3e6cd629266925d9b2980e77fe8c4b03218887d80fbef6f96c030a4677f25946

Analysis

max time kernel
149s
max time network
124s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
27/09/2024, 20:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3e6cd629266925d9b2980e77fe8c4b03218887d80fbef6f96c030a4677f25946.exe
Size

468KB
MD5

3552f2ebc548ee7471ebbc2a1d402405
SHA1

b233aaaacd796d534c5d9bbe91332b343ac910ab
SHA256

3e6cd629266925d9b2980e77fe8c4b03218887d80fbef6f96c030a4677f25946
SHA512

9bfff216da7f298a0e402d912d252c3e30710a89ad7261b5d616ef657f732d6675293cc0598876bb3f4240d583abe9e5c383dcf08470ec751c95317d7cc10a06
SSDEEP

3072:KqtnoweNjj8UjbYYfz5jYf5EChSvmpLnmHeJFsYn1psXLfcPNUflW:KqJoVQUjzf1jYfgmdB1ps7EPNU

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1932	Unicorn-2452.exe
2812	Unicorn-3054.exe
2752	Unicorn-57730.exe
1836	Unicorn-52660.exe
2500	Unicorn-26018.exe
3000	Unicorn-43100.exe
2196	Unicorn-22025.exe
2216	Unicorn-54881.exe
2188	Unicorn-49982.exe
2828	Unicorn-22785.exe
2564	Unicorn-8949.exe
1848	Unicorn-32899.exe
2904	Unicorn-38664.exe
1960	Unicorn-36983.exe
2592	Unicorn-32798.exe
2148	Unicorn-57678.exe
2092	Unicorn-7086.exe
800	Unicorn-63900.exe
1764	Unicorn-59624.exe
2856	Unicorn-53494.exe
540	Unicorn-41704.exe
1716	Unicorn-32982.exe
2460	Unicorn-6239.exe
1808	Unicorn-49894.exe
376	Unicorn-22987.exe
1148	Unicorn-58062.exe
1680	Unicorn-27336.exe
1564	Unicorn-27890.exe
1676	Unicorn-47756.exe
2420	Unicorn-27890.exe
2652	Unicorn-12183.exe
2672	Unicorn-3599.exe
2552	Unicorn-38772.exe
2624	Unicorn-52416.exe
940	Unicorn-9437.exe
1820	Unicorn-35815.exe
2600	Unicorn-43432.exe
2220	Unicorn-11082.exe
108	Unicorn-1845.exe
2692	Unicorn-23335.exe
2888	Unicorn-50340.exe
2696	Unicorn-14974.exe
1548	Unicorn-8844.exe
528	Unicorn-27227.exe
760	Unicorn-21096.exe
1884	Unicorn-8523.exe
600	Unicorn-64715.exe
2180	Unicorn-53647.exe
1524	Unicorn-21636.exe
924	Unicorn-3262.exe
888	Unicorn-42157.exe
1812	Unicorn-36489.exe
1064	Unicorn-40573.exe
2968	Unicorn-13376.exe
1692	Unicorn-13376.exe
1560	Unicorn-28321.exe
2684	Unicorn-58036.exe
2848	Unicorn-30267.exe
2568	Unicorn-50133.exe
1220	Unicorn-28242.exe
2192	Unicorn-58877.exe
2292	Unicorn-30843.exe
2876	Unicorn-40403.exe
544	Unicorn-17744.exe

Loads dropped DLL 64 IoCs

pid	Process
2596	3e6cd629266925d9b2980e77fe8c4b03218887d80fbef6f96c030a4677f25946.exe
2596	3e6cd629266925d9b2980e77fe8c4b03218887d80fbef6f96c030a4677f25946.exe
1932	Unicorn-2452.exe
2596	3e6cd629266925d9b2980e77fe8c4b03218887d80fbef6f96c030a4677f25946.exe
1932	Unicorn-2452.exe
2596	3e6cd629266925d9b2980e77fe8c4b03218887d80fbef6f96c030a4677f25946.exe
2752	Unicorn-57730.exe
2752	Unicorn-57730.exe
2812	Unicorn-3054.exe
2812	Unicorn-3054.exe
1932	Unicorn-2452.exe
2596	3e6cd629266925d9b2980e77fe8c4b03218887d80fbef6f96c030a4677f25946.exe
1932	Unicorn-2452.exe
2596	3e6cd629266925d9b2980e77fe8c4b03218887d80fbef6f96c030a4677f25946.exe
1836	Unicorn-52660.exe
1836	Unicorn-52660.exe
2752	Unicorn-57730.exe
2752	Unicorn-57730.exe
2500	Unicorn-26018.exe
2500	Unicorn-26018.exe
2812	Unicorn-3054.exe
2812	Unicorn-3054.exe
2196	Unicorn-22025.exe
2196	Unicorn-22025.exe
1932	Unicorn-2452.exe
2596	3e6cd629266925d9b2980e77fe8c4b03218887d80fbef6f96c030a4677f25946.exe
2596	3e6cd629266925d9b2980e77fe8c4b03218887d80fbef6f96c030a4677f25946.exe
3000	Unicorn-43100.exe
3000	Unicorn-43100.exe
1932	Unicorn-2452.exe
2216	Unicorn-54881.exe
2216	Unicorn-54881.exe
1836	Unicorn-52660.exe
1836	Unicorn-52660.exe
2188	Unicorn-49982.exe
2188	Unicorn-49982.exe
2828	Unicorn-22785.exe
2828	Unicorn-22785.exe
2752	Unicorn-57730.exe
2752	Unicorn-57730.exe
2500	Unicorn-26018.exe
2500	Unicorn-26018.exe
2564	Unicorn-8949.exe
2564	Unicorn-8949.exe
2812	Unicorn-3054.exe
2812	Unicorn-3054.exe
2592	Unicorn-32798.exe
2592	Unicorn-32798.exe
1932	Unicorn-2452.exe
1932	Unicorn-2452.exe
1960	Unicorn-36983.exe
1960	Unicorn-36983.exe
1848	Unicorn-32899.exe
1848	Unicorn-32899.exe
2196	Unicorn-22025.exe
3000	Unicorn-43100.exe
2904	Unicorn-38664.exe
2596	3e6cd629266925d9b2980e77fe8c4b03218887d80fbef6f96c030a4677f25946.exe
3000	Unicorn-43100.exe
2196	Unicorn-22025.exe
2904	Unicorn-38664.exe
2596	3e6cd629266925d9b2980e77fe8c4b03218887d80fbef6f96c030a4677f25946.exe
2148	Unicorn-57678.exe
2148	Unicorn-57678.exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31204.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60946.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14533.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48694.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18033.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26284.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41814.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27742.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48270.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35815.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50792.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33342.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4010.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25715.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51485.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5943.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11082.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22915.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12848.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17745.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50408.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21096.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61238.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23342.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51485.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42820.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17215.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15060.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8844.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51944.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33932.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42820.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35584.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17745.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17215.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3054.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53625.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51228.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16674.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10809.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10376.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17745.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36210.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45227.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65431.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43350.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8009.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1682.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19681.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63688.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6239.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50412.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-680.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17215.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25881.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28098.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23992.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33342.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35942.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11810.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34651.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17745.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17215.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18337.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2596	3e6cd629266925d9b2980e77fe8c4b03218887d80fbef6f96c030a4677f25946.exe
1932	Unicorn-2452.exe
2752	Unicorn-57730.exe
2812	Unicorn-3054.exe
1836	Unicorn-52660.exe
2500	Unicorn-26018.exe
2196	Unicorn-22025.exe
3000	Unicorn-43100.exe
2216	Unicorn-54881.exe
2188	Unicorn-49982.exe
2828	Unicorn-22785.exe
2564	Unicorn-8949.exe
2904	Unicorn-38664.exe
1960	Unicorn-36983.exe
2592	Unicorn-32798.exe
1848	Unicorn-32899.exe
2148	Unicorn-57678.exe
2092	Unicorn-7086.exe
800	Unicorn-63900.exe
1764	Unicorn-59624.exe
2856	Unicorn-53494.exe
540	Unicorn-41704.exe
1716	Unicorn-32982.exe
2460	Unicorn-6239.exe
1808	Unicorn-49894.exe
1680	Unicorn-27336.exe
376	Unicorn-22987.exe
1148	Unicorn-58062.exe
1676	Unicorn-47756.exe
2420	Unicorn-27890.exe
1564	Unicorn-27890.exe
2652	Unicorn-12183.exe
2672	Unicorn-3599.exe
2552	Unicorn-38772.exe
2624	Unicorn-52416.exe
940	Unicorn-9437.exe
1820	Unicorn-35815.exe
2220	Unicorn-11082.exe
2600	Unicorn-43432.exe
108	Unicorn-1845.exe
2692	Unicorn-23335.exe
2888	Unicorn-50340.exe
528	Unicorn-27227.exe
1548	Unicorn-8844.exe
2696	Unicorn-14974.exe
760	Unicorn-21096.exe
1884	Unicorn-8523.exe
600	Unicorn-64715.exe
1064	Unicorn-40573.exe
924	Unicorn-3262.exe
888	Unicorn-42157.exe
1812	Unicorn-36489.exe
2968	Unicorn-13376.exe
2180	Unicorn-53647.exe
1524	Unicorn-21636.exe
1692	Unicorn-13376.exe
2568	Unicorn-50133.exe
1560	Unicorn-28321.exe
1220	Unicorn-28242.exe
2848	Unicorn-30267.exe
2684	Unicorn-58036.exe
2192	Unicorn-58877.exe
544	Unicorn-17744.exe
2876	Unicorn-40403.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2596 wrote to memory of 1932	2596	3e6cd629266925d9b2980e77fe8c4b03218887d80fbef6f96c030a4677f25946.exe	30
PID 2596 wrote to memory of 1932	2596	3e6cd629266925d9b2980e77fe8c4b03218887d80fbef6f96c030a4677f25946.exe	30
PID 2596 wrote to memory of 1932	2596	3e6cd629266925d9b2980e77fe8c4b03218887d80fbef6f96c030a4677f25946.exe	30
PID 2596 wrote to memory of 1932	2596	3e6cd629266925d9b2980e77fe8c4b03218887d80fbef6f96c030a4677f25946.exe	30
PID 2596 wrote to memory of 2812	2596	3e6cd629266925d9b2980e77fe8c4b03218887d80fbef6f96c030a4677f25946.exe	32
PID 2596 wrote to memory of 2812	2596	3e6cd629266925d9b2980e77fe8c4b03218887d80fbef6f96c030a4677f25946.exe	32
PID 2596 wrote to memory of 2812	2596	3e6cd629266925d9b2980e77fe8c4b03218887d80fbef6f96c030a4677f25946.exe	32
PID 2596 wrote to memory of 2812	2596	3e6cd629266925d9b2980e77fe8c4b03218887d80fbef6f96c030a4677f25946.exe	32
PID 1932 wrote to memory of 2752	1932	Unicorn-2452.exe	31
PID 1932 wrote to memory of 2752	1932	Unicorn-2452.exe	31
PID 1932 wrote to memory of 2752	1932	Unicorn-2452.exe	31
PID 1932 wrote to memory of 2752	1932	Unicorn-2452.exe	31
PID 2752 wrote to memory of 1836	2752	Unicorn-57730.exe	33
PID 2752 wrote to memory of 1836	2752	Unicorn-57730.exe	33
PID 2752 wrote to memory of 1836	2752	Unicorn-57730.exe	33
PID 2752 wrote to memory of 1836	2752	Unicorn-57730.exe	33
PID 2812 wrote to memory of 2500	2812	Unicorn-3054.exe	34
PID 2812 wrote to memory of 2500	2812	Unicorn-3054.exe	34
PID 2812 wrote to memory of 2500	2812	Unicorn-3054.exe	34
PID 2812 wrote to memory of 2500	2812	Unicorn-3054.exe	34
PID 1932 wrote to memory of 3000	1932	Unicorn-2452.exe	35
PID 1932 wrote to memory of 3000	1932	Unicorn-2452.exe	35
PID 1932 wrote to memory of 3000	1932	Unicorn-2452.exe	35
PID 1932 wrote to memory of 3000	1932	Unicorn-2452.exe	35
PID 2596 wrote to memory of 2196	2596	3e6cd629266925d9b2980e77fe8c4b03218887d80fbef6f96c030a4677f25946.exe	36
PID 2596 wrote to memory of 2196	2596	3e6cd629266925d9b2980e77fe8c4b03218887d80fbef6f96c030a4677f25946.exe	36
PID 2596 wrote to memory of 2196	2596	3e6cd629266925d9b2980e77fe8c4b03218887d80fbef6f96c030a4677f25946.exe	36
PID 2596 wrote to memory of 2196	2596	3e6cd629266925d9b2980e77fe8c4b03218887d80fbef6f96c030a4677f25946.exe	36
PID 1836 wrote to memory of 2216	1836	Unicorn-52660.exe	37
PID 1836 wrote to memory of 2216	1836	Unicorn-52660.exe	37
PID 1836 wrote to memory of 2216	1836	Unicorn-52660.exe	37
PID 1836 wrote to memory of 2216	1836	Unicorn-52660.exe	37
PID 2752 wrote to memory of 2188	2752	Unicorn-57730.exe	38
PID 2752 wrote to memory of 2188	2752	Unicorn-57730.exe	38
PID 2752 wrote to memory of 2188	2752	Unicorn-57730.exe	38
PID 2752 wrote to memory of 2188	2752	Unicorn-57730.exe	38
PID 2500 wrote to memory of 2828	2500	Unicorn-26018.exe	39
PID 2500 wrote to memory of 2828	2500	Unicorn-26018.exe	39
PID 2500 wrote to memory of 2828	2500	Unicorn-26018.exe	39
PID 2500 wrote to memory of 2828	2500	Unicorn-26018.exe	39
PID 2812 wrote to memory of 2564	2812	Unicorn-3054.exe	40
PID 2812 wrote to memory of 2564	2812	Unicorn-3054.exe	40
PID 2812 wrote to memory of 2564	2812	Unicorn-3054.exe	40
PID 2812 wrote to memory of 2564	2812	Unicorn-3054.exe	40
PID 2196 wrote to memory of 1848	2196	Unicorn-22025.exe	41
PID 2196 wrote to memory of 1848	2196	Unicorn-22025.exe	41
PID 2196 wrote to memory of 1848	2196	Unicorn-22025.exe	41
PID 2196 wrote to memory of 1848	2196	Unicorn-22025.exe	41
PID 2596 wrote to memory of 2904	2596	3e6cd629266925d9b2980e77fe8c4b03218887d80fbef6f96c030a4677f25946.exe	43
PID 2596 wrote to memory of 2904	2596	3e6cd629266925d9b2980e77fe8c4b03218887d80fbef6f96c030a4677f25946.exe	43
PID 2596 wrote to memory of 2904	2596	3e6cd629266925d9b2980e77fe8c4b03218887d80fbef6f96c030a4677f25946.exe	43
PID 2596 wrote to memory of 2904	2596	3e6cd629266925d9b2980e77fe8c4b03218887d80fbef6f96c030a4677f25946.exe	43
PID 3000 wrote to memory of 1960	3000	Unicorn-43100.exe	44
PID 3000 wrote to memory of 1960	3000	Unicorn-43100.exe	44
PID 3000 wrote to memory of 1960	3000	Unicorn-43100.exe	44
PID 3000 wrote to memory of 1960	3000	Unicorn-43100.exe	44
PID 1932 wrote to memory of 2592	1932	Unicorn-2452.exe	42
PID 1932 wrote to memory of 2592	1932	Unicorn-2452.exe	42
PID 1932 wrote to memory of 2592	1932	Unicorn-2452.exe	42
PID 1932 wrote to memory of 2592	1932	Unicorn-2452.exe	42
PID 2216 wrote to memory of 2148	2216	Unicorn-54881.exe	45
PID 2216 wrote to memory of 2148	2216	Unicorn-54881.exe	45
PID 2216 wrote to memory of 2148	2216	Unicorn-54881.exe	45
PID 2216 wrote to memory of 2148	2216	Unicorn-54881.exe	45

C:\Users\Admin\AppData\Local\Temp\3e6cd629266925d9b2980e77fe8c4b03218887d80fbef6f96c030a4677f25946.exe
"C:\Users\Admin\AppData\Local\Temp\3e6cd629266925d9b2980e77fe8c4b03218887d80fbef6f96c030a4677f25946.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2596
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2452.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2452.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57730.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57730.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52660.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52660.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54881.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57678.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3599.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58877.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47964.exe
        9⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11980.exe
        9⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10809.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44673.exe
        9⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15060.exe
        9⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30490.exe
        8⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28268.exe
        8⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59942.exe
        8⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33122.exe
        8⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41814.exe
        8⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30843.exe
        7⤵
        Executes dropped EXE
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59292.exe
        8⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49308.exe
        8⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34651.exe
        8⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe
        8⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56370.exe
        8⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42856.exe
        7⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64668.exe
        7⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18878.exe
        7⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57011.exe
        7⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
        7⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28877.exe
        7⤵
        
        PID:7940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38772.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40403.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7490.exe
        8⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56277.exe
        8⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42820.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe
        8⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50408.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47019.exe
        7⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24184.exe
        7⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54924.exe
        7⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40373.exe
        7⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
        7⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63688.exe
        7⤵
        
        PID:7772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17744.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18608.exe
        7⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34590.exe
        7⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51227.exe
        7⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43317.exe
        7⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        7⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64069.exe
        7⤵
        
        PID:7616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60973.exe
        6⤵
        
        PID:1936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34212.exe
        6⤵
        
        PID:4068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2343.exe
        6⤵
        
        PID:836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43350.exe
        6⤵
        
        PID:5248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18337.exe
        6⤵
        
        PID:6220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27742.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7086.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56308.exe
        6⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3485.exe
        7⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44383.exe
        7⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21678.exe
        7⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16674.exe
        7⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        7⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2616.exe
        7⤵
        
        PID:7532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13499.exe
        6⤵
        
        PID:756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22951.exe
        6⤵
        
        PID:4060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18878.exe
        6⤵
        
        PID:4324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57011.exe
        6⤵
        
        PID:5280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
        6⤵
        
        PID:6972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10595.exe
        6⤵
        
        PID:6556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21636.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34513.exe
        6⤵
        
        PID:2352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12848.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57011.exe
        6⤵
        
        PID:5416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
        6⤵
        
        PID:6980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63688.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23942.exe
        5⤵
        
        PID:2088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44244.exe
        5⤵
        
        PID:3464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2343.exe
        5⤵
        
        PID:4364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43350.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62279.exe
        5⤵
        
        PID:6504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49982.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49982.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63900.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9437.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5976.exe
        7⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28098.exe
        8⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25715.exe
        8⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16674.exe
        8⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15060.exe
        8⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47211.exe
        7⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-749.exe
        7⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20664.exe
        7⤵
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16406.exe
        7⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41814.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7107.exe
        6⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65431.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64419.exe
        7⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21678.exe
        7⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51485.exe
        7⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        7⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25541.exe
        7⤵
        
        PID:8020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13115.exe
        6⤵
        
        PID:2868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55239.exe
        6⤵
        
        PID:3136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18878.exe
        6⤵
        
        PID:4288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57011.exe
        6⤵
        
        PID:5440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
        6⤵
        
        PID:7068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24793.exe
        6⤵
        
        PID:7656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43432.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12198.exe
        6⤵
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59292.exe
        7⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50412.exe
        7⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51485.exe
        7⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        7⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2616.exe
        7⤵
        
        PID:7584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53973.exe
        6⤵
        
        PID:2712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12848.exe
        6⤵
        
        PID:4964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26284.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10595.exe
        6⤵
        
        PID:6572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59161.exe
        5⤵
        
        PID:1300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9519.exe
        6⤵
        
        PID:3264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33766.exe
        6⤵
        
        PID:4748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42820.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe
        6⤵
        
        PID:6192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56370.exe
        6⤵
        
        PID:7440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18342.exe
        5⤵
        
        PID:2380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13378.exe
        5⤵
        
        PID:4916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52545.exe
        5⤵
        
        PID:5356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1682.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53494.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52416.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46433.exe
        6⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59292.exe
        7⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50412.exe
        7⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51485.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        7⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2616.exe
        7⤵
        
        PID:7568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53625.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13158.exe
        6⤵
        
        PID:3100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44343.exe
        6⤵
        
        PID:4848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38536.exe
        6⤵
        
        PID:5676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
        6⤵
        
        PID:6868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30651.exe
        5⤵
        
        PID:2364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9707.exe
        6⤵
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58005.exe
        6⤵
        
        PID:3516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21678.exe
        6⤵
        
        PID:4468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16674.exe
        6⤵
        
        PID:5604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        6⤵
        
        PID:6792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15060.exe
        6⤵
        
        PID:6344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62892.exe
        5⤵
        
        PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63983.exe
        5⤵
        
        PID:3852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18878.exe
        5⤵
        
        PID:3300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26284.exe
        5⤵
        
        PID:5172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
        5⤵
        
        PID:7052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41653.exe
        5⤵
        
        PID:7936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35815.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35815.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6168.exe
        5⤵
        
        PID:1984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60662.exe
        6⤵
        
        PID:2932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14533.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52271.exe
        6⤵
        
        PID:5096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9846.exe
        6⤵
        
        PID:6052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe
        6⤵
        
        PID:6876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36210.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-340.exe
        5⤵
        
        PID:3008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37013.exe
        5⤵
        
        PID:3120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35437.exe
        5⤵
        
        PID:5008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33122.exe
        5⤵
        
        PID:6156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41814.exe
        5⤵
        
        PID:6372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3268.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3268.exe
      4⤵
      PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9519.exe
        5⤵
        
        PID:3228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33766.exe
        5⤵
        
        PID:4756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42820.exe
        5⤵
        
        PID:4800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe
        5⤵
        
        PID:6152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56370.exe
        5⤵
        
        PID:7472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48372.exe
      4⤵
      PID:2448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46056.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46056.exe
      4⤵
      PID:4032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23342.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28736.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28736.exe
      4⤵
      PID:5696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60617.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60617.exe
      4⤵
      PID:7004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6036.exe
      4⤵
      PID:7948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43100.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43100.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36983.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58062.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42157.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3682.exe
        7⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44710.exe
        8⤵
        
        PID:656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23277.exe
        8⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21678.exe
        8⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16674.exe
        8⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        8⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2616.exe
        8⤵
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8311.exe
        7⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22915.exe
        7⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26284.exe
        7⤵
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
        7⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10595.exe
        7⤵
        
        PID:6536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39867.exe
        6⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54824.exe
        7⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25715.exe
        7⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51485.exe
        7⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28137.exe
        7⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18804.exe
        7⤵
        
        PID:7324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20288.exe
        6⤵
        
        PID:2400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13378.exe
        6⤵
        
        PID:4908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21819.exe
        6⤵
        
        PID:5220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22537.exe
        6⤵
        
        PID:6280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6.exe
        6⤵
        
        PID:7880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40573.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2084.exe
        6⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59292.exe
        7⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58196.exe
        7⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16674.exe
        7⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        7⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15060.exe
        7⤵
        
        PID:7276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28098.exe
        6⤵
        
        PID:1756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21513.exe
        6⤵
        
        PID:4932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42820.exe
        6⤵
        
        PID:4052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe
        6⤵
        
        PID:6884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4010.exe
        6⤵
        
        PID:8100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13058.exe
        5⤵
        
        PID:1016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8576.exe
        6⤵
        
        PID:3232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11980.exe
        6⤵
        
        PID:4160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45620.exe
        6⤵
        
        PID:4788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25881.exe
        6⤵
        
        PID:6420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49878.exe
        6⤵
        
        PID:7872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47699.exe
        5⤵
        
        PID:1332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22915.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26284.exe
        5⤵
        
        PID:4976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
        5⤵
        
        PID:7140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10595.exe
        5⤵
        
        PID:6552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27890.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50133.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50792.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35520.exe
        7⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11980.exe
        7⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35584.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5943.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28098.exe
        6⤵
        
        PID:2404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25715.exe
        6⤵
        
        PID:4232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16674.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        6⤵
        
        PID:6640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15060.exe
        6⤵
        
        PID:7292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27034.exe
        5⤵
        
        PID:1996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24591.exe
        6⤵
        
        PID:2276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41284.exe
        6⤵
        
        PID:3940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21678.exe
        6⤵
        
        PID:4424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51485.exe
        6⤵
        
        PID:5024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        6⤵
        
        PID:6688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2616.exe
        6⤵
        
        PID:7592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30712.exe
        5⤵
        
        PID:2632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2146.exe
        5⤵
        
        PID:3980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18878.exe
        5⤵
        
        PID:1868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26284.exe
        5⤵
        
        PID:4988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63688.exe
        5⤵
        
        PID:7764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28242.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28242.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34456.exe
        5⤵
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38976.exe
        6⤵
        
        PID:3324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7943.exe
        6⤵
        
        PID:4388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45620.exe
        6⤵
        
        PID:4904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25881.exe
        6⤵
        
        PID:6428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19151.exe
        6⤵
        
        PID:7676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7490.exe
        5⤵
        
        PID:3616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56277.exe
        5⤵
        
        PID:4572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42820.exe
        5⤵
        
        PID:5204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe
        5⤵
        
        PID:6964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19681.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46635.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46635.exe
      4⤵
      PID:1952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51228.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3859.exe
        5⤵
        
        PID:5104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10809.exe
        5⤵
        
        PID:5372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25881.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21481.exe
        5⤵
        
        PID:7172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11706.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11706.exe
      4⤵
      PID:3356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31076.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31076.exe
      4⤵
      PID:4596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8539.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8539.exe
      4⤵
      PID:5272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18337.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18337.exe
      4⤵
      PID:6236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62553.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62553.exe
      4⤵
      PID:7548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32798.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32798.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49894.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49894.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13376.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51944.exe
        6⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51711.exe
        7⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29746.exe
        7⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53338.exe
        7⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45794.exe
        7⤵
        
        PID:7668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14175.exe
        6⤵
        
        PID:3884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3349.exe
        6⤵
        
        PID:4484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16674.exe
        6⤵
        
        PID:5652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        6⤵
        
        PID:6664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15060.exe
        6⤵
        
        PID:7228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18072.exe
        5⤵
        
        PID:1452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33932.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40760.exe
        6⤵
        
        PID:4700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10809.exe
        6⤵
        
        PID:5292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25881.exe
        6⤵
        
        PID:6448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30109.exe
        6⤵
        
        PID:7692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53868.exe
        5⤵
        
        PID:3992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56277.exe
        5⤵
        
        PID:4584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42820.exe
        5⤵
        
        PID:4312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe
        5⤵
        
        PID:6892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4010.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28321.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28321.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60942.exe
        5⤵
        
        PID:2212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20741.exe
        6⤵
        
        PID:4860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29637.exe
        6⤵
        
        PID:6012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20015.exe
        6⤵
        
        PID:6248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15918.exe
        6⤵
        
        PID:7608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47044.exe
        5⤵
        
        PID:3560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11810.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33122.exe
        5⤵
        
        PID:6164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41814.exe
        5⤵
        
        PID:6368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45814.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45814.exe
      4⤵
      PID:2236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9519.exe
        5⤵
        
        PID:3240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33766.exe
        5⤵
        
        PID:4764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8009.exe
        5⤵
        
        PID:5400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe
        5⤵
        
        PID:6340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56370.exe
        5⤵
        
        PID:7492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39038.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39038.exe
      4⤵
      PID:3280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22915.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22915.exe
      4⤵
      PID:4136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57011.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57011.exe
      4⤵
      PID:5448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
      4⤵
      PID:7116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10595.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10595.exe
      4⤵
      PID:4356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22987.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22987.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64715.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64715.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51944.exe
        5⤵
        
        PID:2964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45774.exe
        6⤵
        
        PID:3812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32015.exe
        6⤵
        
        PID:4844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49238.exe
        6⤵
        
        PID:6024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        6⤵
        
        PID:6832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19144.exe
        6⤵
        
        PID:7524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7953.exe
        5⤵
        
        PID:3836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3349.exe
        5⤵
        
        PID:4492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16674.exe
        5⤵
        
        PID:5524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15060.exe
        5⤵
        
        PID:7268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32078.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32078.exe
      4⤵
      PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6163.exe
        5⤵
        
        PID:2668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25715.exe
        5⤵
        
        PID:4240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51485.exe
        5⤵
        
        PID:4732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        5⤵
        
        PID:6780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33342.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41834.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41834.exe
      4⤵
      PID:1508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31581.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31581.exe
      4⤵
      PID:4148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8009.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8009.exe
      4⤵
      PID:5304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe
      4⤵
      PID:7012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19681.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19681.exe
      4⤵
      PID:7780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53647.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53647.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30647.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30647.exe
      4⤵
      PID:2628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23714.exe
        5⤵
        
        PID:2184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3350.exe
        5⤵
        
        PID:4064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21678.exe
        5⤵
        
        PID:4520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51485.exe
        5⤵
        
        PID:4980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        5⤵
        
        PID:6824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33342.exe
        5⤵
        
        PID:8136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8700.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8700.exe
      4⤵
      PID:2816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23992.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23992.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59942.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59942.exe
      4⤵
      PID:4832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24037.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24037.exe
      4⤵
      PID:6088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
      4⤵
      PID:7060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64212.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64212.exe
      4⤵
      PID:8072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45227.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45227.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44774.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44774.exe
    3⤵
    PID:3540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63415.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63415.exe
    3⤵
    PID:4416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47210.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47210.exe
    3⤵
    PID:5392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60617.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60617.exe
    3⤵
    PID:7108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47261.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47261.exe
    3⤵
    PID:6360
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3054.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3054.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26018.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26018.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22785.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59624.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11082.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5976.exe
        7⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59292.exe
        8⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58196.exe
        8⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51485.exe
        8⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        8⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19144.exe
        8⤵
        
        PID:7444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2826.exe
        7⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12848.exe
        7⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26284.exe
        7⤵
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
        7⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63688.exe
        7⤵
        
        PID:7684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7107.exe
        6⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46765.exe
        7⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33308.exe
        7⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21678.exe
        7⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16674.exe
        7⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31204.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32274.exe
        6⤵
        
        PID:1656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52909.exe
        6⤵
        
        PID:3468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18878.exe
        6⤵
        
        PID:2476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57011.exe
        6⤵
        
        PID:5564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
        6⤵
        
        PID:7092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10595.exe
        6⤵
        
        PID:6528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32518.exe
        5⤵
        
        PID:1988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28722.exe
        6⤵
        
        PID:1856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25715.exe
        6⤵
        
        PID:4204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51485.exe
        6⤵
        
        PID:4824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        6⤵
        
        PID:6840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39007.exe
        6⤵
        
        PID:7316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44793.exe
        5⤵
        
        PID:704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6380.exe
        5⤵
        
        PID:4280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48539.exe
        5⤵
        
        PID:5660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55235.exe
        5⤵
        
        PID:7612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41704.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41704.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23335.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58166.exe
        6⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63807.exe
        7⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55151.exe
        7⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10809.exe
        7⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25881.exe
        7⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31595.exe
        7⤵
        
        PID:7204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12805.exe
        6⤵
        
        PID:3912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50412.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51485.exe
        6⤵
        
        PID:5156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        6⤵
        
        PID:6752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33342.exe
        6⤵
        
        PID:8128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48306.exe
        5⤵
        
        PID:576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59292.exe
        6⤵
        
        PID:3696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50412.exe
        6⤵
        
        PID:4616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51485.exe
        6⤵
        
        PID:5180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        6⤵
        
        PID:6272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33342.exe
        6⤵
        
        PID:8120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13355.exe
        5⤵
        
        PID:3600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-549.exe
        5⤵
        
        PID:4508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57011.exe
        5⤵
        
        PID:5588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
        5⤵
        
        PID:7100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63688.exe
        5⤵
        
        PID:7732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8844.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51944.exe
        5⤵
        
        PID:1640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19646.exe
        6⤵
        
        PID:4036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37491.exe
        6⤵
        
        PID:4872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37452.exe
        6⤵
        
        PID:5772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25881.exe
        6⤵
        
        PID:6476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60836.exe
        6⤵
        
        PID:7460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61238.exe
        5⤵
        
        PID:3748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58196.exe
        5⤵
        
        PID:4432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16674.exe
        5⤵
        
        PID:5540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        5⤵
        
        PID:6728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15060.exe
        5⤵
        
        PID:7336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51679.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51679.exe
      4⤵
      PID:1124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7865.exe
        5⤵
        
        PID:3848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20832.exe
        5⤵
        
        PID:4992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18511.exe
        5⤵
        
        PID:6032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60810.exe
        5⤵
        
        PID:6352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58213.exe
        5⤵
        
        PID:7360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6636.exe
      4⤵
      PID:3764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38860.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38860.exe
      4⤵
      PID:4452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8539.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8539.exe
      4⤵
      PID:5340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29418.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29418.exe
      4⤵
      PID:6480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54142.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54142.exe
      4⤵
      PID:7368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8949.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8949.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32982.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32982.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1845.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8254.exe
        6⤵
        
        PID:2924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21440.exe
        6⤵
        
        PID:4016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21678.exe
        6⤵
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51485.exe
        6⤵
        
        PID:300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        6⤵
        
        PID:6712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15060.exe
        6⤵
        
        PID:7284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4725.exe
        5⤵
        
        PID:2436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55020.exe
        5⤵
        
        PID:3932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35437.exe
        5⤵
        
        PID:5040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24037.exe
        5⤵
        
        PID:6096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64212.exe
        5⤵
        
        PID:8108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50340.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50340.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19630.exe
        5⤵
        
        PID:1592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48326.exe
        5⤵
        
        PID:3328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57092.exe
        5⤵
        
        PID:4884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34651.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe
        5⤵
        
        PID:7164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32126.exe
        5⤵
        
        PID:7220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55217.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55217.exe
      4⤵
      PID:1620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18482.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18482.exe
      4⤵
      PID:4072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18878.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18878.exe
      4⤵
      PID:4336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57011.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57011.exe
      4⤵
      PID:5572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
      4⤵
      PID:6948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59603.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59603.exe
      4⤵
      PID:7560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6239.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6239.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13376.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46900.exe
        5⤵
        
        PID:848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17871.exe
        6⤵
        
        PID:3592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7943.exe
        6⤵
        
        PID:4376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45620.exe
        6⤵
        
        PID:5228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25881.exe
        6⤵
        
        PID:6412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51454.exe
        6⤵
        
        PID:7908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-771.exe
        5⤵
        
        PID:3344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50412.exe
        5⤵
        
        PID:4660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51485.exe
        5⤵
        
        PID:5196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        5⤵
        
        PID:6800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15060.exe
        5⤵
        
        PID:7308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27034.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27034.exe
      4⤵
      PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12146.exe
        5⤵
        
        PID:2168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35638.exe
        5⤵
        
        PID:3152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21678.exe
        5⤵
        
        PID:4592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16674.exe
        5⤵
        
        PID:5620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        5⤵
        
        PID:6680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15060.exe
        5⤵
        
        PID:6300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52778.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52778.exe
      4⤵
      PID:1496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12068.exe
      4⤵
      PID:3456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18878.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18878.exe
      4⤵
      PID:4200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57011.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57011.exe
      4⤵
      PID:5432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10595.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10595.exe
      4⤵
      PID:6308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58036.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58036.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53070.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53070.exe
      4⤵
      PID:1796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45068.exe
      4⤵
      PID:3788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63589.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63589.exe
      4⤵
      PID:2224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30266.exe
      4⤵
      PID:5952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe
      4⤵
      PID:6924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56370.exe
      4⤵
      PID:7404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45702.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45702.exe
    3⤵
    PID:2156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46950.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46950.exe
    3⤵
    PID:3720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19408.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19408.exe
    3⤵
    PID:612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52545.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52545.exe
    3⤵
    PID:5364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56416.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56416.exe
    3⤵
    PID:6320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62553.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62553.exe
    3⤵
    PID:7756
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22025.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22025.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32899.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32899.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27336.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3262.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3682.exe
        6⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28098.exe
        7⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25715.exe
        7⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51485.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        7⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33342.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48694.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54191.exe
        6⤵
        
        PID:3124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20848.exe
        6⤵
        
        PID:3276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11591.exe
        6⤵
        
        PID:5472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36479.exe
        6⤵
        
        PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45509.exe
        5⤵
        
        PID:2176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52681.exe
        6⤵
        
        PID:3552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7943.exe
        6⤵
        
        PID:4396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10809.exe
        6⤵
        
        PID:5348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25881.exe
        6⤵
        
        PID:6456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14190.exe
        6⤵
        
        PID:6568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64859.exe
        5⤵
        
        PID:3520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64061.exe
        5⤵
        
        PID:4368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42820.exe
        5⤵
        
        PID:5140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe
        5⤵
        
        PID:5468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19681.exe
        5⤵
        
        PID:7740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36489.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28098.exe
        5⤵
        
        PID:3076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25715.exe
        5⤵
        
        PID:4216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51485.exe
        5⤵
        
        PID:932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        5⤵
        
        PID:6736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25541.exe
        5⤵
        
        PID:8060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60946.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6614.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6614.exe
      4⤵
      PID:3724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18878.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18878.exe
      4⤵
      PID:4344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26284.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26284.exe
      4⤵
      PID:4116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
      4⤵
      PID:6932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63688.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63688.exe
      4⤵
      PID:7708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27890.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27890.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14974.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45447.exe
        5⤵
        
        PID:2660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21384.exe
        6⤵
        
        PID:804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64419.exe
        6⤵
        
        PID:4084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21678.exe
        6⤵
        
        PID:4428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51485.exe
        6⤵
        
        PID:5004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        6⤵
        
        PID:6672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25541.exe
        6⤵
        
        PID:8036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57818.exe
        5⤵
        
        PID:2152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49374.exe
        5⤵
        
        PID:3148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27544.exe
        5⤵
        
        PID:4580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8009.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe
        5⤵
        
        PID:6988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4010.exe
        5⤵
        
        PID:8084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31611.exe
      4⤵
      PID:2664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35520.exe
        5⤵
        
        PID:3200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11980.exe
        5⤵
        
        PID:4184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45620.exe
        5⤵
        
        PID:5148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44673.exe
        5⤵
        
        PID:6600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2616.exe
        5⤵
        
        PID:7576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41834.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41834.exe
      4⤵
      PID:1792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12848.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12848.exe
      4⤵
      PID:4940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26284.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26284.exe
      4⤵
      PID:4328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
      4⤵
      PID:7124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34907.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34907.exe
      4⤵
      PID:7960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21096.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21096.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5248.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5248.exe
      4⤵
      PID:2484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53406.exe
        5⤵
        
        PID:6484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45526.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45526.exe
      4⤵
      PID:4008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27807.exe
      4⤵
      PID:4836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55602.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55602.exe
      4⤵
      PID:5712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61752.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61752.exe
      4⤵
      PID:6292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24118.exe
      4⤵
      PID:8184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25800.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25800.exe
    3⤵
    PID:2936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18608.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18608.exe
      4⤵
      PID:2140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21513.exe
      4⤵
      PID:4924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42820.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42820.exe
      4⤵
      PID:4316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14720.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14720.exe
      4⤵
      PID:7212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22498.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22498.exe
    3⤵
    PID:2680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23445.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23445.exe
    3⤵
    PID:3192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21819.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21819.exe
    3⤵
    PID:5052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1682.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1682.exe
    3⤵
    PID:6336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35942.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35942.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7380
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38664.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38664.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47756.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47756.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64284.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64284.exe
      4⤵
      PID:1536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61238.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23277.exe
        5⤵
        
        PID:3968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21678.exe
        5⤵
        
        PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51485.exe
        5⤵
        
        PID:5112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        5⤵
        
        PID:6616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29625.exe
        5⤵
        
        PID:7860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26327.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26327.exe
      4⤵
      PID:552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19380.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19380.exe
      4⤵
      PID:4028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20848.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20848.exe
      4⤵
      PID:3220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10376.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18337.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18337.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62553.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62553.exe
      4⤵
      PID:7540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30267.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30267.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34456.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34456.exe
      4⤵
      PID:2704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9519.exe
        5⤵
        
        PID:3256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33766.exe
        5⤵
        
        PID:4772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8009.exe
        5⤵
        
        PID:5312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe
        5⤵
        
        PID:7156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19681.exe
        5⤵
        
        PID:7788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28098.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28098.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25715.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25715.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16674.exe
      4⤵
      PID:5636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
      4⤵
      PID:6720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27487.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27487.exe
      4⤵
      PID:8176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40770.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40770.exe
    3⤵
    PID:2832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59292.exe
      4⤵
      PID:3704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5342.exe
      4⤵
      PID:4808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51485.exe
      4⤵
      PID:4744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28137.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28137.exe
      4⤵
      PID:6508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50408.exe
      4⤵
      PID:8160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8311.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8311.exe
    3⤵
    PID:3268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22915.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22915.exe
    3⤵
    PID:4108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26284.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26284.exe
    3⤵
    PID:4740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
    3⤵
    PID:6844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41814.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41814.exe
    3⤵
    PID:6396
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12183.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12183.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27227.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27227.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51944.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51944.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46864.exe
        5⤵
        
        PID:3160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44137.exe
        5⤵
        
        PID:5668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20015.exe
        5⤵
        
        PID:6264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40261.exe
        5⤵
        
        PID:7240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14175.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14175.exe
      4⤵
      PID:3892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49308.exe
      4⤵
      PID:5068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34651.exe
      4⤵
      PID:5760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe
      4⤵
      PID:6184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56370.exe
      4⤵
      PID:7504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32078.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32078.exe
    3⤵
    PID:1772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31216.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31216.exe
      4⤵
      PID:6208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51880.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51880.exe
      4⤵
      PID:6576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9436.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9436.exe
    3⤵
    PID:3776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
    3⤵
    PID:4716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57011.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57011.exe
    3⤵
    PID:5424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
    3⤵
    PID:6956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10595.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10595.exe
    3⤵
    PID:6228
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8523.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8523.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51477.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51477.exe
    3⤵
    PID:2768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59292.exe
      4⤵
      PID:3680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50412.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50412.exe
      4⤵
      PID:4640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16674.exe
      4⤵
      PID:5548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
      4⤵
      PID:6608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15060.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15060.exe
      4⤵
      PID:7192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7490.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7490.exe
    3⤵
    PID:3608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56277.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56277.exe
    3⤵
    PID:4548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42820.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42820.exe
    3⤵
    PID:3340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe
    3⤵
    PID:7036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48270.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48270.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7900
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36855.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36855.exe
  2⤵
  PID:2576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55208.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55208.exe
    3⤵
    PID:3636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3349.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3349.exe
    3⤵
    PID:4500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16674.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16674.exe
    3⤵
    PID:5532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15060.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15060.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6604
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18033.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18033.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2428
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62117.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62117.exe
  2⤵
  PID:4168
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20684.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20684.exe
  2⤵
  PID:5164
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32881.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32881.exe
  2⤵
  PID:6256
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33144.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33144.exe
  2⤵
  PID:7416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-32798.exe

Filesize
468KB

MD5
7a068fc042b9342aad843368c43f2947

SHA1
b0f89415e98f121ca7d8860ec62b2326f4e2a301

SHA256
4e955b038439143323141af730bf10580911da0e28f8668e7e423dda77593470

SHA512
5ccdc7193722734c311608dac83fe9b104ee1927af0c4477558fb0ef34c957a26f65736d0bc05d3bb2aae72fcdb5c7e6ba48e579f56be00ddf36c2284001f7e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32899.exe

Filesize
468KB

MD5
d54e165e53d2ebd75391678683d6f7cf

SHA1
ad1e62587c049b28884f8a7d487afb724bb9ae28

SHA256
46d794eafe99b67097d20d2b315abe5047633b88e3e574273a99176a5af43f2c

SHA512
52f89d23008f0f0ff25aae788447da46ed67cd1fdcfad63baebd690c9dbc164d99467ff4b6876d71d5f0048577c0bc5e8932b8bc2cb62ef6bdc4c9e9a63f8986

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22025.exe

Filesize
468KB

MD5
148775dc1226a118887a6ac6234f07c1

SHA1
047987c8929a956398b9cf3467a7f310d8f1aa21

SHA256
c99cb0e81b9165ff783cda220b32820f16a7530dfcc01eb757f17b582af860eb

SHA512
98f35e0ea70b48d29ccc2c5222dc77cb46fdc6055315e483c26a41851e15246c49dc3e1e02f408b7ca2760747dc34b3779557968ebed0aea06f2e89233a0e276

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22785.exe

Filesize
468KB

MD5
5fe9905115dfc966992452ee43cdcc17

SHA1
cf2a9cb463126d2cf3db8f90b4cd40f045b0e67e

SHA256
9f603d9ca369bc07e4d311097d784484cf8550e0da38eb0e914cfb8acbc0cc2c

SHA512
c976aaf83f995ebf0392a7cb4afe9b275de7aac50f1cfe94f6a04c02311b02e2d13101142eefcc75b0c7ec35c9110ce1639c5f98e036fadc125612c4925548d7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2452.exe

Filesize
468KB

MD5
bcd26d4722f999db670060b2bbf08a17

SHA1
d55a6f8f5f2722c446c96568298a161df3cdc1ce

SHA256
3635fed245095fde05bec4b62ba406cde973441369c01068f68a254176c95fc4

SHA512
4f312501489ad04190d87da318e27eed17e51339235965f609274af32d2a2ce6e5eac3bf6d342cae93fd8242524c6a51400068e642e4707533e54010082ec9f5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26018.exe

Filesize
468KB

MD5
233f86a0e0e7d534ef7c3252c08f7b2f

SHA1
625344a3d3d9c35ee9b26cae702af69d1d317f35

SHA256
f22a9bec90894e75752d243814833e65103ae6fac69cce34243284d9cfc5823b

SHA512
24c351bd3c996da50fd2b9702aabb3e72e00e5e35c772b2e650ce110b678bf48ca4704877b678668d82315373e6fe68ce94fbf2ec55d4b02b949b7f0dff55043

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3054.exe

Filesize
468KB

MD5
0566bffb3504d02a5af0856c18e9efb3

SHA1
315198e120611cbe9c59a9c9c7161bed6634ea54

SHA256
4ab4f8d9421b4adfd03310482659e80a7b40c69d4334870d155f1fa12153b557

SHA512
5c3d202930051ada95999e9e520c48795c8ac27c16d803cfc9aec2501e4f8f06882005811392f56e4f09c76e28add298d37ccc8d63dd8bc4f92f054a3a1d17b2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36983.exe

Filesize
468KB

MD5
752bd0246a96d2bf76f807a3fa4ecb90

SHA1
6de060e7fd9d731feece40113385b6e28594f2c3

SHA256
5e94668c5985ebaa0d6bca27ab682bb93c884bf13405b1f471f9d59a53a9c524

SHA512
97d95c469ee0fcf982aa97d0eed6964e499223504f643504e5a71edb3a375e02bc7a51d45a24c15a3ad460c32654dff1bad820275cb833cc42941d5c94a9b093

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38664.exe

Filesize
468KB

MD5
5570594a4f9e54efe511aaf4142a4786

SHA1
93c330ca531e1ae7df89c6895b8ae802f5757bc9

SHA256
b887cd6a2d3cbc1a14daac1f802a68b5fad628501e80002b1f74220ff9136c53

SHA512
32c0be1d3f95fce56536a504441615caa2f45e8d0a8fab53fac43eb0f114bc796079ff6f2639b5aa469f5f12d1846f5f7829ce6d1baa4371dc26408257bb5a1a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43100.exe

Filesize
468KB

MD5
e45664543cca877c1d7ed698926d8f8a

SHA1
e81a44dd4c7d99405cb930446e5a5c7a2259a760

SHA256
ca17e30971f90a689eecaad0249f3db16cd6b6e72099a943e0595312b5e44e75

SHA512
6bbd54c859e75c44e6815054305862c4bfffece0c33074e7499c071b7be3acb16bacad051a55266a1aee7056bc104da66a62560b8a251f64b308987866e9a509

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49982.exe

Filesize
468KB

MD5
408bd57a5e7979ce75a27e22a9260810

SHA1
9e9320ee13e8e2b80c38a4bcb1e74c62742da76b

SHA256
ef458dd9dfa3ea3d1f65e5838f02a407ac50d267262238885c564a164589c180

SHA512
e0412471a5fe8e59e8b45430d2e5a4c52fa51a3f736fe60161655f6fa2171faaf41450fbdba84c4bb3648ddcbd28916358e3dce011fbbc193465ca8066a5ab13

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52660.exe

Filesize
468KB

MD5
d4e892ff950b36f18c4450a8ca76bb29

SHA1
99759ea3d24e37f7f427004362bd125ef6c8228f

SHA256
231948ae0020ad40260e33688423e5fe7ae444f02c777cfbb022909156e02bf8

SHA512
1c2cdbbd692ce5cda94786f92c75425b224858e51870fb537dddebc02c32a23f3824021145166e0d44d106cc8d46a21973174f22d5133b0d6253140784b645ac

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54881.exe

Filesize
468KB

MD5
29f29cff12da9d969ff4f8661870856e

SHA1
4c63d828e9aafd0cc4f7a327a390b3132277acef

SHA256
71d372d08decaf5f9472353be2733efacab5e8cf2c2f448c8decd238f6a34ebb

SHA512
4c4af765f5af1a8bb5590c82e5b61973c50eb752325f3997ae1180fc93d5ed4890a3d142a36fbf93a82d37e65caffe3e990a14342b1535f38cd14a815321aaf5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57678.exe

Filesize
468KB

MD5
6149c70e37fc4111d555fe170a288e77

SHA1
dfd956310532dfaa46100d70c363bddfcd33a698

SHA256
d0c4037462a4587f9514536f25bc319896b42ba2dc8f731a150ef19420ea87b2

SHA512
d441e9dbcb4da21bcad8df2abab1aab97dd01724f5bb57ce565b31729c9f9da4408a30582fbb608231f6f049eae9dc50935acf01c45f4b993e7f5200dcb73c9c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57730.exe

Filesize
468KB

MD5
31e651592f2f5c820812e14a4dce194d

SHA1
e2e41b1b795974f5b5791d3a1e5e216671049186

SHA256
b07d54d427b809a374876b7c661edd9a70c02a9ce3b83ce92dd903c930ad59d0

SHA512
f1dcdc40fc0f5acd6b6827e750b1bc7b7c100c2a1d656fb48d3bcefa52e040fdffcf90e940921c88046c82958afd11dcfb5a01d83c7e24caedaac3ae9e37d7e4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63900.exe

Filesize
468KB

MD5
f039e74059c9799b93e5b2999b468157

SHA1
77598d18ab922e777ac2dcf16db3adfb6514a72d

SHA256
99557f655dec10724a40a264fe5b238755dd4b4bd5fe470487d6bbb1ab29fcfa

SHA512
6d371ac72967adc4bee04d45ccb4513cff1a7de12607479681602baca6cbc8eeb7961728448901bd0902a19d07f76be5a8f40e48417d60d1d9b59169ca5ccfee

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7086.exe

Filesize
468KB

MD5
8f8981e97bb6eb34f41dac1b718872af

SHA1
28eb4f714ff9f22737866b10eb628780673131e6

SHA256
19ab9ac38386a23850e04dc886bcb45a54fd31d843137d533cccf61ae0c4099f

SHA512
8f8409fc58d1697b32f3c36862a956f9a444ee9bd1c1ef3d1cfe5fcd6fbd6ef0ebbb8d081585419c6ebf6599f5a81d15a029e47f121ecb280129db48505e8e17

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8949.exe

Filesize
468KB

MD5
f9f725ae9d5ef5d7e03c92e3132497e9

SHA1
0345abfc407f43d566dc1c08fc20569760842f27

SHA256
0f4c6e62cfce2889e5347e43b2701c18342d1f2e353e9cd4e189130c1a600975

SHA512
e1cb1ae2423187bd7eac82259959883838e1fd072b500330336fb44acbc2941335d8b668c9cebb2ddc3743c76d3a0627de1394bfe05abaf8298ae8e10cb16d1b

Download Submit
memory/376-297-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/540-263-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/800-227-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/800-389-0x0000000002940000-0x00000000029B5000-memory.dmp

Filesize
468KB

Download
memory/940-391-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1148-298-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1564-326-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1676-336-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1680-313-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1716-266-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1764-413-0x0000000002660000-0x00000000026D5000-memory.dmp

Filesize
468KB

Download
memory/1764-408-0x0000000002660000-0x00000000026D5000-memory.dmp

Filesize
468KB

Download
memory/1764-234-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1808-290-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1820-392-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1836-211-0x00000000027C0000-0x0000000002835000-memory.dmp

Filesize
468KB

Download
memory/1836-93-0x00000000027C0000-0x0000000002835000-memory.dmp

Filesize
468KB

Download
memory/1836-212-0x00000000027C0000-0x0000000002835000-memory.dmp

Filesize
468KB

Download
memory/1848-143-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1848-304-0x00000000025C0000-0x0000000002635000-memory.dmp

Filesize
468KB

Download
memory/1932-294-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1932-175-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1932-18-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1932-300-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1932-352-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1932-163-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1960-302-0x00000000023B0000-0x0000000002425000-memory.dmp

Filesize
468KB

Download
memory/1960-177-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1960-301-0x00000000023B0000-0x0000000002425000-memory.dmp

Filesize
468KB

Download
memory/2092-214-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2148-200-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2148-356-0x0000000002470000-0x00000000024E5000-memory.dmp

Filesize
468KB

Download
memory/2188-224-0x0000000001CB0000-0x0000000001D25000-memory.dmp

Filesize
468KB

Download
memory/2188-404-0x0000000001CB0000-0x0000000001D25000-memory.dmp

Filesize
468KB

Download
memory/2188-405-0x0000000001CB0000-0x0000000001D25000-memory.dmp

Filesize
468KB

Download
memory/2188-217-0x0000000001CB0000-0x0000000001D25000-memory.dmp

Filesize
468KB

Download
memory/2188-106-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2196-316-0x0000000001DE0000-0x0000000001E55000-memory.dmp

Filesize
468KB

Download
memory/2196-78-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2196-322-0x0000000001DE0000-0x0000000001E55000-memory.dmp

Filesize
468KB

Download
memory/2196-140-0x0000000001DE0000-0x0000000001E55000-memory.dmp

Filesize
468KB

Download
memory/2196-141-0x0000000001DE0000-0x0000000001E55000-memory.dmp

Filesize
468KB

Download
memory/2216-95-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2216-196-0x0000000001E00000-0x0000000001E75000-memory.dmp

Filesize
468KB

Download
memory/2216-365-0x0000000001E00000-0x0000000001E75000-memory.dmp

Filesize
468KB

Download
memory/2216-197-0x0000000001E00000-0x0000000001E75000-memory.dmp

Filesize
468KB

Download
memory/2216-367-0x0000000001E00000-0x0000000001E75000-memory.dmp

Filesize
468KB

Download
memory/2220-414-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2420-337-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2460-276-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2500-59-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2500-257-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2552-369-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2564-264-0x0000000002830000-0x00000000028A5000-memory.dmp

Filesize
468KB

Download
memory/2564-265-0x0000000002830000-0x00000000028A5000-memory.dmp

Filesize
468KB

Download
memory/2564-131-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2592-289-0x00000000029B0000-0x0000000002A25000-memory.dmp

Filesize
468KB

Download
memory/2592-179-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2592-299-0x00000000029B0000-0x0000000002A25000-memory.dmp

Filesize
468KB

Download
memory/2596-327-0x0000000002790000-0x0000000002805000-memory.dmp

Filesize
468KB

Download
memory/2596-320-0x0000000002790000-0x0000000002805000-memory.dmp

Filesize
468KB

Download
memory/2596-6-0x0000000002790000-0x0000000002805000-memory.dmp

Filesize
468KB

Download
memory/2596-12-0x0000000002790000-0x0000000002805000-memory.dmp

Filesize
468KB

Download
memory/2596-22-0x0000000002790000-0x0000000002805000-memory.dmp

Filesize
468KB

Download
memory/2596-318-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2596-164-0x0000000002790000-0x0000000002805000-memory.dmp

Filesize
468KB

Download
memory/2596-338-0x0000000002790000-0x0000000002805000-memory.dmp

Filesize
468KB

Download
memory/2596-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2596-76-0x0000000002790000-0x0000000002805000-memory.dmp

Filesize
468KB

Download
memory/2596-169-0x0000000002790000-0x0000000002805000-memory.dmp

Filesize
468KB

Download
memory/2600-406-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2624-377-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2652-335-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2672-357-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2752-390-0x0000000001F50000-0x0000000001FC5000-memory.dmp

Filesize
468KB

Download
memory/2752-240-0x0000000001F50000-0x0000000001FC5000-memory.dmp

Filesize
468KB

Download
memory/2752-236-0x0000000001F50000-0x0000000001FC5000-memory.dmp

Filesize
468KB

Download
memory/2752-393-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2752-43-0x0000000001F50000-0x0000000001FC5000-memory.dmp

Filesize
468KB

Download
memory/2752-412-0x0000000001F50000-0x0000000001FC5000-memory.dmp

Filesize
468KB

Download
memory/2812-128-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2812-129-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2812-382-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2812-275-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2812-274-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2828-232-0x0000000002940000-0x00000000029B5000-memory.dmp

Filesize
468KB

Download
memory/2828-233-0x0000000002940000-0x00000000029B5000-memory.dmp

Filesize
468KB

Download
memory/2828-118-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2856-241-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2904-170-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2904-334-0x00000000025D0000-0x0000000002645000-memory.dmp

Filesize
468KB

Download
memory/3000-71-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3000-317-0x0000000002080000-0x00000000020F5000-memory.dmp

Filesize
468KB

Download
memory/3000-321-0x0000000002080000-0x00000000020F5000-memory.dmp

Filesize
468KB

Download
memory/3000-167-0x0000000002080000-0x00000000020F5000-memory.dmp

Filesize
468KB

Download
memory/3000-165-0x0000000002080000-0x00000000020F5000-memory.dmp

Filesize
468KB

Download