memory of 1412	2792	aba888b57f187edfa3966b5698c347299c735217d54f6be4fa5dd399c0b1297cN.exe	36
PID 2792 wrote to memory of 1412	2792	aba888b57f187edfa3966b5698c347299c735217d54f6be4fa5dd399c0b1297cN.exe	36
PID 2588 wrote to memory of 2376	2588	Unicorn-55065.exe	37
PID 2588 wrote to memory of 2376	2588	Unicorn-55065.exe	37
PID 2588 wrote to memory of 2376	2588	Unicorn-55065.exe	37
PID 2588 wrote to memory of 2376	2588	Unicorn-55065.exe	37
PID 2756 wrote to memory of 1864	2756	Unicorn-32943.exe	38
PID 2756 wrote to memory of 1864	2756	Unicorn-32943.exe	38
PID 2756 wrote to memory of 1864	2756	Unicorn-32943.exe	38
PID 2756 wrote to memory of 1864	2756	Unicorn-32943.exe	38
PID 1940 wrote to memory of 2928	1940	Unicorn-2143.exe	39
PID 1940 wrote to memory of 2928	1940	Unicorn-2143.exe	39
PID 1940 wrote to memory of 2928	1940	Unicorn-2143.exe	39
PID 1940 wrote to memory of 2928	1940	Unicorn-2143.exe	39
PID 2880 wrote to memory of 2960	2880	Unicorn-12911.exe	41
PID 2880 wrote to memory of 2960	2880	Unicorn-12911.exe	41
PID 2880 wrote to memory of 2960	2880	Unicorn-12911.exe	41
PID 2880 wrote to memory of 2960	2880	Unicorn-12911.exe	41
PID 576 wrote to memory of 2972	576	Unicorn-46513.exe	40
PID 576 wrote to memory of 2972	576	Unicorn-46513.exe	40
PID 576 wrote to memory of 2972	576	Unicorn-46513.exe	40
PID 576 wrote to memory of 2972	576	Unicorn-46513.exe	40
PID 2884 wrote to memory of 2912	2884	Unicorn-36621.exe	42
PID 2884 wrote to memory of 2912	2884	Unicorn-36621.exe	42
PID 2884 wrote to memory of 2912	2884	Unicorn-36621.exe	42
PID 2884 wrote to memory of 2912	2884	Unicorn-36621.exe	42
PID 1412 wrote to memory of 3032	1412	Unicorn-32214.exe	43
PID 1412 wrote to memory of 3032	1412	Unicorn-32214.exe	43
PID 1412 wrote to memory of 3032	1412	Unicorn-32214.exe	43
PID 1412 wrote to memory of 3032	1412	Unicorn-32214.exe	43
PID 2792 wrote to memory of 784	2792	aba888b57f187edfa3966b5698c347299c735217d54f6be4fa5dd399c0b1297cN.exe	44
PID 2792 wrote to memory of 784	2792	aba888b57f187edfa3966b5698c347299c735217d54f6be4fa5dd399c0b1297cN.exe	44
PID 2792 wrote to memory of 784	2792	aba888b57f187edfa3966b5698c347299c735217d54f6be4fa5dd399c0b1297cN.exe	44
PID 2792 wrote to memory of 784	2792	aba888b57f187edfa3966b5698c347299c735217d54f6be4fa5dd399c0b1297cN.exe	44
PID 2376 wrote to memory of 2304	2376	Unicorn-25512.exe	45
PID 2376 wrote to memory of 2304	2376	Unicorn-25512.exe	45
PID 2376 wrote to memory of 2304	2376	Unicorn-25512.exe	45
PID 2376 wrote to memory of 2304	2376	Unicorn-25512.exe	45

C:\Users\Admin\AppData\Local\Temp\aba888b57f187edfa3966b5698c347299c735217d54f6be4fa5dd399c0b1297cN.exe
"C:\Users\Admin\AppData\Local\Temp\aba888b57f187edfa3966b5698c347299c735217d54f6be4fa5dd399c0b1297cN.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2792
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12911.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12911.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32943.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32943.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55065.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55065.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25512.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36882.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32409.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35812.exe
        8⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64311.exe
        9⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
        9⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17713.exe
        9⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40318.exe
        9⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32718.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57203.exe
        8⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38834.exe
        8⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15654.exe
        8⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61821.exe
        7⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37264.exe
        8⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55338.exe
        8⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10225.exe
        8⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47388.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57203.exe
        7⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38834.exe
        7⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39775.exe
        7⤵
        
        PID:6680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28687.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64256.exe
        7⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37308.exe
        8⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61244.exe
        9⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
        9⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58170.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23790.exe
        9⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15359.exe
        8⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60003.exe
        8⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15410.exe
        8⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31652.exe
        8⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33010.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17353.exe
        8⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
        8⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58170.exe
        8⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23790.exe
        8⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47975.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27346.exe
        7⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64894.exe
        7⤵
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58126.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59892.exe
        7⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31831.exe
        8⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
        8⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17713.exe
        8⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40318.exe
        8⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38773.exe
        7⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60003.exe
        7⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23579.exe
        7⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31652.exe
        7⤵
        
        PID:6896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9357.exe
        6⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58255.exe
        7⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
        7⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9545.exe
        7⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40318.exe
        7⤵
        
        PID:7080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33097.exe
        6⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35246.exe
        7⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16411.exe
        7⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26452.exe
        7⤵
        
        PID:6448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50813.exe
        6⤵
        
        PID:4008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27877.exe
        6⤵
        
        PID:4128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53329.exe
        6⤵
        
        PID:2408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41712.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25777.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27787.exe
        7⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60003.exe
        7⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64035.exe
        7⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40314.exe
        7⤵
        
        PID:6528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3745.exe
        6⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1047.exe
        7⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54566.exe
        7⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24729.exe
        7⤵
        
        PID:5928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4611.exe
        6⤵
        
        PID:4068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36012.exe
        6⤵
        
        PID:5084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41658.exe
        6⤵
        
        PID:6280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20222.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64256.exe
        6⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14448.exe
        7⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18023.exe
        8⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36074.exe
        8⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28374.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30146.exe
        7⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33795.exe
        7⤵
        
        PID:5680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35423.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25485.exe
        7⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61155.exe
        7⤵
        
        PID:5764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42110.exe
        6⤵
        
        PID:3864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36012.exe
        6⤵
        
        PID:4664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1373.exe
        6⤵
        
        PID:6268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63991.exe
        5⤵
        Executes dropped EXE
        
        PID:1508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23193.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35246.exe
        7⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16411.exe
        7⤵
        
        PID:4684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64581.exe
        6⤵
        
        PID:3828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30146.exe
        6⤵
        
        PID:4928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17458.exe
        6⤵
        
        PID:5852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65191.exe
        5⤵
        
        PID:2832
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 220
        6⤵
        Program crash
        
        PID:3776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32566.exe
        5⤵
        
        PID:3152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42487.exe
        5⤵
        
        PID:4148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9097.exe
        5⤵
        
        PID:5912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30342.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61578.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34329.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64256.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47505.exe
        8⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9114.exe
        9⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31908.exe
        8⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30146.exe
        8⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25627.exe
        8⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29559.exe
        7⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35246.exe
        8⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16411.exe
        8⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52626.exe
        8⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37476.exe
        7⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47778.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44391.exe
        6⤵
        Executes dropped EXE
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39598.exe
        7⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12075.exe
        8⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60579.exe
        8⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56246.exe
        7⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23579.exe
        7⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31652.exe
        7⤵
        
        PID:6836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59823.exe
        6⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18549.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2308.exe
        6⤵
        
        PID:3312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27346.exe
        6⤵
        
        PID:5060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33290.exe
        6⤵
        
        PID:6184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46944.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17250.exe
        6⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41483.exe
        7⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11317.exe
        8⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16411.exe
        8⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26452.exe
        8⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19350.exe
        7⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17713.exe
        7⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40318.exe
        7⤵
        
        PID:7144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63230.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25583.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
        7⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58170.exe
        7⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23790.exe
        7⤵
        
        PID:6704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49438.exe
        6⤵
        
        PID:3136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57203.exe
        6⤵
        
        PID:4256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63915.exe
        6⤵
        
        PID:5320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32183.exe
        6⤵
        
        PID:6952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3170.exe
        5⤵
        
        PID:2356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17555.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64672.exe
        7⤵
        
        PID:6368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42510.exe
        6⤵
        
        PID:3920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9545.exe
        6⤵
        
        PID:5596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40318.exe
        6⤵
        
        PID:7064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31244.exe
        5⤵
        
        PID:1020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57203.exe
        5⤵
        
        PID:4232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38834.exe
        5⤵
        
        PID:5236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40844.exe
        5⤵
        
        PID:6552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38728.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1272.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41973.exe
        6⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61706.exe
        7⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
        7⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58170.exe
        7⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47910.exe
        7⤵
        
        PID:6648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-808.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60003.exe
        6⤵
        
        PID:4528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15410.exe
        6⤵
        
        PID:5588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31652.exe
        6⤵
        
        PID:6856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48086.exe
        5⤵
        
        PID:2488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12012.exe
        6⤵
        
        PID:2744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47191.exe
        6⤵
        
        PID:4860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62751.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39323.exe
        5⤵
        
        PID:1244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26902.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4878.exe
        5⤵
        
        PID:5980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1583.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1583.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64256.exe
        5⤵
        
        PID:2392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-800.exe
        6⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55235.exe
        7⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31155.exe
        7⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13742.exe
        7⤵
        
        PID:928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48245.exe
        6⤵
        
        PID:3904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30146.exe
        6⤵
        
        PID:4164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27251.exe
        6⤵
        
        PID:5960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22076.exe
        5⤵
        
        PID:2252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21497.exe
        6⤵
        
        PID:6508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4611.exe
        5⤵
        
        PID:3084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36012.exe
        5⤵
        
        PID:3096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49826.exe
        5⤵
        
        PID:6168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63411.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63411.exe
      4⤵
      PID:2504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31361.exe
        5⤵
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56413.exe
        6⤵
        
        PID:3124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56443.exe
        6⤵
        
        PID:5692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54778.exe
        5⤵
        
        PID:4084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44757.exe
        5⤵
        
        PID:4156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38763.exe
        5⤵
        
        PID:5860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13871.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13871.exe
      4⤵
      PID:332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31628.exe
        5⤵
        
        PID:4952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36861.exe
        5⤵
        
        PID:6380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59710.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59710.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6346.exe
      4⤵
      PID:5000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47994.exe
      4⤵
      PID:5724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2143.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2143.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34448.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34448.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56399.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44718.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40331.exe
        7⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33386.exe
        7⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15410.exe
        7⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31652.exe
        7⤵
        
        PID:6872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6049.exe
        6⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29676.exe
        7⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7043.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39252.exe
        6⤵
        
        PID:3872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14913.exe
        6⤵
        
        PID:5604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15117.exe
        6⤵
        
        PID:7040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58293.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23193.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59942.exe
        7⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16411.exe
        7⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27929.exe
        7⤵
        
        PID:6212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28374.exe
        6⤵
        
        PID:3820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30146.exe
        6⤵
        
        PID:4868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50323.exe
        6⤵
        
        PID:6324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41375.exe
        5⤵
        
        PID:2608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31436.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31931.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2308.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27346.exe
        5⤵
        
        PID:5052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8594.exe
        5⤵
        
        PID:5832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35573.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51350.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23611.exe
        6⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63294.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31155.exe
        7⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62751.exe
        7⤵
        
        PID:948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19116.exe
        6⤵
        
        PID:3892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28036.exe
        6⤵
        
        PID:5032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23579.exe
        6⤵
        
        PID:5472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31652.exe
        6⤵
        
        PID:6920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12489.exe
        5⤵
        
        PID:1856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38057.exe
        6⤵
        
        PID:3088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44757.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15218.exe
        6⤵
        
        PID:5788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3054.exe
        5⤵
        
        PID:3508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44391.exe
        5⤵
        
        PID:4844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37550.exe
        5⤵
        
        PID:5884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36668.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36668.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12611.exe
        5⤵
        
        PID:2452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3875.exe
        6⤵
        
        PID:3232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
        6⤵
        
        PID:4428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17713.exe
        6⤵
        
        PID:5296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40318.exe
        6⤵
        
        PID:6148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40034.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60003.exe
        5⤵
        
        PID:4480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64035.exe
        5⤵
        
        PID:5216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15124.exe
        5⤵
        
        PID:6716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52611.exe
      4⤵
      PID:1548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63294.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        5⤵
        
        PID:5044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17713.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40318.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6808.exe
      4⤵
      PID:3844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8701.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8701.exe
      4⤵
      PID:4992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7275.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7275.exe
      4⤵
      PID:5524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10652.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10652.exe
      4⤵
      PID:6976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60798.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60798.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56399.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56399.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4261.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49425.exe
        6⤵
        
        PID:468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35246.exe
        7⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16411.exe
        7⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26452.exe
        7⤵
        
        PID:6432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31908.exe
        6⤵
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30146.exe
        6⤵
        
        PID:4824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33795.exe
        6⤵
        
        PID:5920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22076.exe
        5⤵
        
        PID:1400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33567.exe
        6⤵
        
        PID:6748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29115.exe
        5⤵
        
        PID:3268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36012.exe
        5⤵
        
        PID:4668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1251.exe
        5⤵
        
        PID:6456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40612.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40612.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32054.exe
        5⤵
        
        PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15380.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30146.exe
        5⤵
        
        PID:4696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58491.exe
        5⤵
        
        PID:6236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24579.exe
      4⤵
      PID:972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9114.exe
        5⤵
        
        PID:6656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34981.exe
      4⤵
      PID:3172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27346.exe
      4⤵
      PID:5076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18316.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18316.exe
      4⤵
      PID:6416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63342.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63342.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61821.exe
      4⤵
      PID:2976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26673.exe
        5⤵
        
        PID:3432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
        5⤵
        
        PID:4436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17713.exe
        5⤵
        
        PID:5408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40318.exe
        5⤵
        
        PID:7112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26408.exe
      4⤵
      PID:3400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57203.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57203.exe
      4⤵
      PID:4216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38834.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38834.exe
      4⤵
      PID:976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18021.exe
      4⤵
      PID:6780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32163.exe
      4⤵
      PID:860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10741.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16411.exe
        5⤵
        
        PID:4108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44458.exe
        5⤵
        
        PID:6308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33386.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33386.exe
      4⤵
      PID:3296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23579.exe
      4⤵
      PID:5416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31652.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31652.exe
      4⤵
      PID:6808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50034.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50034.exe
    3⤵
    PID:2172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45370.exe
      4⤵
      PID:3004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
      4⤵
      PID:4372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58170.exe
      4⤵
      PID:5160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47910.exe
      4⤵
      PID:6616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55802.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55802.exe
    3⤵
    PID:796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36202.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36202.exe
    3⤵
    PID:4304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-335.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-335.exe
    3⤵
    PID:5740
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36621.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36621.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46513.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46513.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1391.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1391.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63607.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12621.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56013.exe
        7⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
        7⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17713.exe
        7⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40318.exe
        7⤵
        
        PID:7096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10683.exe
        6⤵
        
        PID:1088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60003.exe
        6⤵
        
        PID:4272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64035.exe
        6⤵
        
        PID:5192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47413.exe
        6⤵
        
        PID:6568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49933.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23886.exe
        6⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14457.exe
        7⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20122.exe
        7⤵
        
        PID:5812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61203.exe
        6⤵
        
        PID:4608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6553.exe
        6⤵
        
        PID:5756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24579.exe
        5⤵
        
        PID:2548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55338.exe
        6⤵
        
        PID:4616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30595.exe
        6⤵
        
        PID:6008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10476.exe
        5⤵
        
        PID:4076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6546.exe
        5⤵
        
        PID:5660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2901.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2901.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4261.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40942.exe
        6⤵
        
        PID:1836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60003.exe
        6⤵
        
        PID:4504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23579.exe
        6⤵
        
        PID:5460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31652.exe
        6⤵
        
        PID:6908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27948.exe
        5⤵
        
        PID:1204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13133.exe
        6⤵
        
        PID:3680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
        6⤵
        
        PID:4316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58170.exe
        6⤵
        
        PID:5144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47910.exe
        6⤵
        
        PID:6588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57164.exe
        5⤵
        
        PID:3752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33902.exe
        5⤵
        
        PID:4984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55370.exe
        5⤵
        
        PID:5272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15117.exe
        5⤵
        
        PID:7016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54348.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54348.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48221.exe
        5⤵
        
        PID:2712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41942.exe
        6⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17973.exe
        7⤵
        
        PID:6272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56413.exe
        6⤵
        
        PID:4080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30146.exe
        6⤵
        
        PID:4884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33795.exe
        6⤵
        
        PID:5976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28140.exe
        5⤵
        
        PID:284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2819.exe
        6⤵
        
        PID:6000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4611.exe
        5⤵
        
        PID:2436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18194.exe
        5⤵
        
        PID:5824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8843.exe
      4⤵
      PID:1540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52125.exe
        5⤵
        
        PID:3044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-331.exe
        5⤵
        
        PID:4288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14913.exe
        5⤵
        
        PID:5612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15117.exe
        5⤵
        
        PID:6968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14955.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14955.exe
      4⤵
      PID:1072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55759.exe
        5⤵
        
        PID:2068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
        5⤵
        
        PID:4404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17713.exe
        5⤵
        
        PID:5544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40318.exe
        5⤵
        
        PID:7104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6173.exe
      4⤵
      PID:1592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57733.exe
      4⤵
      PID:4296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59449.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59449.exe
      4⤵
      PID:5620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5317.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5317.exe
      4⤵
      PID:7000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22558.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22558.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39351.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39351.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64256.exe
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39529.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23479.exe
        7⤵
        
        PID:6500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31908.exe
        6⤵
        
        PID:4004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30146.exe
        6⤵
        
        PID:4816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50323.exe
        6⤵
        
        PID:6336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29559.exe
        5⤵
        
        PID:1504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10741.exe
        6⤵
        
        PID:3164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16411.exe
        6⤵
        
        PID:4700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26452.exe
        6⤵
        
        PID:6468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45644.exe
        5⤵
        
        PID:4032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36012.exe
        5⤵
        
        PID:4460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41658.exe
        5⤵
        
        PID:6300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2149.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2149.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32983.exe
        5⤵
        
        PID:2904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
        5⤵
        
        PID:4380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58170.exe
        5⤵
        
        PID:5128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47910.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-617.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-617.exe
      4⤵
      PID:3180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40667.exe
      4⤵
      PID:4224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15443.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15443.exe
      4⤵
      PID:5304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10652.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10652.exe
      4⤵
      PID:6960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58437.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58437.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28574.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28574.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2868
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 188
        5⤵
        Program crash
        
        PID:2320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18659.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18659.exe
      4⤵
      PID:1192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26673.exe
        5⤵
        
        PID:3424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
        5⤵
        
        PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17713.exe
        5⤵
        
        PID:5536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40318.exe
        5⤵
        
        PID:7120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20542.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20542.exe
      4⤵
      PID:3376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44391.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44391.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37550.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37550.exe
      4⤵
      PID:5872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44453.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44453.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18323.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18323.exe
      4⤵
      PID:1700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56413.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56413.exe
      4⤵
      PID:3116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30146.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30146.exe
      4⤵
      PID:5108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17458.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17458.exe
      4⤵
      PID:6004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17368.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17368.exe
    3⤵
    PID:1716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55338.exe
      4⤵
      PID:4632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15218.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15218.exe
      4⤵
      PID:5772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50813.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50813.exe
    3⤵
    PID:3992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27877.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27877.exe
    3⤵
    PID:5092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28249.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28249.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6024
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32214.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32214.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42424.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42424.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48423.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59217.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48086.exe
        6⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61052.exe
        7⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
        7⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58170.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47910.exe
        7⤵
        
        PID:6672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20542.exe
        6⤵
        
        PID:3384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10811.exe
        6⤵
        
        PID:3908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50356.exe
        6⤵
        
        PID:6220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27779.exe
        5⤵
        
        PID:2776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28071.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30440.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
        7⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17713.exe
        7⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40318.exe
        7⤵
        
        PID:7056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35571.exe
        6⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58147.exe
        7⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15268.exe
        7⤵
        
        PID:1900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60003.exe
        6⤵
        
        PID:4472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64035.exe
        6⤵
        
        PID:5136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39245.exe
        6⤵
        
        PID:6696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55490.exe
        5⤵
        
        PID:2052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26673.exe
        6⤵
        
        PID:3416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
        6⤵
        
        PID:4496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17713.exe
        6⤵
        
        PID:5448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40318.exe
        6⤵
        
        PID:7072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12868.exe
        5⤵
        
        PID:3656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57203.exe
        5⤵
        
        PID:4248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38834.exe
        5⤵
        
        PID:5184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39775.exe
        5⤵
        
        PID:6688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47328.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47328.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48086.exe
        5⤵
        
        PID:2368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9184.exe
        6⤵
        
        PID:3524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
        6⤵
        
        PID:4412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17713.exe
        6⤵
        
        PID:5392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40318.exe
        6⤵
        
        PID:7128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7003.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-331.exe
        5⤵
        
        PID:4280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6745.exe
        5⤵
        
        PID:5508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15117.exe
        5⤵
        
        PID:7032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2149.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2149.exe
      4⤵
      PID:1232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56667.exe
        5⤵
        
        PID:760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63294.exe
        6⤵
        
        PID:3800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        6⤵
        
        PID:5064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17713.exe
        6⤵
        
        PID:5288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40318.exe
        6⤵
        
        PID:7152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2889.exe
        5⤵
        
        PID:3932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28036.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64035.exe
        5⤵
        
        PID:5228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40314.exe
        5⤵
        
        PID:6520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31400.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31400.exe
      4⤵
      PID:1704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10741.exe
        5⤵
        
        PID:3212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16411.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44458.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9780.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9780.exe
      4⤵
      PID:3196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27877.exe
      4⤵
      PID:4196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56987.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56987.exe
      4⤵
      PID:6420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36725.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36725.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16841.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6280.exe
        5⤵
        
        PID:236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63294.exe
        6⤵
        
        PID:3784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        6⤵
        
        PID:5012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17713.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40318.exe
        6⤵
        
        PID:7048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19033.exe
        5⤵
        
        PID:3968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28036.exe
        5⤵
        
        PID:5024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64035.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22486.exe
        5⤵
        
        PID:6768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3327.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3327.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56324.exe
        5⤵
        
        PID:4964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20525.exe
        5⤵
        
        PID:6204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62111.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62111.exe
      4⤵
      PID:3740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55370.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64126.exe
      4⤵
      PID:6740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45220.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45220.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40942.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40942.exe
      4⤵
      PID:1792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60003.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60003.exe
      4⤵
      PID:4536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23579.exe
      4⤵
      PID:5364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31652.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31652.exe
      4⤵
      PID:6796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-644.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-644.exe
    3⤵
    PID:1004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48603.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48603.exe
      4⤵
      PID:3228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31021.exe
      4⤵
      PID:4172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32897.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32897.exe
      4⤵
      PID:5888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1811.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1811.exe
    3⤵
    PID:4060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10811.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10811.exe
    3⤵
    PID:5116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62323.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62323.exe
    3⤵
    PID:6480
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11406.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11406.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15751.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15751.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51926.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51926.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14448.exe
        5⤵
        
        PID:1720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10741.exe
        6⤵
        
        PID:3208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16411.exe
        6⤵
        
        PID:5100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-843.exe
        6⤵
        
        PID:6344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28374.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30146.exe
        5⤵
        
        PID:4900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33795.exe
        5⤵
        
        PID:5780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3327.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3327.exe
      4⤵
      PID:2136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7469.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12779.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12779.exe
      4⤵
      PID:3768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36012.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36012.exe
      4⤵
      PID:4204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8793.exe
      4⤵
      PID:5868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62512.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62512.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64256.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64256.exe
      4⤵
      PID:620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40942.exe
        5⤵
        
        PID:908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60003.exe
        5⤵
        
        PID:4512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23579.exe
        5⤵
        
        PID:5500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31652.exe
        5⤵
        
        PID:6880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36692.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36692.exe
      4⤵
      PID:2236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52538.exe
      4⤵
      PID:4592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5394.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5394.exe
      4⤵
      PID:5992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2149.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2149.exe
    3⤵
    PID:2940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6812.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6812.exe
      4⤵
      PID:1132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
      4⤵
      PID:4324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58170.exe
      4⤵
      PID:5208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48979.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48979.exe
      4⤵
      PID:6540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13450.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13450.exe
    3⤵
    PID:2844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40667.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40667.exe
    3⤵
    PID:4264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15443.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15443.exe
    3⤵
    PID:5384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10652.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10652.exe
    3⤵
    PID:6988
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55637.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55637.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42798.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42798.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56366.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56366.exe
      4⤵
      PID:3008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24141.exe
        5⤵
        
        PID:4580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20122.exe
        5⤵
        
        PID:5804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33386.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33386.exe
      4⤵
      PID:3308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23579.exe
      4⤵
      PID:5516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31652.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31652.exe
      4⤵
      PID:6928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28825.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28825.exe
    3⤵
    PID:1872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33528.exe
      4⤵
      PID:3176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31021.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32897.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32897.exe
      4⤵
      PID:5896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52538.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52538.exe
    3⤵
    PID:4576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55555.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55555.exe
    3⤵
    PID:5744
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3108.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3108.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58779.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58779.exe
    3⤵
    PID:2676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18547.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18547.exe
      4⤵
      PID:4036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44435.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44435.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34452.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34452.exe
      4⤵
      PID:6940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61203.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61203.exe
    3⤵
    PID:3248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21929.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21929.exe
    3⤵
    PID:5904
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1562.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1562.exe
  2⤵
  PID:2240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19651.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19651.exe
    3⤵
    PID:3360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9545.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9545.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40318.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40318.exe
    3⤵
    PID:7088
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5315.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5315.exe
  2⤵
  PID:3132
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1011.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1011.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4140
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52194.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52194.exe
  2⤵
  PID:5828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13742.exe

Filesize
468KB

MD5
153f58199f9eff5b5620eac7ae8148eb

SHA1
a8914e51f437b81682fb07154efca2059f0c4aab

SHA256
3c9b29b948ff6af2180033f2c5dfdb7e81804364184516c09c198d381b78c4ba

SHA512
4ca06df207168f43fc61f7c5d5667c88c0401fa41430d3a77a201ca4634663cb1b6f49311ee07c45cf6966579199525fc10ffa8972f79319c115673aed6d9b1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30342.exe

Filesize
468KB

MD5
cdc33ea5379e8c365be4a738116e177b

SHA1
6a223963c0fefcb73cc1e124068022f44b03e5aa

SHA256
21eead1688d8a74b01ef7f2d4f5e1f07933151534a2afb775c43da5a59b34f13

SHA512
f6836467a41c175ec2c859d51a3c188375a6611bb38332a5fcac0795898ca1ce46e6700fcb7ea3d522cba5b3e36deafde078f47c3287e09c774358d7204a2500

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40034.exe

Filesize
468KB

MD5
a55797792c43f9010fbbab8ddc70686e

SHA1
0d71bf34664e2d2944ea9e72045a3e4ec1bb9eb5

SHA256
1301ffe294569dac0eb0de4f618645ce701249c749bf1fb078b12101009a2406

SHA512
1ac6f88268add96790bcc556034b98868b8821a379d9bc54f2f25cea2d765e5a724065ca4a5ce02374762ad2204931d8e2e34df1384f2c3fc30d6a65fc0eff9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52611.exe

Filesize
468KB

MD5
500bc6d9d501ad2f4a7e1ee5949accce

SHA1
3e2aec17bbfdee39b9cc4c66546763749a7bf6de

SHA256
658bb76f0a7d20f94cf7dce0bd303de26657dc7a17ad9deef64d9e50907c7325

SHA512
4c500b7f0f2c613d0c0cb9812f859a49a98c20cff149b37f46394fb1ccac564f578736a0d0f55e2db3e56f540734e319f0ba54ac2467c041e5210e0d72bce0d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60798.exe

Filesize
468KB

MD5
2b96aff4a32114f84561d0dc65424441

SHA1
36e660407e7a6aaed62d55cc0cda564bd95eaed4

SHA256
aee0c5a8517ff2e3f364aeff4e6d9fd51a86ad8f1b0e5a2c63582e3443438919

SHA512
ce664c0bf433eb261d110fd347293f674a3896c273c2ee23d34703b6b33aa7fcdd9425c11467911dc8beb573e1e35f6e52826673906af8624739b55a94b4faf1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-617.exe

Filesize
468KB

MD5
286392998eb90f3d827de01b10002757

SHA1
9a67f35f48c0bc94a9543c3b833f5eb5cfbee825

SHA256
d9ac5b52d3804ec6da09cd0d15d08108154ab4759a5b2a0c7053d7fad32f3fba

SHA512
aabfc91e5d4ed79459b48224173e1bb4e2b4ebdf7df253f48c816dce356dd510d3203e96bd2de52df2f1dc4613d4a7dc37bbd44cf2d2e516b170bd2ca6a1db9c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11406.exe

Filesize
468KB

MD5
8b77f44ef8827f029443e8525481f2bf

SHA1
313762cce8a621ae3a0b7ad1e8067722ce9d47c8

SHA256
4fd6ac080d2731eb2ad0b3a546251dfc944d069a5563673e9245f3303608b317

SHA512
012c000aad9ffd8e95f479c76c2e93d1d201cd66beebbd00e2b84f66763359d3bc29e9d96bd4c7936db11bd2be9e0fe3aa1fd122442c0d826b3df276e4d6add0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12911.exe

Filesize
468KB

MD5
1d91869c2f2a3f1d4ff234d8449698aa

SHA1
46331ff588815657fb8beae8eaff9e34e802dbdd

SHA256
7e2418138afbbd4f5ecfbae31b965f6cad556ce2f7afe13fbbe88db52f6ccacc

SHA512
d08a1dad9cdc7e31eaa7ed6e13258adc7574c0b5400761fe5adce5cf3b52b0c9b45730d80bcdf830a3fcb3ca7a4e19fc2dfbef86b5f42cafb6d09c99e81cc503

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1391.exe

Filesize
468KB

MD5
abb797c5c7a90a4eff895863babfdbf5

SHA1
175b54b6f3e384773f35cc55f418f34a443fa570

SHA256
cad21fae9cd6867698c5961584684891d14ee672a7f018a0eb3bedca70667938

SHA512
2a9580085aea9a0ae9617e95a7dd27256ba2f3c1c058ac0d13b353b17a49021b07f3dc985d26727bb76bf6f5d34f48f21d5789535f7a7ec4dbf5242c4128f29c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2143.exe

Filesize
468KB

MD5
7dfea927b2f9435db7c65554df764e3b

SHA1
afbe4ee9c04f077dfca8b8fa0a2b8befd35b690d

SHA256
0f47354d728ed20399777154ee510f10d89b82934267daff63891d1d1b700a7a

SHA512
2bf72107416237f4fea3201fbdc74fa4751faa8cceb1bae8a47311e3bdb0d1f23ad6afcd78c088b16dcd48dd43cf4111b87fc955606eea0bd9aecacb12569774

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22558.exe

Filesize
468KB

MD5
0e6bccabd4c46819dee1e448c6c6b45f

SHA1
e3746c9fdfb8c45a905f9358135fd9ed4ab263d9

SHA256
8c7cc38bda588bcb00e150a1982c4b0b3dd99b9edf69eab3b95e34b481f1558b

SHA512
4ef1676a351da65d005f5a796faf9473f284e63a7037a3b66781ab33385d507e239484471a0aa37df70a2c5b65ae644326367c5c966b505333b447fd564f6bea

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25512.exe

Filesize
468KB

MD5
143eab789950c2c6f1e2ec3b27164d21

SHA1
daaa80c76bcabc98e8bf46aba258a700160c9a84

SHA256
06fe9d4d7bb8437d11a9c7c226a42503c50a63a0d9ed92de8fd1f0bb1a65ed41

SHA512
ea57e32d5bb722277082e0af97bf2424379c9b03036ffaa4113f4c2096eb3b78ec0762050646f758385dbc83c5ba13395fd005b84526ddae0489afe0accaf63f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32214.exe

Filesize
468KB

MD5
5fa61824517c65c013f296d1043fd6f7

SHA1
1af2bdddfed4d51f05e72d6aa42420829a05f02c

SHA256
6a27444b5ee58b3401eecca0cb4ecfd58ea79dc5a2078d739a246ae34e24bb1c

SHA512
ce4e1fc29e6d9342ba40a7edea0633c4cce1ae34d3cedf3cbdec96298e48ef24857142f3278c9310c0ddb5b2fa033e33843dc87a724b592b65bae120310749fd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32943.exe

Filesize
468KB

MD5
e465ff3212f34bc21c56141701d5d28e

SHA1
a7f21bdf9e56d5645b511bfc44b556e981591e8d

SHA256
9711b02433653747e6734274be3cb4b6732348302409fd669b7f6d7d51feb22f

SHA512
105b9acb75248c3113b87a0881baaee579ca0b9f38f240ee4396ec8f3a228ba767a5c747d4c135deeffe6eadb2a79ab37e66cf18b028c44d496006822043b0c6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34448.exe

Filesize
468KB

MD5
b6bc570a2c5b38ee56258110d6619eab

SHA1
bf70bec428e719f1ba5f9dfe9e29677ba4b96c26

SHA256
14c73e9d1723d239be27aad709f72c92df22eef9593edc9871bfbb747c377480

SHA512
0290b114955a64bb13642cb484da2046cc0644f90b7e4641d17243f5ecb3968dbf678f697a89b83560b63b019a6f458bd7a3ff87cb14dbf9144e379bebb5aca5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36621.exe

Filesize
468KB

MD5
0384f9a139ab98a4307de4aa56abb882

SHA1
eaf1524ea4bb9c12ed06cbdb577ed0f499a36ef9

SHA256
cc57eb1cf06385c56c8527b94967ee6674cc01da955599bf9ca110f980956e70

SHA512
143a12ce2c0ea66a26c681e65e181a62ed88292041b85ecab9b0daff70ebf06716aa30e74d48ea4734c82f1246abea33506c856213266b692c301aed3a03b135

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36882.exe

Filesize
468KB

MD5
d8b5086c501c24e6e6577a4a5fe9629a

SHA1
0edffa6358ba7b7272edd8462371573414be56b3

SHA256
cda36c46c587b7501f82af7e1abc8ca5a818729753e0c4c22f2e505a80b65d93

SHA512
92351d0d2f62595a387cf8df63243e38330810d24586083d38ee4cc58643d5c39962d4581a65eef7f2f98955d74163e3d64d97194a55cd090950889ce87e6b04

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38728.exe

Filesize
468KB

MD5
9d571c6d2f4209c03f36ce10f639ebc9

SHA1
25743163fb68c4b30f8a3f874bdea740a063eba4

SHA256
6b8aadbe4f9f32f7183cf3bf4be3e6efb7c01634a5bfbb99f783488d460b9639

SHA512
aaa083d2de289d8bc2cc69e98ff0f78a7f87faf11527b48aceaadd6bd2e463011e77ec7e49af5d0593b52d3896aeb1a71b2494ea028b392b3ebc1f2bb76f079a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41712.exe

Filesize
468KB

MD5
e257f3b8dc68f728e12b4144ee6e525b

SHA1
06f715c0b348776cd07132625088d44fc642560e

SHA256
8df8a2d8c047c22ea89c7925259da5c377654c48dab2a2487814726958227614

SHA512
a51e2728bd7236afc66fdc16e9898fca655f05e66abf18b65c7b925d8a4416955f8f3acd1680881ec6732c4767a5a71e456998acff7e2a56558acfa110d4dbe5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42424.exe

Filesize
468KB

MD5
be4c619902b89a0ff6dc1350c624b2ff

SHA1
2d62a11f3d945ea8d68a73e9f19f47d4e6a99d67

SHA256
a5d695ab82cdb7da635a98b5cb05ac5843f32c34da1e44115d74fc051c80289f

SHA512
b6317f79842067363373e07469551165ba23020bcafd570851c54a41d32f2dcdbfb4e207477e0d07f93a0a1e45526539e05bf1b39fcc8031530523f8dbcf471a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46513.exe

Filesize
468KB

MD5
0929ea08aa010a1f3d3ee8685ba2db06

SHA1
3c760ce44a554871a3f7a1a0e197c2434c4503f5

SHA256
8819ec782b69adbce0b2d8d12ef2c52d7683d1313cb103a3a482ebd40bb25666

SHA512
09db3370cba38f51c0c0b993bbfef79c7579c1bf9e6ffb3f734075344a943b5c77a0c4874360e3a1db5248d19828471d806dca6ca91b5097fb790347df62e777

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55065.exe

Filesize
468KB

MD5
18bd900fa17b14e7defefeca66947c18

SHA1
218960d00c2a7dd60335bb5b633240a7f0772350

SHA256
7c3525a5c1eb5da5ac9a8695f90c4732de13425fc2c3a9cabdad63bd4ff56dc2

SHA512
bc79b78410089b6d5f3027cca692c2703602e8955c647b9d0e883668cffa7f8df4a7c01f6c64492b246b2daeb01be8cd6dc629f6f66d32bfd79e88f7ac86c2df

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61578.exe

Filesize
468KB

MD5
d04fc7fca2ea73fb120e71547bc0f64f

SHA1
5342e903263e907529f947430fad8646416b304f

SHA256
f5fdf0b2c1940245cccc1c1bf6b931e8b332e8392d47fc9e6eff55c5152a6356

SHA512
286ce1337f9a8485458545961539e0f79dff49abd092a6ea52d01ee5eb692d6acfdf1920fda67a8dcb273f17538b0058de844c9aad13b9fac29f7ce388433b65

Download Submit