bff8ad695a0c7b121c66697b35304cc25742d843170b1b8304b494af683e864f

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27/09/2024, 01:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bff8ad695a0c7b121c66697b35304cc25742d843170b1b8304b494af683e864f.exe
Size

468KB
MD5

8535b5dd7f5197674f4bdc3824ca1c13
SHA1

56f5d210619ccd688d1ab2414c7797784e46fe06
SHA256

bff8ad695a0c7b121c66697b35304cc25742d843170b1b8304b494af683e864f
SHA512

ac7590569b287e59ea35390efe06e3979aa6047abacddb48abcaa8cd986ada58bf060e4e37f608962a588ab334c2f4937e69e2e2f78786c319f8aa8d6c15cd18
SSDEEP

3072:9nuTotIKIG5UMbY1HzhOrfJ/lbmsP0EwnLHewVge7PHLSaKWKklA:9nyowCUM6HlOrf/Nxw7PrNKWK

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2412	Unicorn-18337.exe
2100	Unicorn-59071.exe
2848	Unicorn-23938.exe
2700	Unicorn-15834.exe
2740	Unicorn-44484.exe
2516	Unicorn-58219.exe
2648	Unicorn-64349.exe
2532	Unicorn-1402.exe
2756	Unicorn-21124.exe
344	Unicorn-23969.exe
2812	Unicorn-41566.exe
2836	Unicorn-41566.exe
2804	Unicorn-35436.exe
1988	Unicorn-52837.exe
1712	Unicorn-6900.exe
1800	Unicorn-12827.exe
1612	Unicorn-58473.exe
1952	Unicorn-13761.exe
2332	Unicorn-28863.exe
1148	Unicorn-6667.exe
2380	Unicorn-22732.exe
1744	Unicorn-26533.exe
936	Unicorn-35391.exe
1488	Unicorn-44322.exe
3012	Unicorn-44322.exe
2128	Unicorn-64524.exe
352	Unicorn-62992.exe
628	Unicorn-52101.exe
1532	Unicorn-34815.exe
3044	Unicorn-45775.exe
3004	Unicorn-47322.exe
2984	Unicorn-10435.exe
2856	Unicorn-17888.exe
2980	Unicorn-9261.exe
2912	Unicorn-39398.exe
1588	Unicorn-1577.exe
2420	Unicorn-5381.exe
1292	Unicorn-3091.exe
2372	Unicorn-13038.exe
2616	Unicorn-13038.exe
2688	Unicorn-31331.exe
2568	Unicorn-4876.exe
2992	Unicorn-31404.exe
2644	Unicorn-11310.exe
2336	Unicorn-9234.exe
2492	Unicorn-12078.exe
2508	Unicorn-40707.exe
2312	Unicorn-46837.exe
1892	Unicorn-8242.exe
2732	Unicorn-33708.exe
2832	Unicorn-9976.exe
2000	Unicorn-29650.exe
268	Unicorn-45301.exe
1716	Unicorn-25435.exe
1976	Unicorn-63858.exe
2476	Unicorn-43993.exe
2464	Unicorn-57536.exe
1644	Unicorn-15809.exe
772	Unicorn-55218.exe
1528	Unicorn-36178.exe
2164	Unicorn-34139.exe
700	Unicorn-15041.exe
920	Unicorn-5690.exe
2764	Unicorn-31246.exe

Loads dropped DLL 64 IoCs

pid	Process
2320	bff8ad695a0c7b121c66697b35304cc25742d843170b1b8304b494af683e864f.exe
2320	bff8ad695a0c7b121c66697b35304cc25742d843170b1b8304b494af683e864f.exe
2412	Unicorn-18337.exe
2320	bff8ad695a0c7b121c66697b35304cc25742d843170b1b8304b494af683e864f.exe
2412	Unicorn-18337.exe
2320	bff8ad695a0c7b121c66697b35304cc25742d843170b1b8304b494af683e864f.exe
2848	Unicorn-23938.exe
2848	Unicorn-23938.exe
2412	Unicorn-18337.exe
2412	Unicorn-18337.exe
2100	Unicorn-59071.exe
2100	Unicorn-59071.exe
2320	bff8ad695a0c7b121c66697b35304cc25742d843170b1b8304b494af683e864f.exe
2320	bff8ad695a0c7b121c66697b35304cc25742d843170b1b8304b494af683e864f.exe
2700	Unicorn-15834.exe
2700	Unicorn-15834.exe
2848	Unicorn-23938.exe
2848	Unicorn-23938.exe
2740	Unicorn-44484.exe
2740	Unicorn-44484.exe
2516	Unicorn-58219.exe
2648	Unicorn-64349.exe
2516	Unicorn-58219.exe
2648	Unicorn-64349.exe
2412	Unicorn-18337.exe
2412	Unicorn-18337.exe
2100	Unicorn-59071.exe
2320	bff8ad695a0c7b121c66697b35304cc25742d843170b1b8304b494af683e864f.exe
2100	Unicorn-59071.exe
2320	bff8ad695a0c7b121c66697b35304cc25742d843170b1b8304b494af683e864f.exe
2532	Unicorn-1402.exe
2532	Unicorn-1402.exe
2700	Unicorn-15834.exe
2700	Unicorn-15834.exe
2756	Unicorn-21124.exe
2756	Unicorn-21124.exe
344	Unicorn-23969.exe
344	Unicorn-23969.exe
2740	Unicorn-44484.exe
2740	Unicorn-44484.exe
2848	Unicorn-23938.exe
2848	Unicorn-23938.exe
1712	Unicorn-6900.exe
1712	Unicorn-6900.exe
2320	bff8ad695a0c7b121c66697b35304cc25742d843170b1b8304b494af683e864f.exe
2812	Unicorn-41566.exe
1988	Unicorn-52837.exe
2320	bff8ad695a0c7b121c66697b35304cc25742d843170b1b8304b494af683e864f.exe
2812	Unicorn-41566.exe
1988	Unicorn-52837.exe
2516	Unicorn-58219.exe
2516	Unicorn-58219.exe
2100	Unicorn-59071.exe
2100	Unicorn-59071.exe
2836	Unicorn-41566.exe
2836	Unicorn-41566.exe
1596	WerFault.exe
1596	WerFault.exe
1596	WerFault.exe
1596	WerFault.exe
2412	Unicorn-18337.exe
2412	Unicorn-18337.exe
2648	Unicorn-64349.exe
2648	Unicorn-64349.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1596	2804	WerFault.exe	40

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18368.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17570.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24017.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30400.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57461.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65285.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-198.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6461.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14029.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54933.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30893.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55061.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49977.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33687.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47987.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41520.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36289.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54933.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44484.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15041.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13013.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58950.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57461.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6461.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43944.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57357.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35436.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63463.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23153.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53135.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7883.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14710.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37125.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63974.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23153.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18999.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32227.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54933.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6461.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52837.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13038.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22887.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58950.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3396.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42108.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52995.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29798.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21728.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6667.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61124.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11346.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23713.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18054.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6461.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11342.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37291.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6461.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13278.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18472.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43993.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12469.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25953.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20756.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8023.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2320	bff8ad695a0c7b121c66697b35304cc25742d843170b1b8304b494af683e864f.exe
2412	Unicorn-18337.exe
2100	Unicorn-59071.exe
2848	Unicorn-23938.exe
2700	Unicorn-15834.exe
2740	Unicorn-44484.exe
2516	Unicorn-58219.exe
2648	Unicorn-64349.exe
2532	Unicorn-1402.exe
2756	Unicorn-21124.exe
344	Unicorn-23969.exe
2812	Unicorn-41566.exe
1712	Unicorn-6900.exe
1988	Unicorn-52837.exe
2836	Unicorn-41566.exe
2804	Unicorn-35436.exe
1800	Unicorn-12827.exe
1612	Unicorn-58473.exe
1952	Unicorn-13761.exe
1148	Unicorn-6667.exe
2332	Unicorn-28863.exe
2380	Unicorn-22732.exe
1744	Unicorn-26533.exe
936	Unicorn-35391.exe
3012	Unicorn-44322.exe
1488	Unicorn-44322.exe
352	Unicorn-62992.exe
2128	Unicorn-64524.exe
628	Unicorn-52101.exe
1532	Unicorn-34815.exe
3044	Unicorn-45775.exe
3004	Unicorn-47322.exe
2984	Unicorn-10435.exe
2856	Unicorn-17888.exe
2980	Unicorn-9261.exe
2912	Unicorn-39398.exe
1588	Unicorn-1577.exe
2420	Unicorn-5381.exe
1292	Unicorn-3091.exe
2372	Unicorn-13038.exe
2616	Unicorn-13038.exe
2688	Unicorn-31331.exe
2568	Unicorn-4876.exe
2644	Unicorn-11310.exe
2992	Unicorn-31404.exe
2336	Unicorn-9234.exe
2492	Unicorn-12078.exe
2312	Unicorn-46837.exe
1716	Unicorn-25435.exe
1892	Unicorn-8242.exe
2732	Unicorn-33708.exe
268	Unicorn-45301.exe
2508	Unicorn-40707.exe
2832	Unicorn-9976.exe
1976	Unicorn-63858.exe
2464	Unicorn-57536.exe
2476	Unicorn-43993.exe
2000	Unicorn-29650.exe
1644	Unicorn-15809.exe
772	Unicorn-55218.exe
1528	Unicorn-36178.exe
2164	Unicorn-34139.exe
700	Unicorn-15041.exe
920	Unicorn-5690.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 2412	2320	bff8ad695a0c7b121c66697b35304cc25742d843170b1b8304b494af683e864f.exe	28
PID 2320 wrote to memory of 2412	2320	bff8ad695a0c7b121c66697b35304cc25742d843170b1b8304b494af683e864f.exe	28
PID 2320 wrote to memory of 2412	2320	bff8ad695a0c7b121c66697b35304cc25742d843170b1b8304b494af683e864f.exe	28
PID 2320 wrote to memory of 2412	2320	bff8ad695a0c7b121c66697b35304cc25742d843170b1b8304b494af683e864f.exe	28
PID 2412 wrote to memory of 2100	2412	Unicorn-18337.exe	29
PID 2412 wrote to memory of 2100	2412	Unicorn-18337.exe	29
PID 2412 wrote to memory of 2100	2412	Unicorn-18337.exe	29
PID 2412 wrote to memory of 2100	2412	Unicorn-18337.exe	29
PID 2320 wrote to memory of 2848	2320	bff8ad695a0c7b121c66697b35304cc25742d843170b1b8304b494af683e864f.exe	30
PID 2320 wrote to memory of 2848	2320	bff8ad695a0c7b121c66697b35304cc25742d843170b1b8304b494af683e864f.exe	30
PID 2320 wrote to memory of 2848	2320	bff8ad695a0c7b121c66697b35304cc25742d843170b1b8304b494af683e864f.exe	30
PID 2320 wrote to memory of 2848	2320	bff8ad695a0c7b121c66697b35304cc25742d843170b1b8304b494af683e864f.exe	30
PID 2848 wrote to memory of 2700	2848	Unicorn-23938.exe	31
PID 2848 wrote to memory of 2700	2848	Unicorn-23938.exe	31
PID 2848 wrote to memory of 2700	2848	Unicorn-23938.exe	31
PID 2848 wrote to memory of 2700	2848	Unicorn-23938.exe	31
PID 2412 wrote to memory of 2740	2412	Unicorn-18337.exe	32
PID 2412 wrote to memory of 2740	2412	Unicorn-18337.exe	32
PID 2412 wrote to memory of 2740	2412	Unicorn-18337.exe	32
PID 2412 wrote to memory of 2740	2412	Unicorn-18337.exe	32
PID 2100 wrote to memory of 2648	2100	Unicorn-59071.exe	33
PID 2100 wrote to memory of 2648	2100	Unicorn-59071.exe	33
PID 2100 wrote to memory of 2648	2100	Unicorn-59071.exe	33
PID 2100 wrote to memory of 2648	2100	Unicorn-59071.exe	33
PID 2320 wrote to memory of 2516	2320	bff8ad695a0c7b121c66697b35304cc25742d843170b1b8304b494af683e864f.exe	34
PID 2320 wrote to memory of 2516	2320	bff8ad695a0c7b121c66697b35304cc25742d843170b1b8304b494af683e864f.exe	34
PID 2320 wrote to memory of 2516	2320	bff8ad695a0c7b121c66697b35304cc25742d843170b1b8304b494af683e864f.exe	34
PID 2320 wrote to memory of 2516	2320	bff8ad695a0c7b121c66697b35304cc25742d843170b1b8304b494af683e864f.exe	34
PID 2700 wrote to memory of 2532	2700	Unicorn-15834.exe	35
PID 2700 wrote to memory of 2532	2700	Unicorn-15834.exe	35
PID 2700 wrote to memory of 2532	2700	Unicorn-15834.exe	35
PID 2700 wrote to memory of 2532	2700	Unicorn-15834.exe	35
PID 2848 wrote to memory of 2756	2848	Unicorn-23938.exe	36
PID 2848 wrote to memory of 2756	2848	Unicorn-23938.exe	36
PID 2848 wrote to memory of 2756	2848	Unicorn-23938.exe	36
PID 2848 wrote to memory of 2756	2848	Unicorn-23938.exe	36
PID 2740 wrote to memory of 344	2740	Unicorn-44484.exe	37
PID 2740 wrote to memory of 344	2740	Unicorn-44484.exe	37
PID 2740 wrote to memory of 344	2740	Unicorn-44484.exe	37
PID 2740 wrote to memory of 344	2740	Unicorn-44484.exe	37
PID 2516 wrote to memory of 2812	2516	Unicorn-58219.exe	38
PID 2516 wrote to memory of 2812	2516	Unicorn-58219.exe	38
PID 2516 wrote to memory of 2812	2516	Unicorn-58219.exe	38
PID 2516 wrote to memory of 2812	2516	Unicorn-58219.exe	38
PID 2648 wrote to memory of 2836	2648	Unicorn-64349.exe	39
PID 2648 wrote to memory of 2836	2648	Unicorn-64349.exe	39
PID 2648 wrote to memory of 2836	2648	Unicorn-64349.exe	39
PID 2648 wrote to memory of 2836	2648	Unicorn-64349.exe	39
PID 2412 wrote to memory of 2804	2412	Unicorn-18337.exe	40
PID 2412 wrote to memory of 2804	2412	Unicorn-18337.exe	40
PID 2412 wrote to memory of 2804	2412	Unicorn-18337.exe	40
PID 2412 wrote to memory of 2804	2412	Unicorn-18337.exe	40
PID 2100 wrote to memory of 1988	2100	Unicorn-59071.exe	41
PID 2100 wrote to memory of 1988	2100	Unicorn-59071.exe	41
PID 2100 wrote to memory of 1988	2100	Unicorn-59071.exe	41
PID 2100 wrote to memory of 1988	2100	Unicorn-59071.exe	41
PID 2320 wrote to memory of 1712	2320	bff8ad695a0c7b121c66697b35304cc25742d843170b1b8304b494af683e864f.exe	42
PID 2320 wrote to memory of 1712	2320	bff8ad695a0c7b121c66697b35304cc25742d843170b1b8304b494af683e864f.exe	42
PID 2320 wrote to memory of 1712	2320	bff8ad695a0c7b121c66697b35304cc25742d843170b1b8304b494af683e864f.exe	42
PID 2320 wrote to memory of 1712	2320	bff8ad695a0c7b121c66697b35304cc25742d843170b1b8304b494af683e864f.exe	42
PID 2532 wrote to memory of 1800	2532	Unicorn-1402.exe	43
PID 2532 wrote to memory of 1800	2532	Unicorn-1402.exe	43
PID 2532 wrote to memory of 1800	2532	Unicorn-1402.exe	43
PID 2532 wrote to memory of 1800	2532	Unicorn-1402.exe	43

C:\Users\Admin\AppData\Local\Temp\bff8ad695a0c7b121c66697b35304cc25742d843170b1b8304b494af683e864f.exe
"C:\Users\Admin\AppData\Local\Temp\bff8ad695a0c7b121c66697b35304cc25742d843170b1b8304b494af683e864f.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18337.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18337.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59071.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59071.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64349.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41566.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52101.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33708.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7148.exe
        8⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15187.exe
        8⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23153.exe
        8⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57461.exe
        8⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6461.exe
        8⤵
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50967.exe
        7⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36962.exe
        7⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54366.exe
        7⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37054.exe
        7⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10696.exe
        7⤵
        
        PID:6860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25435.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6360.exe
        7⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13278.exe
        8⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61124.exe
        8⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8164.exe
        8⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45957.exe
        8⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31696.exe
        8⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36896.exe
        7⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7476.exe
        7⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46404.exe
        7⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24531.exe
        7⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50853.exe
        7⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6461.exe
        7⤵
        
        PID:7316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9929.exe
        6⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3957.exe
        7⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15866.exe
        7⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52862.exe
        7⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5931.exe
        7⤵
        
        PID:7232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24759.exe
        6⤵
        
        PID:3420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27600.exe
        6⤵
        
        PID:3884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54366.exe
        6⤵
        
        PID:4688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37822.exe
        6⤵
        
        PID:4500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29798.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45775.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5381.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28711.exe
        7⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56087.exe
        8⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11366.exe
        8⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46894.exe
        8⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7883.exe
        8⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4663.exe
        8⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22350.exe
        7⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17231.exe
        7⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38229.exe
        7⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20756.exe
        7⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6461.exe
        7⤵
        
        PID:7096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24330.exe
        6⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50308.exe
        7⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44374.exe
        7⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36289.exe
        7⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23776.exe
        7⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8459.exe
        7⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54933.exe
        7⤵
        
        PID:7372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9393.exe
        6⤵
        
        PID:2092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27600.exe
        6⤵
        
        PID:4016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36747.exe
        6⤵
        
        PID:4948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37822.exe
        6⤵
        
        PID:4616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30893.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3091.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59655.exe
        6⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9784.exe
        7⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4737.exe
        7⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36289.exe
        7⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38851.exe
        7⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50177.exe
        7⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54933.exe
        7⤵
        
        PID:7248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23525.exe
        6⤵
        
        PID:660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        6⤵
        
        PID:4388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54366.exe
        6⤵
        
        PID:4812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8989.exe
        6⤵
        
        PID:6340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43944.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11834.exe
        5⤵
        
        PID:2656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48599.exe
        6⤵
        
        PID:2488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11366.exe
        6⤵
        
        PID:3512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61948.exe
        6⤵
        
        PID:692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37291.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42108.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37125.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4804.exe
        5⤵
        
        PID:4028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51616.exe
        5⤵
        
        PID:4764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9185.exe
        5⤵
        
        PID:5876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22061.exe
        5⤵
        
        PID:6900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54461.exe
        5⤵
        
        PID:7064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52837.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52837.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44322.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31404.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39312.exe
        7⤵
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30400.exe
        7⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46894.exe
        7⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7883.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54933.exe
        7⤵
        
        PID:6880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51543.exe
        6⤵
        
        PID:1808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36962.exe
        6⤵
        
        PID:4304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48020.exe
        6⤵
        
        PID:5552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48428.exe
        6⤵
        
        PID:6720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49524.exe
        6⤵
        
        PID:6596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9234.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53553.exe
        6⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39265.exe
        7⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6684.exe
        8⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64823.exe
        8⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11477.exe
        8⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56383.exe
        8⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1851.exe
        8⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22260.exe
        8⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53674.exe
        7⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30400.exe
        7⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64491.exe
        7⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34573.exe
        7⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21728.exe
        7⤵
        
        PID:7428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29866.exe
        6⤵
        
        PID:572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36266.exe
        6⤵
        
        PID:3292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11342.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56885.exe
        6⤵
        
        PID:6160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21728.exe
        6⤵
        
        PID:7436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54626.exe
        5⤵
        
        PID:2564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7640.exe
        6⤵
        
        PID:5740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25897.exe
        6⤵
        
        PID:6616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53599.exe
        6⤵
        
        PID:7068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13013.exe
        5⤵
        
        PID:3784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6522.exe
        5⤵
        
        PID:4564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21693.exe
        5⤵
        
        PID:5172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8413.exe
        5⤵
        
        PID:6196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-198.exe
        5⤵
        
        PID:7124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62992.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62992.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55218.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53553.exe
        6⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35466.exe
        7⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11154.exe
        7⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8731.exe
        7⤵
        
        PID:7720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58950.exe
        6⤵
        
        PID:3848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18999.exe
        6⤵
        
        PID:4848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38229.exe
        6⤵
        
        PID:5128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33641.exe
        6⤵
        
        PID:3008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21728.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40890.exe
        5⤵
        
        PID:2560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62703.exe
        6⤵
        
        PID:3128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41520.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32985.exe
        6⤵
        
        PID:5968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58842.exe
        6⤵
        
        PID:4440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21198.exe
        6⤵
        
        PID:6748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7148.exe
        5⤵
        
        PID:3792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10334.exe
        5⤵
        
        PID:4828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34774.exe
        5⤵
        
        PID:5008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52995.exe
        5⤵
        
        PID:6492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27413.exe
        5⤵
        
        PID:8180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36178.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36178.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-977.exe
        5⤵
        
        PID:2544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45628.exe
        5⤵
        
        PID:4320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23153.exe
        5⤵
        
        PID:5324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57461.exe
        5⤵
        
        PID:6524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65475.exe
        5⤵
        
        PID:7744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31512.exe
      4⤵
      PID:2232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55802.exe
        5⤵
        
        PID:3348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16665.exe
        5⤵
        
        PID:3700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25953.exe
        5⤵
        
        PID:4956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16548.exe
        5⤵
        
        PID:5580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5931.exe
        5⤵
        
        PID:7216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53350.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53350.exe
      4⤵
      PID:3756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7052.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7052.exe
      4⤵
      PID:4608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1961.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1961.exe
      4⤵
      PID:5244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10956.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10956.exe
      4⤵
      PID:5040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9561.exe
      4⤵
      PID:6848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44484.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44484.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23969.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23969.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28863.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45301.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39225.exe
        7⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62477.exe
        8⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30400.exe
        8⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64491.exe
        8⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7883.exe
        8⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54933.exe
        8⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64314.exe
        7⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36266.exe
        7⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17708.exe
        7⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50515.exe
        7⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50467.exe
        7⤵
        
        PID:7240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23775.exe
        6⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13278.exe
        7⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61124.exe
        7⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25953.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44197.exe
        7⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54933.exe
        7⤵
        
        PID:7224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49672.exe
        6⤵
        
        PID:3308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36266.exe
        6⤵
        
        PID:3996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23153.exe
        6⤵
        
        PID:5316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57461.exe
        6⤵
        
        PID:6572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6461.exe
        6⤵
        
        PID:7572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43993.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43641.exe
        6⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30029.exe
        7⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23713.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11259.exe
        7⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14596.exe
        7⤵
        
        PID:7364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35936.exe
        6⤵
        
        PID:3316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30400.exe
        6⤵
        
        PID:3188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31627.exe
        6⤵
        
        PID:5220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37291.exe
        6⤵
        
        PID:5296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18612.exe
        6⤵
        
        PID:6740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56883.exe
        5⤵
        
        PID:1556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13278.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61124.exe
        6⤵
        
        PID:4668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42909.exe
        6⤵
        
        PID:4236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8459.exe
        6⤵
        
        PID:6480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54933.exe
        6⤵
        
        PID:7388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13013.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6522.exe
        5⤵
        
        PID:4536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35371.exe
        5⤵
        
        PID:5408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29176.exe
        5⤵
        
        PID:5744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18368.exe
        5⤵
        
        PID:7604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6667.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11310.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29018.exe
        6⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9489.exe
        7⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65214.exe
        7⤵
        
        PID:7868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12469.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36289.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23776.exe
        6⤵
        
        PID:5836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8459.exe
        6⤵
        
        PID:6516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54933.exe
        6⤵
        
        PID:7444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44874.exe
        5⤵
        
        PID:768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26190.exe
        6⤵
        
        PID:2892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        6⤵
        
        PID:4420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6618.exe
        6⤵
        
        PID:3336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56737.exe
        6⤵
        
        PID:5732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50467.exe
        6⤵
        
        PID:7324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49217.exe
        5⤵
        
        PID:2016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27600.exe
        5⤵
        
        PID:3740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54366.exe
        5⤵
        
        PID:4712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37822.exe
        5⤵
        
        PID:4992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15242.exe
        5⤵
        
        PID:8092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40707.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40707.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59478.exe
        5⤵
        
        PID:2652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4737.exe
        5⤵
        
        PID:3332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36289.exe
        5⤵
        
        PID:4192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38851.exe
        5⤵
        
        PID:5928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7883.exe
        5⤵
        
        PID:6220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54933.exe
        5⤵
        
        PID:7256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63463.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63463.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21100.exe
      4⤵
      PID:3104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16953.exe
      4⤵
      PID:4208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15640.exe
      4⤵
      PID:5792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35206.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35206.exe
      4⤵
      PID:916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18368.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35436.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35436.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2804
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34815.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34815.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13038.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13038.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46547.exe
        5⤵
        
        PID:1828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42265.exe
        6⤵
        
        PID:2696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10165.exe
        6⤵
        
        PID:3136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36289.exe
        6⤵
        
        PID:4196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38851.exe
        6⤵
        
        PID:5936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27661.exe
        6⤵
        
        PID:6952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6461.exe
        6⤵
        
        PID:7172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23525.exe
        5⤵
        
        PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18472.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11346.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8989.exe
        5⤵
        
        PID:6408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50467.exe
        5⤵
        
        PID:7516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31865.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31865.exe
      4⤵
      PID:1452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31732.exe
        5⤵
        
        PID:1356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6854.exe
        6⤵
        
        PID:3120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36289.exe
        6⤵
        
        PID:4228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23776.exe
        6⤵
        
        PID:5820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34573.exe
        6⤵
        
        PID:6812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6461.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44113.exe
        5⤵
        
        PID:3080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42154.exe
        5⤵
        
        PID:4436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15110.exe
        5⤵
        
        PID:5776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57461.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6461.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22887.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37303.exe
        5⤵
        
        PID:6776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17869.exe
        5⤵
        
        PID:8112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63309.exe
      4⤵
      PID:4008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12355.exe
      4⤵
      PID:4752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34774.exe
      4⤵
      PID:2460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28984.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28984.exe
      4⤵
      PID:6244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12460.exe
      4⤵
      PID:6640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4876.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4876.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31533.exe
      4⤵
      PID:2384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30400.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30400.exe
      4⤵
      PID:3076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46894.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46894.exe
      4⤵
      PID:5016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7883.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7883.exe
      4⤵
      PID:5704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54933.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54933.exe
      4⤵
      PID:7180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23306.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23306.exe
    3⤵
    PID:1704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6600.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6600.exe
    3⤵
    PID:3708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62355.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62355.exe
    3⤵
    PID:4784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51860.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51860.exe
    3⤵
    PID:6356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21597.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21597.exe
    3⤵
    PID:7712
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23938.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23938.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15834.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15834.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1402.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12827.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47322.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34139.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23256.exe
        8⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30400.exe
        8⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34840.exe
        8⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20756.exe
        8⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32227.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20935.exe
        7⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36266.exe
        7⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23153.exe
        7⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44727.exe
        7⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50467.exe
        7⤵
        
        PID:7284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15041.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17570.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49058.exe
        8⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4737.exe
        8⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36289.exe
        8⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38851.exe
        8⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37291.exe
        8⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34263.exe
        8⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4151.exe
        7⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24139.exe
        7⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39850.exe
        7⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15110.exe
        7⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57461.exe
        7⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6461.exe
        7⤵
        
        PID:7556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47423.exe
        6⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-249.exe
        7⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44613.exe
        7⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58136.exe
        7⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33197.exe
        7⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20822.exe
        7⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26509.exe
        7⤵
        
        PID:7992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58199.exe
        6⤵
        
        PID:3452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27600.exe
        6⤵
        
        PID:3872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54366.exe
        6⤵
        
        PID:4700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30108.exe
        6⤵
        
        PID:6816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24463.exe
        6⤵
        
        PID:7112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10435.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5690.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56087.exe
        7⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10404.exe
        7⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33984.exe
        7⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23776.exe
        7⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25885.exe
        7⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21807.exe
        7⤵
        
        PID:7848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46956.exe
        6⤵
        
        PID:3040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        6⤵
        
        PID:4396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21288.exe
        6⤵
        
        PID:4928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8989.exe
        6⤵
        
        PID:6308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50659.exe
        6⤵
        
        PID:6628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31246.exe
        5⤵
        Executes dropped EXE
        
        PID:2764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28103.exe
        6⤵
        
        PID:2752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30400.exe
        6⤵
        
        PID:3712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14029.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37888.exe
        6⤵
        
        PID:7008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19695.exe
        6⤵
        
        PID:7304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31268.exe
        5⤵
        
        PID:1948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47987.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16953.exe
        5⤵
        
        PID:4276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30716.exe
        5⤵
        
        PID:5980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29176.exe
        5⤵
        
        PID:5612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18368.exe
        5⤵
        
        PID:7592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58473.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58473.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17888.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24440.exe
        6⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3588.exe
        7⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4737.exe
        7⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36289.exe
        7⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38851.exe
        7⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54321.exe
        7⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45823.exe
        7⤵
        
        PID:8040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64771.exe
        6⤵
        
        PID:1400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57942.exe
        6⤵
        
        PID:3216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38229.exe
        6⤵
        
        PID:5200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33641.exe
        6⤵
        
        PID:5504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6461.exe
        6⤵
        
        PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48072.exe
        5⤵
        
        PID:984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39457.exe
        6⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65285.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4737.exe
        7⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36289.exe
        7⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23776.exe
        7⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8459.exe
        7⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54933.exe
        7⤵
        
        PID:7476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6263.exe
        6⤵
        
        PID:828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17231.exe
        6⤵
        
        PID:4100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23153.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57461.exe
        6⤵
        
        PID:6384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6461.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43602.exe
        5⤵
        
        PID:2672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63974.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33488.exe
        5⤵
        
        PID:4212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60890.exe
        5⤵
        
        PID:5140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29752.exe
        5⤵
        
        PID:6680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27413.exe
        5⤵
        
        PID:8172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9261.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21944.exe
        5⤵
        
        PID:2304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14710.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13278.exe
        7⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61124.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41029.exe
        7⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45957.exe
        7⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5931.exe
        7⤵
        
        PID:7000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58950.exe
        6⤵
        
        PID:3908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9322.exe
        6⤵
        
        PID:4600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46894.exe
        6⤵
        
        PID:3024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7883.exe
        6⤵
        
        PID:6204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54933.exe
        6⤵
        
        PID:6896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9152.exe
        5⤵
        
        PID:2548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45213.exe
        6⤵
        
        PID:6864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65214.exe
        6⤵
        
        PID:7856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7148.exe
        5⤵
        
        PID:3748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15187.exe
        5⤵
        
        PID:4448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23153.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57461.exe
        5⤵
        
        PID:6472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6461.exe
        5⤵
        
        PID:7356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11668.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11668.exe
      4⤵
      PID:1780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40801.exe
        5⤵
        
        PID:2200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45628.exe
        5⤵
        
        PID:4328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23153.exe
        5⤵
        
        PID:5340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57461.exe
        5⤵
        
        PID:6416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6461.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38139.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38139.exe
      4⤵
      PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38773.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38773.exe
      4⤵
      PID:3396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34019.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34019.exe
      4⤵
      PID:4240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9185.exe
      4⤵
      PID:5868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23841.exe
      4⤵
      PID:4360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16660.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16660.exe
      4⤵
      PID:7056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21124.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21124.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13761.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13761.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39398.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45950.exe
        6⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13556.exe
        7⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30400.exe
        7⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34840.exe
        7⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56885.exe
        7⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21728.exe
        7⤵
        
        PID:7348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48953.exe
        6⤵
        
        PID:1980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36266.exe
        6⤵
        
        PID:3256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38229.exe
        6⤵
        
        PID:5184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20756.exe
        6⤵
        
        PID:5556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32227.exe
        6⤵
        
        PID:6788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37485.exe
        5⤵
        
        PID:1048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16437.exe
        6⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13278.exe
        7⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61124.exe
        7⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42909.exe
        7⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8459.exe
        7⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54933.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13559.exe
        6⤵
        
        PID:3172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51086.exe
        6⤵
        
        PID:4724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64112.exe
        6⤵
        
        PID:5764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8989.exe
        6⤵
        
        PID:6460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50467.exe
        6⤵
        
        PID:7548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52102.exe
        5⤵
        
        PID:1684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61288.exe
        6⤵
        
        PID:7020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6442.exe
        6⤵
        
        PID:8036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63974.exe
        5⤵
        
        PID:3460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33488.exe
        5⤵
        
        PID:4176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13650.exe
        5⤵
        
        PID:5904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50707.exe
        5⤵
        
        PID:6064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50467.exe
        5⤵
        
        PID:7052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1577.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57351.exe
        5⤵
        
        PID:2280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53146.exe
        6⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24017.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10404.exe
        7⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36097.exe
        7⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38851.exe
        7⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37291.exe
        7⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15161.exe
        7⤵
        
        PID:6884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2973.exe
        6⤵
        
        PID:2888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        6⤵
        
        PID:4404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39290.exe
        6⤵
        
        PID:4528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8413.exe
        6⤵
        
        PID:6060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-198.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32294.exe
        5⤵
        
        PID:1864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13278.exe
        6⤵
        
        PID:3808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61124.exe
        6⤵
        
        PID:4628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42909.exe
        6⤵
        
        PID:2124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8459.exe
        6⤵
        
        PID:6556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54933.exe
        6⤵
        
        PID:7464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7148.exe
        5⤵
        
        PID:3840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15187.exe
        5⤵
        
        PID:4472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5364.exe
        5⤵
        
        PID:4676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20756.exe
        5⤵
        
        PID:4364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32227.exe
        5⤵
        
        PID:6784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55061.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55061.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58040.exe
        5⤵
        
        PID:1672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45628.exe
        5⤵
        
        PID:4288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18305.exe
        5⤵
        
        PID:5368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30108.exe
        5⤵
        
        PID:6804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19442.exe
        5⤵
        
        PID:8084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27023.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27023.exe
      4⤵
      PID:1104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55309.exe
      4⤵
      PID:3400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16953.exe
      4⤵
      PID:4220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15640.exe
      4⤵
      PID:5756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16291.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16291.exe
      4⤵
      PID:5728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18368.exe
      4⤵
      PID:7016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22732.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22732.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13038.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13038.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2473.exe
        5⤵
        
        PID:2520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53553.exe
        6⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13278.exe
        7⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61124.exe
        7⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42909.exe
        7⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50177.exe
        7⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54933.exe
        7⤵
        
        PID:7192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58950.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9322.exe
        6⤵
        
        PID:4580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31819.exe
        6⤵
        
        PID:4768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37291.exe
        6⤵
        
        PID:5660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54933.exe
        6⤵
        
        PID:7292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22141.exe
        5⤵
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29474.exe
        6⤵
        
        PID:4256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15866.exe
        6⤵
        
        PID:5456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52785.exe
        6⤵
        
        PID:6268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8023.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7148.exe
        5⤵
        
        PID:3800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15187.exe
        5⤵
        
        PID:4456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5364.exe
        5⤵
        
        PID:4736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20756.exe
        5⤵
        
        PID:5816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6461.exe
        5⤵
        
        PID:6996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28819.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28819.exe
      4⤵
      PID:2324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7148.exe
        5⤵
        
        PID:3816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15187.exe
        5⤵
        
        PID:4492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5364.exe
        5⤵
        
        PID:4792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20756.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51329.exe
        5⤵
        
        PID:7088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31837.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31837.exe
      4⤵
      PID:684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63974.exe
      4⤵
      PID:3464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25006.exe
      4⤵
      PID:4116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48248.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48248.exe
      4⤵
      PID:5356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46387.exe
      4⤵
      PID:6728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5361.exe
      4⤵
      PID:6944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31331.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31331.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51731.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51731.exe
      4⤵
      PID:552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2029.exe
        5⤵
        
        PID:2796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10404.exe
        5⤵
        
        PID:3052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28508.exe
        5⤵
        
        PID:4480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53135.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57357.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10778.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10778.exe
      4⤵
      PID:3112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
      4⤵
      PID:4412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35371.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35371.exe
      4⤵
      PID:5384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52995.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52995.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27413.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27413.exe
      4⤵
      PID:8188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17357.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17357.exe
    3⤵
    PID:1208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18643.exe
      4⤵
      PID:2556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45628.exe
      4⤵
      PID:4312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23153.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23153.exe
      4⤵
      PID:5264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57461.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57461.exe
      4⤵
      PID:6324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6461.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6461.exe
      4⤵
      PID:7488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62554.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62554.exe
    3⤵
    PID:1272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55839.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55839.exe
    3⤵
    PID:3416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12488.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12488.exe
    3⤵
    PID:4376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54311.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54311.exe
    3⤵
    PID:5804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51860.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51860.exe
    3⤵
    PID:6368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19411.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19411.exe
    3⤵
    PID:7680
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58219.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58219.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41566.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41566.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44322.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44322.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63858.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53553.exe
        6⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36745.exe
        7⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15866.exe
        7⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11259.exe
        7⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14788.exe
        7⤵
        
        PID:6932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58950.exe
        6⤵
        
        PID:3928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9322.exe
        6⤵
        
        PID:4592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46894.exe
        6⤵
        
        PID:4900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37291.exe
        6⤵
        
        PID:5680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4663.exe
        6⤵
        
        PID:6168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33687.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21145.exe
        6⤵
        
        PID:4144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16660.exe
        6⤵
        
        PID:5636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52977.exe
        6⤵
        
        PID:5712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40362.exe
        6⤵
        
        PID:6992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7148.exe
        5⤵
        
        PID:3832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15187.exe
        5⤵
        
        PID:4544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18305.exe
        5⤵
        
        PID:5376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8413.exe
        5⤵
        
        PID:6212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17795.exe
        5⤵
        
        PID:7144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15809.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15809.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53553.exe
        5⤵
        
        PID:2436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12318.exe
        6⤵
        
        PID:4044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64936.exe
        6⤵
        
        PID:4864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42909.exe
        6⤵
        
        PID:5208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8459.exe
        6⤵
        
        PID:6564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54933.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58950.exe
        5⤵
        
        PID:3764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18999.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17708.exe
        5⤵
        
        PID:5156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8989.exe
        5⤵
        
        PID:6424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50467.exe
        5⤵
        
        PID:7404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47423.exe
      4⤵
      PID:884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13278.exe
        5⤵
        
        PID:3972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61124.exe
        5⤵
        
        PID:4652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43506.exe
        5⤵
        
        PID:5412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49985.exe
        5⤵
        
        PID:6260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54933.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13013.exe
      4⤵
      PID:3720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6522.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6522.exe
      4⤵
      PID:4504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54366.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54366.exe
      4⤵
      PID:4836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37822.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37822.exe
      4⤵
      PID:5024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40478.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40478.exe
      4⤵
      PID:7976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64524.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64524.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29650.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29650.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14578.exe
        5⤵
        
        PID:2096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36266.exe
        5⤵
        
        PID:3220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23153.exe
        5⤵
        
        PID:5256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57461.exe
        5⤵
        
        PID:6440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6461.exe
        5⤵
        
        PID:7508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33687.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33687.exe
      4⤵
      PID:2348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18054.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11920.exe
        5⤵
        
        PID:4996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27331.exe
        5⤵
        
        PID:5476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10516.exe
        5⤵
        
        PID:6656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25042.exe
        5⤵
        
        PID:8068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7148.exe
      4⤵
      PID:3824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15187.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15187.exe
      4⤵
      PID:4464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5364.exe
      4⤵
      PID:4696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51639.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51639.exe
      4⤵
      PID:6840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50467.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50467.exe
      4⤵
      PID:7208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57536.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57536.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27845.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27845.exe
      4⤵
      PID:1188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17518.exe
        5⤵
        
        PID:4352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14330.exe
        5⤵
        
        PID:5592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52785.exe
        5⤵
        
        PID:6276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14596.exe
        5⤵
        
        PID:7308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58950.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18999.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18999.exe
      4⤵
      PID:4876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22961.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22961.exe
      4⤵
      PID:5228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20756.exe
      4⤵
      PID:5568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32227.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32227.exe
      4⤵
      PID:7164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49977.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49977.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22576.exe
      4⤵
      PID:4936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42420.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42420.exe
      4⤵
      PID:5664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11259.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11259.exe
      4⤵
      PID:6332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8073.exe
      4⤵
      PID:7736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4348.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4348.exe
    3⤵
    PID:3728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55524.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55524.exe
    3⤵
    PID:4484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5894.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5894.exe
    3⤵
    PID:4888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16291.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16291.exe
    3⤵
    PID:4368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52114.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52114.exe
    3⤵
    PID:8004
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6900.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6900.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26533.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26533.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46837.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46837.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53553.exe
        5⤵
        
        PID:1696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47997.exe
        6⤵
        
        PID:3176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14820.exe
        6⤵
        
        PID:3744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7866.exe
        6⤵
        
        PID:4904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33197.exe
        6⤵
        
        PID:5532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1851.exe
        6⤵
        
        PID:6700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15161.exe
        6⤵
        
        PID:7044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49066.exe
        5⤵
        
        PID:3388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30400.exe
        5⤵
        
        PID:4032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34243.exe
        5⤵
        
        PID:5212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57461.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2674.exe
        5⤵
        
        PID:7628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33687.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33687.exe
      4⤵
      PID:3000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43174.exe
        5⤵
        
        PID:5472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7558.exe
        5⤵
        
        PID:6832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62741.exe
        5⤵
        
        PID:8152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7148.exe
      4⤵
      PID:3864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15187.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15187.exe
      4⤵
      PID:4556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23153.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23153.exe
      4⤵
      PID:5272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20756.exe
      4⤵
      PID:5584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6461.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6461.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9976.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9976.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18643.exe
      4⤵
      PID:1156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30400.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30400.exe
      4⤵
      PID:3224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46894.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46894.exe
      4⤵
      PID:4988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37291.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37291.exe
      4⤵
      PID:2900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38103.exe
      4⤵
      PID:7776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1469.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1469.exe
    3⤵
    PID:2880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27600.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27600.exe
    3⤵
    PID:3508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48020.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48020.exe
    3⤵
    PID:5540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47852.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47852.exe
    3⤵
    PID:6664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49332.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49332.exe
    3⤵
    PID:7728
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35391.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35391.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12078.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12078.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47018.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47018.exe
      4⤵
      PID:1972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45628.exe
      4⤵
      PID:4336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23153.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23153.exe
      4⤵
      PID:5308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57461.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57461.exe
      4⤵
      PID:6580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6461.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6461.exe
      4⤵
      PID:7340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64314.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64314.exe
    3⤵
    PID:1656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58109.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58109.exe
    3⤵
    PID:3476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30934.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30934.exe
    3⤵
    PID:4132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36599.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36599.exe
    3⤵
    PID:5652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6653.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6653.exe
    3⤵
    PID:6752
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8242.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8242.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4386.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4386.exe
    3⤵
    PID:2168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30400.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30400.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14029.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14029.exe
    3⤵
    PID:4704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37291.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37291.exe
    3⤵
    PID:5240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7017.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7017.exe
    3⤵
    PID:7688
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42079.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42079.exe
  2⤵
  PID:2924
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34308.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34308.exe
  2⤵
  PID:3408
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7153.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7153.exe
  2⤵
  PID:4384
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8050.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8050.exe
  2⤵
  PID:5948
- C:\Users\Admin\AppData\Local\Temp\Unicorn-305.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-305.exe
  2⤵
  PID:5624
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3396.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3396.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:7200

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-23969.exe

Filesize
468KB

MD5
6a02575a899bcc4aaa233f9a5e7b944c

SHA1
cd4ad9faebee56707e5c796b713d92f9be9fe560

SHA256
3eedfba2f3c68f28c0d42088ea200ecac868000fe3af06a1ac27932943328f96

SHA512
8f9005ca18cdffbaf68830f96e5bc9b95ea8d4169d9a510c2bcdf5df56c8c8a59cca225c7905db1f491bf71d4d3bd2392944b729d46a34398af84859ddf90891

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24330.exe

Filesize
468KB

MD5
d03563e357b3d3ace54bc922cf9b880e

SHA1
7f130282a6a9cdd4d81fe0f739511325e2ecac45

SHA256
e1a77521a52fbf8f6bc7dcec715ad3ed51104c061287150f8d79560cc8f59749

SHA512
bb0fbd9bf92b3f41d2851039d1fce70ea70d1856e909951cd944079dda30eebbb74c23ccb8c4735f4644ad578fc9989d13cc70e7107834e92cf8a8982335fb1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37054.exe

Filesize
468KB

MD5
3b05be01bddad11951b567c044a6b0dc

SHA1
5026464797cac44e8534b894f11bfe7fa3e5ee47

SHA256
f517d86522d065d2b27f8f58a7f8de2afb7fe943b03412de67d6a4cf85cf4855

SHA512
d6ebba99dd17c37848a9ff6456371b7e0473b8dfc8dd69764c3b11a7cb5907b8e7035291beaebf0e07d0dc0b86951a480360276ef2e7af52aa4c5a2f7aa43c36

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39265.exe

Filesize
468KB

MD5
dd269dd58e030523c69e8e81f7515cdb

SHA1
dae859aeb57ec64c3c044b8082969eb0499928f1

SHA256
3e44821c35a18ac84bea0e727ef360e27fd0b584b4166648039878f3b5b89d18

SHA512
c18ed3b0fcf225fd41c77cfd86c7390b35e62ae8b4e1ab71d5ef6486b3b930b5e060403af5d5fdbcfc2621b95d957bfed887c03951ea6a7109a9e740bd545eb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41566.exe

Filesize
468KB

MD5
fe8f2d6793394cac6e8121ea2b9520a4

SHA1
c108c7ab032ae29cf6dc75e5f39c45e4de08f696

SHA256
cab16aa370129dd7f9b435c6ea9e9a377243b7c1233a96ca04bdd6ef8e6e78ab

SHA512
075b2676fa333428a79c19b4cb7ea12184c8f235f00bdafe7cc2f8a5a08b3a93c72a0a9794a532045451bf35118043728ced69daf053a114a433f72673cd09c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52837.exe

Filesize
468KB

MD5
7b084a931bf0d527d2aaecdefe7445aa

SHA1
f78063a62349582cf81f83ec4cb3ee9b6827933f

SHA256
a5fa19a80af909366a92baa1765cb49d5c6f5f5fc8e236b84374dda75cd479da

SHA512
eb8fe358c1ad1bb13b6acf9c85d054e5fa8dfb47b0c66a3c9f554a177790fd7c700684a7a33bb84bcb5f0810b8d4935df676f952caf00ef287e8b6b74085e43d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8164.exe

Filesize
468KB

MD5
05346927f5a09d591253b07cd0a88660

SHA1
43ac09b014e4a8a3ef03c4b03a6fc4aa1ee33855

SHA256
7dea65d5af6ef34f32da546f925f98a7662444180caf6a3329c4926237271761

SHA512
24323ee44c0f7181503556f0d902c132636a82b94aa2183854dc67a2d57ad8f10030f64ab9d8b51c1d6e967bb9ac351d9fcdc969a16ab33152aa18afc38207a0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12827.exe

Filesize
468KB

MD5
b6c39defdd7d3e31ab330e15d4844db9

SHA1
bcb70fda002438c642c06f39b87dca47f46cf381

SHA256
3d4198a2efb95f6bda2392c6a38dc3bb65ad737783ffb4f0b809a1b71b726fc8

SHA512
d909ba2cb3b048c7b7034c0c99d184ef31deb60f4cb4b4d0c12d80f4f8a7d62a9c977b5c27168e03a4ad3d0be4d0d7c445b5e3b0e106cfe0c43a3a229058162d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13761.exe

Filesize
468KB

MD5
2e3c16f211bfcc1ecfc562d42db76848

SHA1
71eeda43b124ab225bec4d8172f324885569aa06

SHA256
48d9fa0179eb36e41bca675f136c93e216adb76da96c9ac8c2dd60d6a0ef7623

SHA512
c2e2da92effad4333b65bd5d67d48d12ccf874770901744dfe45269932a8ce5dd831e288181759716bec80d316480b94abb28cc93f72210fd5e6ba57b4a3486a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1402.exe

Filesize
468KB

MD5
0703ebb375d9e5d192cc4387fceddb01

SHA1
67766fd0544745318330e56488e44ee5b1d3a2f1

SHA256
cf0c98bbe8b6ef2a1b27ed69a77e2429461bcd5c78f5a87843979dc06ef728e3

SHA512
f965b75c7f02994d1dd5ae7e13d71e0a16993d6833745db9abc55e0b118779462f420425fcf3e965d40600a3998faa062fb4498a62c34de21573f8417aa74b9d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15834.exe

Filesize
468KB

MD5
4ed0ddbcceb714d7f9697e5a73054b6b

SHA1
62583dc2a2c09363cf9b52f61f55d591ed864bc3

SHA256
2524d383c465b7a0c4231179764b19719f9d0f469d988aa8f8dad69d183b40ea

SHA512
1d63112a605f0e303a0119ef3ea6942ec01734631fb271dc06e7d912fd1ad19910f4ca5b982ce1daa5e380a3a9ba2199f74ff451e0447fb61fc89f4445b858d3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18337.exe

Filesize
468KB

MD5
ad1efc5e18aff20a571fe49109a90565

SHA1
eaaa04751c684a77309f3e17fe7d579cd6214043

SHA256
6bc8a498783fddd5aed123659b8502ead8cb095c95dab5951714326b5d3c4303

SHA512
d481f5c556f8ac98abd94ac774f7cf22a63d762fd738fa08031ca381fb20236db33aa1e76d730ff42410a16bcecdb38862db1210aeaddb3b7745746136ff8f67

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21124.exe

Filesize
468KB

MD5
7fac79b06bca745ede85404857624ad0

SHA1
3eafa1e0104bca6502da4a4dc22cfe96f19ab4e8

SHA256
f447bcfa1709376e37ee4356547ab076e06689fbe1be3f8506103e06a7d05e48

SHA512
0c6fa0521d4963cff33f58771f20d380aa1a3100ee3d151036a57effadb17fc6763f4d949f5b4129f3962f79b2b8f3a44d92b2b99f52332916a0299dafb830fd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23938.exe

Filesize
468KB

MD5
1b325dff1f394bf583c16a934a966c55

SHA1
f4e4552e2f1ca49a75326c26e5f8b6ba6ca1f387

SHA256
8c29ab3c93c3d6e8dc9fca67732dfde30a5bf8d04ffd3d05a39384757a0e4065

SHA512
37b98ba7df807d6d7ffc81337514b0ccf8e97c595a8fb6ca1004a253bc33461d4de80b4f31bb7fd35deeac35d8b154820b44bc45919f2d5ade818b2b60dee709

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35436.exe

Filesize
468KB

MD5
18ebdff214b99b9335d0458fff4ba3f6

SHA1
a8da711c898c7f124e417bc9510c921eefd7e103

SHA256
d2c50d231e5f6a195d11e054af95fe2a5ad64371d0dbd82f5161bfa8ced668f0

SHA512
0cae8b61fc48213750224141926c4488e37c832b81f51150f9d1fe786c630edfa9962895e4aba16ee4a75ee08668920c665b581b74c205d3fa3ea5a2c684f6f3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44484.exe

Filesize
468KB

MD5
b35a5b9d062d921b20e3aa7f26292d38

SHA1
d7925fafdcaa58509b56d95ff1a9747f23b528b7

SHA256
43ec25c9da45de784a69c01787d3327b605fbd864121924ffabb76925c50a6d5

SHA512
bd91053d2c47755f5419d6df93288c5d386c945721c449762867569f7733301439dab509892914e34e17b591c9e1b8430aeffe7638427f8d6ca7cc1639ed06bc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58219.exe

Filesize
468KB

MD5
d6afaefa243cfe9982aa1220829f57a0

SHA1
7ffd2888f887e0fa94cfa7a5f435b9247cd3d54d

SHA256
8fa789e0f2870b66672b89d85a539475047f55954d10a8d64ccc5a01c3f84dae

SHA512
d5d077df316a70925634a3bf347e2ea9266e172cfda857802765d6d7bb51da009a8145f14e3b5c814459824beaf53dd6f00d18e8a1b08e295ce9e4b9c1a7e1fa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58473.exe

Filesize
468KB

MD5
25bf46d3c80a3db09c7952162b381e08

SHA1
77f2a56968b1d77013a1ca21691a3ab4b8db1906

SHA256
595a7999e12520112cb3bc34389a259a1a5e4769e4308b9b53c0c05b8a6d4ba6

SHA512
ec8811442cedcd9850bfa82e6bd4222fe3dc85785f1e099a33485f731c633733d54d6c6e139b4c4492e2df19338bda7288e37c48343f8227f0b27749f7e0c749

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59071.exe

Filesize
468KB

MD5
329b8398283ce2f3b407f94bc5938bb5

SHA1
73b85b058dc605cfc25f9cb9cae397ed83ce20f8

SHA256
d05a1b15a74fdc95470caa65f45e4b8aaf3fa607fd783c0d00752ca0b83b5204

SHA512
55b1eef57d7e1174531ca5f5bee500177330b49061c3393d7ed2e5e35b675df1f3314e5f69f57e9ddacb423278dc366831540579c4ce15c5d893d8a0de1f3616

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64349.exe

Filesize
468KB

MD5
1e6146678d7b3ef49ce64e67cb9da77d

SHA1
bbe299fc72a5c2e6fbc8f5c880c0b4dc202e5b8a

SHA256
bc4f2db34935fcf49bd28fd6597b3dab3fd11fe2d5b500cc40a958036949bbbe

SHA512
28614a2865bc5ef93ef51c08b580bd6804b3b3899cf9fc5c401b1679090e0859d8562b2f10d45c045922a38826e3608d43116768b93afd227f936e5ff1396789

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6900.exe

Filesize
468KB

MD5
5542617477071a47e3b98ff6faa0409b

SHA1
67bf9f2fbf51847a5197bb202983f3f9809440c3

SHA256
36be6ec7287ec44003dd15f07bb92e3a54f0f5c557a8fe1b1dc1582df6e18b02

SHA512
2af6e7a12d32d55abaa28b8c8b4bbe2d85a4fd116d0e6c1c34354afc55bfb69f56b40e79fd684d737a80c965ab8421c30d7a8b69961f30e815934b80c47ab140

Download Submit