a4e1e84c0f6673a684012b4eac55d0d02f30eb82ad742f00dd49f686f0cb0720

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25/09/2024, 23:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a4e1e84c0f6673a684012b4eac55d0d02f30eb82ad742f00dd49f686f0cb0720N.exe
Size

468KB
MD5

0dc2757c0c54c21e12385da2096ddbb0
SHA1

8db266e87a97a968ce4b947247c22044190037f2
SHA256

a4e1e84c0f6673a684012b4eac55d0d02f30eb82ad742f00dd49f686f0cb0720
SHA512

38959d29375f0c6a62edb6a84dad9e5719eacfa691effa71ce8230119c87ea6f395f156b018a520dc0dc85718341833fe545293c59ddd2d87cc4bbae12d7f7b1
SSDEEP

3072:p8ACogIjIU57tbY6PzcjYf/TsChC7IagBRHQRV1M1GHLFO4FQglH:p81oac7tVP4jYf+/bK1Grc4FQ

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2056	Unicorn-36698.exe
2544	Unicorn-42967.exe
2676	Unicorn-35161.exe
2856	Unicorn-64347.exe
2816	Unicorn-6978.exe
2500	Unicorn-4932.exe
2884	Unicorn-52650.exe
2672	Unicorn-46148.exe
2164	Unicorn-1031.exe
2408	Unicorn-46703.exe
1920	Unicorn-11892.exe
868	Unicorn-19981.exe
2028	Unicorn-25847.exe
1276	Unicorn-26112.exe
1380	Unicorn-19589.exe
2840	Unicorn-20719.exe
2928	Unicorn-20719.exe
2236	Unicorn-24057.exe
2228	Unicorn-47170.exe
408	Unicorn-62951.exe
2576	Unicorn-9666.exe
1336	Unicorn-32779.exe
612	Unicorn-42431.exe
1928	Unicorn-13750.exe
1640	Unicorn-26195.exe
1396	Unicorn-65089.exe
1544	Unicorn-56159.exe
880	Unicorn-24148.exe
1044	Unicorn-19707.exe
2328	Unicorn-56127.exe
2116	Unicorn-13703.exe
1884	Unicorn-896.exe
3036	Unicorn-33660.exe
1588	Unicorn-23162.exe
2312	Unicorn-39791.exe
2440	Unicorn-27347.exe
2084	Unicorn-58073.exe
2272	Unicorn-41637.exe
3012	Unicorn-26399.exe
2720	Unicorn-62601.exe
2644	Unicorn-63348.exe
1880	Unicorn-25845.exe
2624	Unicorn-25845.exe
2616	Unicorn-54525.exe
2908	Unicorn-60390.exe
2184	Unicorn-42181.exe
1800	Unicorn-20692.exe
2696	Unicorn-62716.exe
872	Unicorn-45004.exe
1504	Unicorn-25138.exe
1208	Unicorn-23192.exe
1988	Unicorn-43058.exe
1764	Unicorn-35444.exe
2692	Unicorn-33328.exe
2972	Unicorn-33063.exe
2168	Unicorn-6685.exe
2920	Unicorn-7240.exe
1008	Unicorn-1640.exe
964	Unicorn-41880.exe
944	Unicorn-35850.exe
1984	Unicorn-15984.exe
896	Unicorn-64530.exe
1980	Unicorn-25544.exe
3024	Unicorn-13654.exe

Loads dropped DLL 64 IoCs

pid	Process
2548	a4e1e84c0f6673a684012b4eac55d0d02f30eb82ad742f00dd49f686f0cb0720N.exe
2548	a4e1e84c0f6673a684012b4eac55d0d02f30eb82ad742f00dd49f686f0cb0720N.exe
2056	Unicorn-36698.exe
2056	Unicorn-36698.exe
2548	a4e1e84c0f6673a684012b4eac55d0d02f30eb82ad742f00dd49f686f0cb0720N.exe
2548	a4e1e84c0f6673a684012b4eac55d0d02f30eb82ad742f00dd49f686f0cb0720N.exe
2544	Unicorn-42967.exe
2544	Unicorn-42967.exe
2676	Unicorn-35161.exe
2676	Unicorn-35161.exe
2056	Unicorn-36698.exe
2056	Unicorn-36698.exe
2548	a4e1e84c0f6673a684012b4eac55d0d02f30eb82ad742f00dd49f686f0cb0720N.exe
2548	a4e1e84c0f6673a684012b4eac55d0d02f30eb82ad742f00dd49f686f0cb0720N.exe
2856	Unicorn-64347.exe
2856	Unicorn-64347.exe
2816	Unicorn-6978.exe
2544	Unicorn-42967.exe
2816	Unicorn-6978.exe
2544	Unicorn-42967.exe
2676	Unicorn-35161.exe
2676	Unicorn-35161.exe
2548	a4e1e84c0f6673a684012b4eac55d0d02f30eb82ad742f00dd49f686f0cb0720N.exe
2548	a4e1e84c0f6673a684012b4eac55d0d02f30eb82ad742f00dd49f686f0cb0720N.exe
2056	Unicorn-36698.exe
2056	Unicorn-36698.exe
2884	Unicorn-52650.exe
2884	Unicorn-52650.exe
2672	Unicorn-46148.exe
2672	Unicorn-46148.exe
2856	Unicorn-64347.exe
2500	Unicorn-4932.exe
2500	Unicorn-4932.exe
2856	Unicorn-64347.exe
2164	Unicorn-1031.exe
2164	Unicorn-1031.exe
2816	Unicorn-6978.exe
2816	Unicorn-6978.exe
1276	Unicorn-26112.exe
1276	Unicorn-26112.exe
2408	Unicorn-46703.exe
2408	Unicorn-46703.exe
2884	Unicorn-52650.exe
2884	Unicorn-52650.exe
2544	Unicorn-42967.exe
2544	Unicorn-42967.exe
2028	Unicorn-25847.exe
2028	Unicorn-25847.exe
1920	Unicorn-11892.exe
1920	Unicorn-11892.exe
2548	a4e1e84c0f6673a684012b4eac55d0d02f30eb82ad742f00dd49f686f0cb0720N.exe
868	Unicorn-19981.exe
2548	a4e1e84c0f6673a684012b4eac55d0d02f30eb82ad742f00dd49f686f0cb0720N.exe
868	Unicorn-19981.exe
2676	Unicorn-35161.exe
2676	Unicorn-35161.exe
2056	Unicorn-36698.exe
2056	Unicorn-36698.exe
1380	Unicorn-19589.exe
1380	Unicorn-19589.exe
2672	Unicorn-46148.exe
2672	Unicorn-46148.exe
2840	Unicorn-20719.exe
2840	Unicorn-20719.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
592	1552	WerFault.exe	98
2564	2644	WerFault.exe	71

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20727.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37915.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11045.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55964.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20488.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9857.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34859.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-484.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24148.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16262.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-484.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-896.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32284.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4769.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26556.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14560.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42247.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17110.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38128.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13845.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14795.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25539.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1057.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34003.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64347.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19792.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1450.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4132.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21978.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23645.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62203.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25868.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57091.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26556.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45689.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25539.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26112.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48377.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54393.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42722.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22017.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13845.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26556.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57886.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9784.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51885.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56074.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25845.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12383.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46749.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57356.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11117.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3924.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20727.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33038.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62203.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56127.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33063.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37863.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-110.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64539.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14402.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17048.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56052.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2548	a4e1e84c0f6673a684012b4eac55d0d02f30eb82ad742f00dd49f686f0cb0720N.exe
2056	Unicorn-36698.exe
2544	Unicorn-42967.exe
2676	Unicorn-35161.exe
2856	Unicorn-64347.exe
2816	Unicorn-6978.exe
2500	Unicorn-4932.exe
2884	Unicorn-52650.exe
2672	Unicorn-46148.exe
2164	Unicorn-1031.exe
2028	Unicorn-25847.exe
1920	Unicorn-11892.exe
868	Unicorn-19981.exe
1276	Unicorn-26112.exe
2408	Unicorn-46703.exe
1380	Unicorn-19589.exe
2840	Unicorn-20719.exe
2928	Unicorn-20719.exe
2236	Unicorn-24057.exe
2228	Unicorn-47170.exe
408	Unicorn-62951.exe
2576	Unicorn-9666.exe
1336	Unicorn-32779.exe
612	Unicorn-42431.exe
1928	Unicorn-13750.exe
1396	Unicorn-65089.exe
1044	Unicorn-19707.exe
1640	Unicorn-26195.exe
880	Unicorn-24148.exe
1544	Unicorn-56159.exe
2328	Unicorn-56127.exe
2116	Unicorn-13703.exe
1884	Unicorn-896.exe
3036	Unicorn-33660.exe
1588	Unicorn-23162.exe
2312	Unicorn-39791.exe
2084	Unicorn-58073.exe
2440	Unicorn-27347.exe
3012	Unicorn-26399.exe
2272	Unicorn-41637.exe
2720	Unicorn-62601.exe
2624	Unicorn-25845.exe
2644	Unicorn-63348.exe
1880	Unicorn-25845.exe
2616	Unicorn-54525.exe
2908	Unicorn-60390.exe
2184	Unicorn-42181.exe
1800	Unicorn-20692.exe
2696	Unicorn-62716.exe
872	Unicorn-45004.exe
1504	Unicorn-25138.exe
1208	Unicorn-23192.exe
1988	Unicorn-43058.exe
1764	Unicorn-35444.exe
2168	Unicorn-6685.exe
2972	Unicorn-33063.exe
2692	Unicorn-33328.exe
2920	Unicorn-7240.exe
1008	Unicorn-1640.exe
964	Unicorn-41880.exe
1984	Unicorn-15984.exe
944	Unicorn-35850.exe
1980	Unicorn-25544.exe
896	Unicorn-64530.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2548 wrote to memory of 2056	2548	a4e1e84c0f6673a684012b4eac55d0d02f30eb82ad742f00dd49f686f0cb0720N.exe	30
PID 2548 wrote to memory of 2056	2548	a4e1e84c0f6673a684012b4eac55d0d02f30eb82ad742f00dd49f686f0cb0720N.exe	30
PID 2548 wrote to memory of 2056	2548	a4e1e84c0f6673a684012b4eac55d0d02f30eb82ad742f00dd49f686f0cb0720N.exe	30
PID 2548 wrote to memory of 2056	2548	a4e1e84c0f6673a684012b4eac55d0d02f30eb82ad742f00dd49f686f0cb0720N.exe	30
PID 2056 wrote to memory of 2544	2056	Unicorn-36698.exe	31
PID 2056 wrote to memory of 2544	2056	Unicorn-36698.exe	31
PID 2056 wrote to memory of 2544	2056	Unicorn-36698.exe	31
PID 2056 wrote to memory of 2544	2056	Unicorn-36698.exe	31
PID 2548 wrote to memory of 2676	2548	a4e1e84c0f6673a684012b4eac55d0d02f30eb82ad742f00dd49f686f0cb0720N.exe	32
PID 2548 wrote to memory of 2676	2548	a4e1e84c0f6673a684012b4eac55d0d02f30eb82ad742f00dd49f686f0cb0720N.exe	32
PID 2548 wrote to memory of 2676	2548	a4e1e84c0f6673a684012b4eac55d0d02f30eb82ad742f00dd49f686f0cb0720N.exe	32
PID 2548 wrote to memory of 2676	2548	a4e1e84c0f6673a684012b4eac55d0d02f30eb82ad742f00dd49f686f0cb0720N.exe	32
PID 2544 wrote to memory of 2856	2544	Unicorn-42967.exe	34
PID 2544 wrote to memory of 2856	2544	Unicorn-42967.exe	34
PID 2544 wrote to memory of 2856	2544	Unicorn-42967.exe	34
PID 2544 wrote to memory of 2856	2544	Unicorn-42967.exe	34
PID 2676 wrote to memory of 2816	2676	Unicorn-35161.exe	35
PID 2676 wrote to memory of 2816	2676	Unicorn-35161.exe	35
PID 2676 wrote to memory of 2816	2676	Unicorn-35161.exe	35
PID 2676 wrote to memory of 2816	2676	Unicorn-35161.exe	35
PID 2056 wrote to memory of 2884	2056	Unicorn-36698.exe	36
PID 2056 wrote to memory of 2884	2056	Unicorn-36698.exe	36
PID 2056 wrote to memory of 2884	2056	Unicorn-36698.exe	36
PID 2056 wrote to memory of 2884	2056	Unicorn-36698.exe	36
PID 2548 wrote to memory of 2500	2548	a4e1e84c0f6673a684012b4eac55d0d02f30eb82ad742f00dd49f686f0cb0720N.exe	37
PID 2548 wrote to memory of 2500	2548	a4e1e84c0f6673a684012b4eac55d0d02f30eb82ad742f00dd49f686f0cb0720N.exe	37
PID 2548 wrote to memory of 2500	2548	a4e1e84c0f6673a684012b4eac55d0d02f30eb82ad742f00dd49f686f0cb0720N.exe	37
PID 2548 wrote to memory of 2500	2548	a4e1e84c0f6673a684012b4eac55d0d02f30eb82ad742f00dd49f686f0cb0720N.exe	37
PID 2856 wrote to memory of 2672	2856	Unicorn-64347.exe	38
PID 2856 wrote to memory of 2672	2856	Unicorn-64347.exe	38
PID 2856 wrote to memory of 2672	2856	Unicorn-64347.exe	38
PID 2856 wrote to memory of 2672	2856	Unicorn-64347.exe	38
PID 2816 wrote to memory of 2164	2816	Unicorn-6978.exe	39
PID 2816 wrote to memory of 2164	2816	Unicorn-6978.exe	39
PID 2816 wrote to memory of 2164	2816	Unicorn-6978.exe	39
PID 2816 wrote to memory of 2164	2816	Unicorn-6978.exe	39
PID 2544 wrote to memory of 2408	2544	Unicorn-42967.exe	40
PID 2544 wrote to memory of 2408	2544	Unicorn-42967.exe	40
PID 2544 wrote to memory of 2408	2544	Unicorn-42967.exe	40
PID 2544 wrote to memory of 2408	2544	Unicorn-42967.exe	40
PID 2676 wrote to memory of 1920	2676	Unicorn-35161.exe	41
PID 2676 wrote to memory of 1920	2676	Unicorn-35161.exe	41
PID 2676 wrote to memory of 1920	2676	Unicorn-35161.exe	41
PID 2676 wrote to memory of 1920	2676	Unicorn-35161.exe	41
PID 2548 wrote to memory of 2028	2548	a4e1e84c0f6673a684012b4eac55d0d02f30eb82ad742f00dd49f686f0cb0720N.exe	42
PID 2548 wrote to memory of 2028	2548	a4e1e84c0f6673a684012b4eac55d0d02f30eb82ad742f00dd49f686f0cb0720N.exe	42
PID 2548 wrote to memory of 2028	2548	a4e1e84c0f6673a684012b4eac55d0d02f30eb82ad742f00dd49f686f0cb0720N.exe	42
PID 2548 wrote to memory of 2028	2548	a4e1e84c0f6673a684012b4eac55d0d02f30eb82ad742f00dd49f686f0cb0720N.exe	42
PID 2056 wrote to memory of 868	2056	Unicorn-36698.exe	43
PID 2056 wrote to memory of 868	2056	Unicorn-36698.exe	43
PID 2056 wrote to memory of 868	2056	Unicorn-36698.exe	43
PID 2056 wrote to memory of 868	2056	Unicorn-36698.exe	43
PID 2884 wrote to memory of 1276	2884	Unicorn-52650.exe	44
PID 2884 wrote to memory of 1276	2884	Unicorn-52650.exe	44
PID 2884 wrote to memory of 1276	2884	Unicorn-52650.exe	44
PID 2884 wrote to memory of 1276	2884	Unicorn-52650.exe	44
PID 2672 wrote to memory of 1380	2672	Unicorn-46148.exe	45
PID 2672 wrote to memory of 1380	2672	Unicorn-46148.exe	45
PID 2672 wrote to memory of 1380	2672	Unicorn-46148.exe	45
PID 2672 wrote to memory of 1380	2672	Unicorn-46148.exe	45
PID 2500 wrote to memory of 2840	2500	Unicorn-4932.exe	47
PID 2500 wrote to memory of 2840	2500	Unicorn-4932.exe	47
PID 2500 wrote to memory of 2840	2500	Unicorn-4932.exe	47
PID 2500 wrote to memory of 2840	2500	Unicorn-4932.exe	47

C:\Users\Admin\AppData\Local\Temp\a4e1e84c0f6673a684012b4eac55d0d02f30eb82ad742f00dd49f686f0cb0720N.exe
"C:\Users\Admin\AppData\Local\Temp\a4e1e84c0f6673a684012b4eac55d0d02f30eb82ad742f00dd49f686f0cb0720N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2548
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36698.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36698.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42967.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42967.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64347.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64347.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46148.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19589.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56127.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41880.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29903.exe
        9⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27677.exe
        10⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21978.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14795.exe
        10⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11117.exe
        10⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62203.exe
        10⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27437.exe
        9⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4769.exe
        9⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26556.exe
        9⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57356.exe
        9⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8802.exe
        9⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38407.exe
        8⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29771.exe
        8⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10115.exe
        8⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6873.exe
        8⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43316.exe
        8⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43548.exe
        8⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15984.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5310.exe
        8⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4769.exe
        8⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26556.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57356.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8802.exe
        8⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4059.exe
        7⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50971.exe
        7⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22053.exe
        7⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56074.exe
        7⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8630.exe
        7⤵
        
        PID:6784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13703.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35850.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40972.exe
        8⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13976.exe
        8⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20690.exe
        8⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-484.exe
        8⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25337.exe
        8⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63731.exe
        7⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1969.exe
        7⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43584.exe
        7⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61410.exe
        7⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16682.exe
        7⤵
        
        PID:7016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64530.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5310.exe
        7⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32284.exe
        7⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14795.exe
        7⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11117.exe
        7⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62203.exe
        7⤵
        
        PID:6056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5045.exe
        6⤵
        
        PID:2728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43220.exe
        6⤵
        
        PID:3760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60997.exe
        6⤵
        
        PID:4100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2982.exe
        6⤵
        
        PID:5136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41202.exe
        6⤵
        
        PID:5228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20719.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39791.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49856.exe
        7⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38128.exe
        8⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32284.exe
        8⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14795.exe
        8⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11117.exe
        8⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62203.exe
        8⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18262.exe
        7⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46020.exe
        7⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4132.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2452.exe
        7⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6773.exe
        7⤵
        
        PID:2652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62855.exe
        6⤵
        
        PID:1552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 188
        7⤵
        Program crash
        
        PID:592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46435.exe
        6⤵
        
        PID:2364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51885.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42722.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18332.exe
        6⤵
        
        PID:5484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14560.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23162.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47910.exe
        6⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46296.exe
        7⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4769.exe
        7⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26556.exe
        7⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57356.exe
        7⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8802.exe
        7⤵
        
        PID:6360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63731.exe
        6⤵
        
        PID:3092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51885.exe
        6⤵
        
        PID:3704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42722.exe
        6⤵
        
        PID:4236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20727.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27923.exe
        6⤵
        
        PID:5964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37915.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19509.exe
        6⤵
        
        PID:1648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32284.exe
        6⤵
        
        PID:3960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27047.exe
        6⤵
        
        PID:4364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45928.exe
        6⤵
        
        PID:4784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-750.exe
        6⤵
        
        PID:5900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27490.exe
        5⤵
        
        PID:2076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26684.exe
        5⤵
        
        PID:3720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43252.exe
        5⤵
        
        PID:4328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16262.exe
        5⤵
        
        PID:4900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1057.exe
        5⤵
        
        PID:6024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46703.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9666.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45004.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42491.exe
        7⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44158.exe
        8⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4769.exe
        8⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26556.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57356.exe
        8⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8802.exe
        8⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31997.exe
        7⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51885.exe
        7⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55550.exe
        7⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24619.exe
        7⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27923.exe
        7⤵
        
        PID:5956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56227.exe
        6⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27916.exe
        7⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62674.exe
        7⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60727.exe
        7⤵
        
        PID:5828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35637.exe
        6⤵
        
        PID:3848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1450.exe
        6⤵
        
        PID:4656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8236.exe
        6⤵
        
        PID:4684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17403.exe
        6⤵
        
        PID:5448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9765.exe
        6⤵
        
        PID:6812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23192.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47474.exe
        6⤵
        
        PID:2668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6799.exe
        6⤵
        
        PID:3928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26730.exe
        6⤵
        
        PID:3136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9857.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20727.exe
        6⤵
        
        PID:4752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27923.exe
        6⤵
        
        PID:5832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43674.exe
        5⤵
        
        PID:1936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43220.exe
        5⤵
        
        PID:3672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60997.exe
        5⤵
        
        PID:3440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2982.exe
        5⤵
        
        PID:5148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41202.exe
        5⤵
        
        PID:5424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42431.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28511.exe
        5⤵
        
        PID:2944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5310.exe
        6⤵
        
        PID:2632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4769.exe
        6⤵
        
        PID:3632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26556.exe
        6⤵
        
        PID:4404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57356.exe
        6⤵
        
        PID:5384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8802.exe
        6⤵
        
        PID:6328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4059.exe
        5⤵
        
        PID:2380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50971.exe
        5⤵
        
        PID:3560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18420.exe
        5⤵
        
        PID:4536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36355.exe
        5⤵
        
        PID:5496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64539.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33063.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33063.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47474.exe
        5⤵
        
        PID:2612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6799.exe
        5⤵
        
        PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4250.exe
        5⤵
        
        PID:4592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10878.exe
        5⤵
        
        PID:4912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3552.exe
        5⤵
        
        PID:5264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23210.exe
        5⤵
        
        PID:6736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53126.exe
      4⤵
      PID:2956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54458.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54458.exe
      4⤵
      PID:4060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54393.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54393.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41653.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41653.exe
      4⤵
      PID:5040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40067.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40067.exe
      4⤵
      PID:6088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52650.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52650.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26112.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62951.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62601.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48377.exe
        7⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55362.exe
        8⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15922.exe
        8⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20690.exe
        8⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-484.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25337.exe
        8⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-110.exe
        7⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29657.exe
        7⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26556.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57356.exe
        7⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12136.exe
        7⤵
        
        PID:6540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28511.exe
        6⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61060.exe
        7⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55964.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60156.exe
        7⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34003.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13845.exe
        6⤵
        
        PID:3284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1450.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20488.exe
        6⤵
        
        PID:4824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17403.exe
        6⤵
        
        PID:5880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22017.exe
        6⤵
        
        PID:6928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63348.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2644
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 240
        6⤵
        Program crash
        
        PID:2564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42247.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27200.exe
        6⤵
        
        PID:5784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14402.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19710.exe
        5⤵
        
        PID:3292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8383.exe
        5⤵
        
        PID:3088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1355.exe
        5⤵
        
        PID:4272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57886.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4337.exe
        5⤵
        
        PID:6252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32779.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32779.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39306.exe
        6⤵
        
        PID:2808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6799.exe
        6⤵
        
        PID:3944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4250.exe
        6⤵
        
        PID:4616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10878.exe
        6⤵
        
        PID:1952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16873.exe
        6⤵
        
        PID:5944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46710.exe
        6⤵
        
        PID:7156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17110.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2446.exe
        6⤵
        
        PID:6588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8256.exe
        5⤵
        
        PID:4080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10115.exe
        5⤵
        
        PID:4568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2213.exe
        5⤵
        
        PID:4708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52554.exe
        5⤵
        
        PID:5256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31296.exe
        5⤵
        
        PID:6836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54525.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48377.exe
        5⤵
        
        PID:848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5310.exe
        6⤵
        
        PID:812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4769.exe
        6⤵
        
        PID:3800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26556.exe
        6⤵
        
        PID:4444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57356.exe
        6⤵
        
        PID:5328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8802.exe
        6⤵
        
        PID:6184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63731.exe
        5⤵
        
        PID:3080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51885.exe
        5⤵
        
        PID:3676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42722.exe
        5⤵
        
        PID:4312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20727.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27923.exe
        5⤵
        
        PID:5980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48112.exe
      4⤵
      PID:1056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14179.exe
        5⤵
        
        PID:5912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14402.exe
        5⤵
        
        PID:6376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11045.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11045.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39102.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39102.exe
      4⤵
      PID:4056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18420.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18420.exe
      4⤵
      PID:4284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36355.exe
      4⤵
      PID:5644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64539.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64539.exe
      4⤵
      PID:6192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19981.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19981.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65089.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65089.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43058.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48377.exe
        6⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45113.exe
        7⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56052.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39824.exe
        7⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25539.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43018.exe
        7⤵
        
        PID:7028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-110.exe
        6⤵
        
        PID:3348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58438.exe
        6⤵
        
        PID:3416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38970.exe
        6⤵
        
        PID:2220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-338.exe
        6⤵
        
        PID:5920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63776.exe
        6⤵
        
        PID:7108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28511.exe
        5⤵
        
        PID:2924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16852.exe
        6⤵
        
        PID:3808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44703.exe
        6⤵
        
        PID:3504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47635.exe
        6⤵
        
        PID:724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16873.exe
        6⤵
        
        PID:5896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13845.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47775.exe
        5⤵
        
        PID:3132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17890.exe
        5⤵
        
        PID:4120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17403.exe
        5⤵
        
        PID:5724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22017.exe
        5⤵
        
        PID:6980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35444.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48377.exe
        5⤵
        
        PID:1652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33038.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14402.exe
        6⤵
        
        PID:5444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-110.exe
        5⤵
        
        PID:3300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11183.exe
        5⤵
        
        PID:4076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26556.exe
        5⤵
        
        PID:4372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57356.exe
        5⤵
        
        PID:5332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8802.exe
        5⤵
        
        PID:6336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42247.exe
      4⤵
      PID:2044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52596.exe
        5⤵
        
        PID:3420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56052.exe
        5⤵
        
        PID:4584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27571.exe
        5⤵
        
        PID:4704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25539.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51186.exe
        5⤵
        
        PID:7144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19710.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19710.exe
      4⤵
      PID:3252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26857.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26857.exe
      4⤵
      PID:4020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1355.exe
      4⤵
      PID:4300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57886.exe
      4⤵
      PID:5564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50807.exe
      4⤵
      PID:6520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19707.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19707.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42181.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42181.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48377.exe
        5⤵
        
        PID:2968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20018.exe
        6⤵
        
        PID:5612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38522.exe
        6⤵
        
        PID:6028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-110.exe
        5⤵
        
        PID:3340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10115.exe
        5⤵
        
        PID:4560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2213.exe
        5⤵
        
        PID:4880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-338.exe
        5⤵
        
        PID:5840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43548.exe
        5⤵
        
        PID:6972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28511.exe
      4⤵
      PID:1096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5310.exe
        5⤵
        
        PID:3000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4769.exe
        5⤵
        
        PID:3580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26556.exe
        5⤵
        
        PID:4532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57356.exe
        5⤵
        
        PID:5400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8802.exe
        5⤵
        
        PID:6244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64717.exe
      4⤵
      PID:2804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1969.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1969.exe
      4⤵
      PID:3956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1355.exe
      4⤵
      PID:4492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61410.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61410.exe
      4⤵
      PID:5848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59660.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59660.exe
      4⤵
      PID:7116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62716.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62716.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48377.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48377.exe
      4⤵
      PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60396.exe
        5⤵
        
        PID:4416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30219.exe
        5⤵
        
        PID:5300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34276.exe
        5⤵
        
        PID:5824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-110.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-110.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27711.exe
      4⤵
      PID:2080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26556.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26556.exe
      4⤵
      PID:4232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57356.exe
      4⤵
      PID:5676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8802.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8802.exe
      4⤵
      PID:6232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43907.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43907.exe
    3⤵
    PID:3068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18798.exe
      4⤵
      PID:3728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62985.exe
      4⤵
      PID:1528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20690.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20690.exe
      4⤵
      PID:4192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-484.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-484.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25337.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25337.exe
      4⤵
      PID:6412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11575.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11575.exe
    3⤵
    PID:3236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52919.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52919.exe
    3⤵
    PID:3532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57091.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57091.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35220.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35220.exe
    3⤵
    PID:5636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41003.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41003.exe
    3⤵
    PID:6152
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35161.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35161.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6978.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6978.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1031.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1031.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24057.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58073.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38180.exe
        7⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38128.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4769.exe
        8⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26556.exe
        8⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57356.exe
        8⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8802.exe
        8⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50982.exe
        7⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10634.exe
        7⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17890.exe
        7⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17403.exe
        7⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22017.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3924.exe
        6⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38128.exe
        7⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32284.exe
        7⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14795.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17802.exe
        7⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23877.exe
        7⤵
        
        PID:5720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17489.exe
        6⤵
        
        PID:2524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43220.exe
        6⤵
        
        PID:3752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60997.exe
        6⤵
        
        PID:4116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2982.exe
        6⤵
        
        PID:5156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41202.exe
        6⤵
        
        PID:6064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26399.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54516.exe
        6⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5310.exe
        7⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32284.exe
        7⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27047.exe
        7⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45928.exe
        7⤵
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23308.exe
        7⤵
        
        PID:2068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9949.exe
        6⤵
        
        PID:2208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1450.exe
        6⤵
        
        PID:4672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20488.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17403.exe
        6⤵
        
        PID:5692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22017.exe
        6⤵
        
        PID:6988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46440.exe
        5⤵
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38128.exe
        6⤵
        
        PID:1536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32284.exe
        6⤵
        
        PID:3840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14795.exe
        6⤵
        
        PID:4164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11117.exe
        6⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27392.exe
        6⤵
        
        PID:5952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37863.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43220.exe
        5⤵
        
        PID:3656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26186.exe
        5⤵
        
        PID:4220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37793.exe
        5⤵
        
        PID:5172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6392.exe
        5⤵
        
        PID:5940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47170.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27347.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54324.exe
        6⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37423.exe
        7⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22762.exe
        7⤵
        
        PID:5528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64386.exe
        6⤵
        
        PID:1440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46020.exe
        6⤵
        
        PID:3640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23645.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61350.exe
        6⤵
        
        PID:5568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49988.exe
        6⤵
        
        PID:6000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28511.exe
        5⤵
        
        PID:2860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35902.exe
        6⤵
        
        PID:3896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56052.exe
        6⤵
        
        PID:4632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5013.exe
        6⤵
        
        PID:4896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12217.exe
        6⤵
        
        PID:5236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30765.exe
        6⤵
        
        PID:6860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13845.exe
        5⤵
        
        PID:3220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17048.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17890.exe
        5⤵
        
        PID:4184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17403.exe
        5⤵
        
        PID:5712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22017.exe
        5⤵
        
        PID:6964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41637.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41637.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33904.exe
        5⤵
        
        PID:2112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47194.exe
        6⤵
        
        PID:3464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18522.exe
        6⤵
        
        PID:4972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37262.exe
        6⤵
        
        PID:4952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6773.exe
        6⤵
        
        PID:6036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63426.exe
        5⤵
        
        PID:332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46020.exe
        5⤵
        
        PID:3740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20660.exe
        5⤵
        
        PID:4108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2452.exe
        5⤵
        
        PID:940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45667.exe
        5⤵
        
        PID:5276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54059.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54059.exe
      4⤵
      PID:2872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19976.exe
        5⤵
        
        PID:3400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62985.exe
        5⤵
        
        PID:3116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20690.exe
        5⤵
        
        PID:4124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16873.exe
        5⤵
        
        PID:5760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3924.exe
        5⤵
        
        PID:7092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9784.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9784.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2499.exe
      4⤵
      PID:3604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62427.exe
      4⤵
      PID:4692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31020.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31020.exe
      4⤵
      PID:5456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3202.exe
      4⤵
      PID:6368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11892.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11892.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26195.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20692.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42491.exe
        6⤵
        
        PID:2400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29771.exe
        6⤵
        
        PID:3860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10115.exe
        6⤵
        
        PID:4552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37023.exe
        6⤵
        
        PID:4840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-338.exe
        6⤵
        
        PID:5792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43548.exe
        6⤵
        
        PID:6996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28511.exe
        5⤵
        
        PID:2684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34600.exe
        6⤵
        
        PID:5988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14402.exe
        6⤵
        
        PID:6268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13845.exe
        5⤵
        
        PID:3228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35523.exe
        5⤵
        
        PID:3176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17890.exe
        5⤵
        
        PID:4276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40820.exe
        5⤵
        
        PID:5504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
        5⤵
        
        PID:6284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25138.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25138.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42020.exe
        5⤵
        
        PID:2088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32284.exe
        5⤵
        
        PID:3904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14795.exe
        5⤵
        
        PID:5076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11117.exe
        5⤵
        
        PID:5188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62203.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58448.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58448.exe
      4⤵
      PID:2904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51885.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51885.exe
      4⤵
      PID:3684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7911.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7911.exe
      4⤵
      PID:5060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51454.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51454.exe
      4⤵
      PID:5124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62733.exe
      4⤵
      PID:6072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24148.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24148.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42491.exe
        5⤵
        
        PID:2996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14121.exe
        5⤵
        
        PID:4048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1450.exe
        5⤵
        
        PID:4576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8236.exe
        5⤵
        
        PID:4488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17403.exe
        5⤵
        
        PID:5432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9765.exe
        5⤵
        
        PID:6796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28511.exe
      4⤵
      PID:2204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12383.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18522.exe
        5⤵
        
        PID:4964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2452.exe
        5⤵
        
        PID:4992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6773.exe
        5⤵
        
        PID:6032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13845.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13845.exe
      4⤵
      PID:3324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33577.exe
      4⤵
      PID:3972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17890.exe
      4⤵
      PID:5056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40820.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40820.exe
      4⤵
      PID:5592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60390.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60390.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4879.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4879.exe
      4⤵
      PID:2212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55289.exe
      4⤵
      PID:3364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4250.exe
      4⤵
      PID:4608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10878.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10878.exe
      4⤵
      PID:4864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3552.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3552.exe
      4⤵
      PID:5284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14230.exe
      4⤵
      PID:6844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55264.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55264.exe
    3⤵
    PID:1580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54458.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54458.exe
    3⤵
    PID:4068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1980.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1980.exe
    3⤵
    PID:4496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46749.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46749.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56074.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56074.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20882.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20882.exe
    3⤵
    PID:7004
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4932.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4932.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20719.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20719.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-896.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-896.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25544.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5310.exe
        6⤵
        
        PID:2980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4769.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26556.exe
        6⤵
        
        PID:4508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57356.exe
        6⤵
        
        PID:5316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8802.exe
        6⤵
        
        PID:6320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9949.exe
        5⤵
        
        PID:1932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46020.exe
        5⤵
        
        PID:3768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34859.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37262.exe
        5⤵
        
        PID:4832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6773.exe
        5⤵
        
        PID:2276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13654.exe
      4⤵
      Executes dropped EXE
      PID:3024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4132.exe
        5⤵
        
        PID:3148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3696.exe
        5⤵
        
        PID:3832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14795.exe
        5⤵
        
        PID:5100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11117.exe
        5⤵
        
        PID:5196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62203.exe
        5⤵
        
        PID:6128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23684.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23684.exe
      4⤵
      PID:892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1969.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1969.exe
      4⤵
      PID:3588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1355.exe
      4⤵
      PID:4460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57886.exe
      4⤵
      PID:5480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4337.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4337.exe
      4⤵
      PID:6168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33660.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33660.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19130.exe
      4⤵
      PID:2156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19976.exe
        5⤵
        
        PID:3392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4250.exe
        5⤵
        
        PID:4600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45689.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16873.exe
        5⤵
        
        PID:5768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3924.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63042.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63042.exe
      4⤵
      PID:2864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46020.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46020.exe
      4⤵
      PID:3608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51387.exe
      4⤵
      PID:4196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37262.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37262.exe
      4⤵
      PID:5092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10857.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10857.exe
      4⤵
      PID:6016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43561.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43561.exe
    3⤵
    PID:1900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3317.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3317.exe
      4⤵
      PID:3044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4769.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4769.exe
      4⤵
      PID:3624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26556.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26556.exe
      4⤵
      PID:4428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57356.exe
      4⤵
      PID:5368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61917.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61917.exe
    3⤵
    PID:2332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26684.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26684.exe
    3⤵
    PID:3648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43252.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43252.exe
    3⤵
    PID:4204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16262.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16262.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1057.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1057.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5996
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25847.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25847.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13750.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13750.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6685.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6685.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48377.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12767.exe
        6⤵
        
        PID:3772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65507.exe
        6⤵
        
        PID:4240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26720.exe
        6⤵
        
        PID:4732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-484.exe
        6⤵
        
        PID:5580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25337.exe
        6⤵
        
        PID:6436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-110.exe
        5⤵
        
        PID:3308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29657.exe
        5⤵
        
        PID:3208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26556.exe
        5⤵
        
        PID:4356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57356.exe
        5⤵
        
        PID:5608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8802.exe
        5⤵
        
        PID:6276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28511.exe
      4⤵
      PID:2636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5310.exe
        5⤵
        
        PID:2792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4769.exe
        5⤵
        
        PID:3828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26556.exe
        5⤵
        
        PID:4412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57356.exe
        5⤵
        
        PID:5392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8802.exe
        5⤵
        
        PID:6224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19792.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19792.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51885.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51885.exe
      4⤵
      PID:3696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42722.exe
      4⤵
      PID:4320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20727.exe
      4⤵
      PID:4748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1280.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1280.exe
      4⤵
      PID:5744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7240.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7240.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8579.exe
      4⤵
      PID:2660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32372.exe
      4⤵
      PID:3980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18522.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18522.exe
      4⤵
      PID:4916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1267.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1267.exe
      4⤵
      PID:5468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13340.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13340.exe
      4⤵
      PID:5544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55926.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55926.exe
    3⤵
    PID:3064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36680.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36680.exe
    3⤵
    PID:3200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1450.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1450.exe
    3⤵
    PID:4664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51215.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51215.exe
    3⤵
    PID:1828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17403.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17403.exe
    3⤵
    PID:5856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22017.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22017.exe
    3⤵
    PID:6936
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56159.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56159.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33328.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33328.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48377.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48377.exe
      4⤵
      PID:2432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26665.exe
        5⤵
        
        PID:3916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56052.exe
        5⤵
        
        PID:4624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15969.exe
        5⤵
        
        PID:5348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21938.exe
        5⤵
        
        PID:4948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-110.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-110.exe
      4⤵
      PID:3244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29657.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29657.exe
      4⤵
      PID:3168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26556.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26556.exe
      4⤵
      PID:4392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57356.exe
      4⤵
      PID:5548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8802.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8802.exe
      4⤵
      PID:6260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28511.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28511.exe
    3⤵
    PID:1996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61242.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61242.exe
      4⤵
      PID:5928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14402.exe
      4⤵
      PID:6392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13845.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13845.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35523.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35523.exe
    3⤵
    PID:3216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17890.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17890.exe
    3⤵
    PID:4216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40820.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40820.exe
    3⤵
    PID:5652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
    3⤵
    PID:6176
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1640.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1640.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38128.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38128.exe
    3⤵
    PID:628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32284.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32284.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14795.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14795.exe
    3⤵
    PID:3128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11117.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11117.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62203.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62203.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5088
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29728.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29728.exe
  2⤵
  PID:2596
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22219.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22219.exe
  2⤵
  PID:3572
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51196.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51196.exe
  2⤵
  PID:4128
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45853.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45853.exe
  2⤵
  PID:4868
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12331.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12331.exe
  2⤵
  PID:6040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1031.exe

Filesize
468KB

MD5
13e3a68c54ef9ab8ac60b6aadf753bf5

SHA1
221b2f19efe0745419cef8ddc8c33cb859761efe

SHA256
7241c9ae808774b3da8db3f4a75dec719cad59cf8190d3040444dfeddd063c46

SHA512
82bbfb039e00e36f9816d3e94dc66873d1b47e3bab5bf47cdde45fed98cfe38bd356d9404831b9dddffb940774d10330853182c651e1169fc0796a6d3ec4cb1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19981.exe

Filesize
468KB

MD5
7ef41e442575bdd270b16edf679df4e2

SHA1
100ea317c475d136e1a462df59024b586a486122

SHA256
0ba775bb4047d6cec7953528645a963db17f2c3b61562f224f56f46344e16b7c

SHA512
182d37d88c3e769f0001e30078d46d3a0008b72cf8b30839c0d80e459c1a06e9d2e3f38cf711e27903d0f0e0d903577a0d342381c42f7deef64f6e68d1cd6a8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20719.exe

Filesize
468KB

MD5
fe3f3f3302e1c8582a213ef8398a293c

SHA1
9fb0d0b45031ef8a51eae8f555686269872f23aa

SHA256
8bcb3b8d142816a089f3317bac9a2f9da0836a2c4817ec530dc9bf2ef4f2095b

SHA512
7108d360362000f601753018ba00fd5d71e67f7fc663f1afeeb8c7922e414dc193efe3f626c73010f7fdae4c080290565c34e39c531b04da8d9f0c7fa25b6b25

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4932.exe

Filesize
468KB

MD5
ee206f9da64ecf2fc504de8262f89be4

SHA1
3ec164b62e25cc66bd22f54ba3907fac77a72624

SHA256
ebb900d3b9a07725e22f4601e2394230cf835ad884d41b1714a9bd9065e37705

SHA512
df4b8f30582b297f4f5906c91be628e83a292e2b4e1fd9f6befde8f17dc4e7a5d76efdbcfb4e373766e0a88ed638b0c496c56249f15b3c4c756f3befb3074d70

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64347.exe

Filesize
468KB

MD5
34cfae7bef0330485fbdf92cb26d430a

SHA1
82f6b1d85a0384555433bd3ba14079c1fcbf6342

SHA256
46a3586e88b6110e5967d0bbfb5f89ead03bcf15948d53116932e35c2141ef8a

SHA512
1b0ec5c72efcc20000b169d6bf041fc8c2bea54bca46366aac810b177c2485fbcf6c71bfd9566020ac855e117bfa478d176ef4b7af7c3cde6b4c3f9638e45179

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6978.exe

Filesize
468KB

MD5
ed02e8f23c51ad060691f268ac2ac379

SHA1
4e4a9d0d8fcbb3a6d43c9af7c4005dd9d6537e80

SHA256
935baafa6e633271db89be9ad8ad409e8c5c4610409953eb551dcf7b0d737e76

SHA512
835caf4f46a5dbbfb63f18c0c9998b5a8d7a1a82223f709d53a0897264c556b5bdb666230ad0af68e6efd469aa8c7f35e4b7c9a8ff605647ad17df69c308261f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11892.exe

Filesize
468KB

MD5
da83938a73770f838951d21acc551375

SHA1
690292f414b5a0102261ca9cd75cdf20b6299ada

SHA256
a48b5262178b3e531c53db8ee3569b7118c28f0b3cabc2affaaaea28d78779ba

SHA512
862d9d2ebdcfc918580ad340a3b96be5566968e4dc3589a7a44a60ad6432311b14c0519d76e8a696957c5cbe63c82139d5c88e027425d97c93cf008c3f0bf150

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19589.exe

Filesize
468KB

MD5
adde50d5a7c8b5a9491f7ddf780deb96

SHA1
e63ff53f4bfa529da8e893a2db3510f974d29d85

SHA256
42edc808bd344eec94f01173c0311ea50e532773e9340c07ffd36bffbb222293

SHA512
ccf9506fbaf357b7ea17b32f7314b76d9c5a0e9a411ed5c8eecc775e49444e8e0cad888798e39aaf56b567d3d1a54b693ee46a51f09aec7d7b42a112ba1a8eb8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24057.exe

Filesize
468KB

MD5
c010e56b6adc90b7f5a63941c80141dc

SHA1
0cdc56e1643d40b6c76f7c28f2163daf4698efe7

SHA256
fc7733bc46bff9f5bd127613443b49bf61784d056613e0ae6b7d58dfa61d618c

SHA512
7dbbda6d7b525f5f9c0c3ce9bdeea4488a054dfa3e52e62237f0b9c840b31f505a3672d1464f39a209863568b8052da17b2e92cb889111344b1bba5aa05a6579

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25847.exe

Filesize
468KB

MD5
bf376708246f625da3aba77d0994bba2

SHA1
985ea5b47aef2e479a8efdd9e015302dee55aea7

SHA256
6541864744a1b8878bfe38f79863a1aba50b8f04ebb9755f10c0e49b6958193b

SHA512
27b70766d7d2c21ea2227679a2684263667804cce21df7528ec96b4a294ab84703e5b2a5698b155d10b860f29471d71a790689a4e91174052da4bd10a2f50fc3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26112.exe

Filesize
468KB

MD5
e6e5e8b5008ce04de4312a777f2abdd8

SHA1
372972f28d088d70acdf9109e1e3be33a2751e7d

SHA256
c1d110ce7f4f441e271cb7fef759b47900cf83bc3ecd7e00bf9223d82597e080

SHA512
371b848ee1d888f82dbfc6d144496869d12367ccbd320e3fb50f2a41de1f219c76b106a21028aead40db637c606910205f51d7ef33e998eca3808972a1c2e709

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35161.exe

Filesize
468KB

MD5
e7a2cd81b271abdaaeb27ec164b02cef

SHA1
2091d5cb6b9f4f5908ee9622c672d8e2a6788d19

SHA256
c518d8833617ad70b676c4f6cd74eef80915b4f1bbaaf5643329264347763e87

SHA512
9b2159baa7b11bfdce53e46c266e43014fcd7a31c94077ba20ef97dd30773f07dc7849db99ee29f0abc597e8cbb04f5ebab935c9fb2f58eb97ecef777653e552

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36698.exe

Filesize
468KB

MD5
bf5138215da41546731fd8bf037329d3

SHA1
74492b2b57367aa68a8af76e4680a1ba9a7487de

SHA256
bb391ef01864643b6b9ad72dbb748a7e4cbee510db6c186eb97accfa8e464572

SHA512
967291376758b3a0337cafc6e348d01e52e3ba2132888fb8bce6c9110d6a1dc2c12a11b29834f23fc7e3a4ad66588404066f6797f2321c03fcf3b0d38d9f2135

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42967.exe

Filesize
468KB

MD5
e2fa5631669485625d63a4603b65df64

SHA1
e6f55c93c1604f51dd7770f5939acb0df67df5a2

SHA256
45d00fec23a16714572f41982a085cf0906ad0bed50a52af453aa8600b93ac04

SHA512
81074e08847e5d77423d982348f09b1fa7a6ea9682864d06f929a989165488402dc8b5983a1a74f96fe7627573a5f7b8478453f66cf24f4a9c515f86579f3d1c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46148.exe

Filesize
468KB

MD5
728b6a1be07ed68102cb86b717677e6f

SHA1
9a8ea28bc51ffd4e9ce1444cc2013510f14cdb77

SHA256
34e5755556d5f40f7a7ecc54fe82464ddc1767c91568da0c4e573e7bf8afc569

SHA512
9ddb0401ada9aad8a23dd256a5f0f15bc8a3532898853a7863a4b00bf1ffead97b850b3c3c0d997fac18c3925a4ad34477eaad0e174bff962be151fd1920fa59

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46703.exe

Filesize
468KB

MD5
fd393bebf1964f3c6651de48e38a0c34

SHA1
be7d78e29e19596b09c8ecc313be2e0b281c3bbe

SHA256
7617c32e686c1d1f20af7fe8dcdd257496744aaaab2e3b660d17030d49d816c0

SHA512
12f04a2ce026f1860634dc63897256308b3883c9f004a396020a6cdd318df3bed5fbaad1c44df50e9375336638fe7f30ba163c3bb1dbc6449a70539f239240ae

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52650.exe

Filesize
468KB

MD5
a9251a387435ebf542ae8db0bae43910

SHA1
275522d1aff110ebeaa9998bf76bada9cfd6bcf8

SHA256
c2bc3fc7db8c9d64e5e18fb1e9e6791bb10d5ec65926581636a81213bd227d37

SHA512
945ee8859324806fd410f35b74b2742f2a24711f6e67fe679102fb5d8b7a6205e80bd967e9e053d90c04f1d083c36dcd17d4f71d39b0886a968785e84604b3a0

Download Submit