9fff1a4afe4950b4c311f2d44e87f5c7a23a7a458d383ad96938744d59cc0e09

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29/09/2024, 10:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9fff1a4afe4950b4c311f2d44e87f5c7a23a7a458d383ad96938744d59cc0e09N.exe
Size

468KB
MD5

4ea973c545d5d1b2244adccda3106510
SHA1

be6109984a6274c6d896692813900a00b30dab4a
SHA256

9fff1a4afe4950b4c311f2d44e87f5c7a23a7a458d383ad96938744d59cc0e09
SHA512

9715b8b00c63bcfcf4f25ce455ae771fa000d50623fe8b9f9a61796607040e70d4c57b96a3a85680c6b30434089cff922af436716c08a6302ac758eb1fff5f30
SSDEEP

3072:6bOOogJER05Bt4YtPzDHqf8uRCnZRnp5nmHh9oh4e4EcvcpQUhED:6bXoR8Bt7PfHqfupIje49kpQU

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1100	Unicorn-9161.exe
1724	Unicorn-56032.exe
1264	Unicorn-38949.exe
2832	Unicorn-18695.exe
3016	Unicorn-22779.exe
2772	Unicorn-57489.exe
2848	Unicorn-43753.exe
1940	Unicorn-60770.exe
692	Unicorn-44989.exe
588	Unicorn-31725.exe
1648	Unicorn-52410.exe
1956	Unicorn-31990.exe
1996	Unicorn-55948.exe
320	Unicorn-42212.exe
1640	Unicorn-53801.exe
2976	Unicorn-46188.exe
2320	Unicorn-33189.exe
1848	Unicorn-27058.exe
900	Unicorn-47532.exe
2580	Unicorn-46977.exe
1780	Unicorn-54191.exe
1664	Unicorn-42701.exe
2944	Unicorn-15958.exe
1308	Unicorn-26173.exe
1696	Unicorn-34341.exe
2116	Unicorn-5752.exe
940	Unicorn-51424.exe
780	Unicorn-38160.exe
2496	Unicorn-30811.exe
2300	Unicorn-22364.exe
1032	Unicorn-63759.exe
1628	Unicorn-18555.exe
2420	Unicorn-51227.exe
1608	Unicorn-31361.exe
2548	Unicorn-45974.exe
2800	Unicorn-52104.exe
2720	Unicorn-6722.exe
2888	Unicorn-30423.exe
2868	Unicorn-63842.exe
2648	Unicorn-63095.exe
2640	Unicorn-2197.exe
2724	Unicorn-30231.exe
2476	Unicorn-9810.exe
280	Unicorn-17979.exe
652	Unicorn-11848.exe
1984	Unicorn-44521.exe
1468	Unicorn-47141.exe
1992	Unicorn-27226.exe
1824	Unicorn-19323.exe
1960	Unicorn-35467.exe
1656	Unicorn-35467.exe
2432	Unicorn-15601.exe
2632	Unicorn-35467.exe
2988	Unicorn-56634.exe
2528	Unicorn-40105.exe
2532	Unicorn-42873.exe
2212	Unicorn-29144.exe
3028	Unicorn-1977.exe
2324	Unicorn-35396.exe
1272	Unicorn-32102.exe
2200	Unicorn-1275.exe
1548	Unicorn-48438.exe
2340	Unicorn-44717.exe
3056	Unicorn-56414.exe

Loads dropped DLL 64 IoCs

pid	Process
2360	9fff1a4afe4950b4c311f2d44e87f5c7a23a7a458d383ad96938744d59cc0e09N.exe
2360	9fff1a4afe4950b4c311f2d44e87f5c7a23a7a458d383ad96938744d59cc0e09N.exe
1100	Unicorn-9161.exe
2360	9fff1a4afe4950b4c311f2d44e87f5c7a23a7a458d383ad96938744d59cc0e09N.exe
2360	9fff1a4afe4950b4c311f2d44e87f5c7a23a7a458d383ad96938744d59cc0e09N.exe
1100	Unicorn-9161.exe
1264	Unicorn-38949.exe
1264	Unicorn-38949.exe
1724	Unicorn-56032.exe
1724	Unicorn-56032.exe
2360	9fff1a4afe4950b4c311f2d44e87f5c7a23a7a458d383ad96938744d59cc0e09N.exe
1100	Unicorn-9161.exe
2360	9fff1a4afe4950b4c311f2d44e87f5c7a23a7a458d383ad96938744d59cc0e09N.exe
1100	Unicorn-9161.exe
2832	Unicorn-18695.exe
2832	Unicorn-18695.exe
1264	Unicorn-38949.exe
1264	Unicorn-38949.exe
2772	Unicorn-57489.exe
2772	Unicorn-57489.exe
2360	9fff1a4afe4950b4c311f2d44e87f5c7a23a7a458d383ad96938744d59cc0e09N.exe
2360	9fff1a4afe4950b4c311f2d44e87f5c7a23a7a458d383ad96938744d59cc0e09N.exe
3016	Unicorn-22779.exe
3016	Unicorn-22779.exe
1100	Unicorn-9161.exe
1724	Unicorn-56032.exe
1724	Unicorn-56032.exe
1100	Unicorn-9161.exe
1940	Unicorn-60770.exe
1940	Unicorn-60770.exe
2832	Unicorn-18695.exe
2832	Unicorn-18695.exe
692	Unicorn-44989.exe
1264	Unicorn-38949.exe
692	Unicorn-44989.exe
1264	Unicorn-38949.exe
2848	Unicorn-43753.exe
2848	Unicorn-43753.exe
588	Unicorn-31725.exe
588	Unicorn-31725.exe
2360	9fff1a4afe4950b4c311f2d44e87f5c7a23a7a458d383ad96938744d59cc0e09N.exe
2360	9fff1a4afe4950b4c311f2d44e87f5c7a23a7a458d383ad96938744d59cc0e09N.exe
320	Unicorn-42212.exe
320	Unicorn-42212.exe
1724	Unicorn-56032.exe
1724	Unicorn-56032.exe
1648	Unicorn-52410.exe
1648	Unicorn-52410.exe
1996	Unicorn-55948.exe
1996	Unicorn-55948.exe
2772	Unicorn-57489.exe
1956	Unicorn-31990.exe
2772	Unicorn-57489.exe
1956	Unicorn-31990.exe
1100	Unicorn-9161.exe
1100	Unicorn-9161.exe
3016	Unicorn-22779.exe
3016	Unicorn-22779.exe
1640	Unicorn-53801.exe
1640	Unicorn-53801.exe
1940	Unicorn-60770.exe
1940	Unicorn-60770.exe
2320	Unicorn-33189.exe
2320	Unicorn-33189.exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61255.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29788.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52841.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37024.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54191.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29938.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58455.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49886.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56645.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19292.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57291.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40755.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57291.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31965.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18230.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62101.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17511.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28680.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34825.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25310.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57291.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42212.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61255.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25993.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27442.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2657.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-792.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61255.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52841.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52277.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38949.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31804.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38096.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65314.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54161.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51350.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22066.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58215.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32228.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57291.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9810.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42081.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3098.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10627.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65058.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62245.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57489.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45276.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54161.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44686.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2197.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63107.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57291.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29546.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61763.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1275.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59003.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13243.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21528.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34341.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60550.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63621.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52841.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17857.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2360	9fff1a4afe4950b4c311f2d44e87f5c7a23a7a458d383ad96938744d59cc0e09N.exe
1100	Unicorn-9161.exe
1264	Unicorn-38949.exe
1724	Unicorn-56032.exe
2832	Unicorn-18695.exe
2848	Unicorn-43753.exe
2772	Unicorn-57489.exe
3016	Unicorn-22779.exe
1940	Unicorn-60770.exe
692	Unicorn-44989.exe
588	Unicorn-31725.exe
320	Unicorn-42212.exe
1648	Unicorn-52410.exe
1956	Unicorn-31990.exe
1996	Unicorn-55948.exe
1640	Unicorn-53801.exe
2976	Unicorn-46188.exe
2320	Unicorn-33189.exe
1848	Unicorn-27058.exe
900	Unicorn-47532.exe
2580	Unicorn-46977.exe
1780	Unicorn-54191.exe
1664	Unicorn-42701.exe
2944	Unicorn-15958.exe
1308	Unicorn-26173.exe
940	Unicorn-51424.exe
2116	Unicorn-5752.exe
1696	Unicorn-34341.exe
2496	Unicorn-30811.exe
780	Unicorn-38160.exe
2300	Unicorn-22364.exe
1032	Unicorn-63759.exe
1628	Unicorn-18555.exe
1608	Unicorn-31361.exe
2548	Unicorn-45974.exe
2420	Unicorn-51227.exe
2800	Unicorn-52104.exe
2720	Unicorn-6722.exe
2888	Unicorn-30423.exe
2868	Unicorn-63842.exe
2648	Unicorn-63095.exe
2640	Unicorn-2197.exe
2724	Unicorn-30231.exe
2476	Unicorn-9810.exe
280	Unicorn-17979.exe
652	Unicorn-11848.exe
1984	Unicorn-44521.exe
1468	Unicorn-47141.exe
1992	Unicorn-27226.exe
1824	Unicorn-19323.exe
1656	Unicorn-35467.exe
1960	Unicorn-35467.exe
2988	Unicorn-56634.exe
2632	Unicorn-35467.exe
2432	Unicorn-15601.exe
2528	Unicorn-40105.exe
2532	Unicorn-42873.exe
2212	Unicorn-29144.exe
3028	Unicorn-1977.exe
2324	Unicorn-35396.exe
1272	Unicorn-32102.exe
2200	Unicorn-1275.exe
1548	Unicorn-48438.exe
2340	Unicorn-44717.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2360 wrote to memory of 1100	2360	9fff1a4afe4950b4c311f2d44e87f5c7a23a7a458d383ad96938744d59cc0e09N.exe	30
PID 2360 wrote to memory of 1100	2360	9fff1a4afe4950b4c311f2d44e87f5c7a23a7a458d383ad96938744d59cc0e09N.exe	30
PID 2360 wrote to memory of 1100	2360	9fff1a4afe4950b4c311f2d44e87f5c7a23a7a458d383ad96938744d59cc0e09N.exe	30
PID 2360 wrote to memory of 1100	2360	9fff1a4afe4950b4c311f2d44e87f5c7a23a7a458d383ad96938744d59cc0e09N.exe	30
PID 2360 wrote to memory of 1724	2360	9fff1a4afe4950b4c311f2d44e87f5c7a23a7a458d383ad96938744d59cc0e09N.exe	32
PID 2360 wrote to memory of 1724	2360	9fff1a4afe4950b4c311f2d44e87f5c7a23a7a458d383ad96938744d59cc0e09N.exe	32
PID 2360 wrote to memory of 1724	2360	9fff1a4afe4950b4c311f2d44e87f5c7a23a7a458d383ad96938744d59cc0e09N.exe	32
PID 2360 wrote to memory of 1724	2360	9fff1a4afe4950b4c311f2d44e87f5c7a23a7a458d383ad96938744d59cc0e09N.exe	32
PID 1100 wrote to memory of 1264	1100	Unicorn-9161.exe	31
PID 1100 wrote to memory of 1264	1100	Unicorn-9161.exe	31
PID 1100 wrote to memory of 1264	1100	Unicorn-9161.exe	31
PID 1100 wrote to memory of 1264	1100	Unicorn-9161.exe	31
PID 1264 wrote to memory of 2832	1264	Unicorn-38949.exe	33
PID 1264 wrote to memory of 2832	1264	Unicorn-38949.exe	33
PID 1264 wrote to memory of 2832	1264	Unicorn-38949.exe	33
PID 1264 wrote to memory of 2832	1264	Unicorn-38949.exe	33
PID 1724 wrote to memory of 3016	1724	Unicorn-56032.exe	34
PID 1724 wrote to memory of 3016	1724	Unicorn-56032.exe	34
PID 1724 wrote to memory of 3016	1724	Unicorn-56032.exe	34
PID 1724 wrote to memory of 3016	1724	Unicorn-56032.exe	34
PID 2360 wrote to memory of 2772	2360	9fff1a4afe4950b4c311f2d44e87f5c7a23a7a458d383ad96938744d59cc0e09N.exe	35
PID 2360 wrote to memory of 2772	2360	9fff1a4afe4950b4c311f2d44e87f5c7a23a7a458d383ad96938744d59cc0e09N.exe	35
PID 2360 wrote to memory of 2772	2360	9fff1a4afe4950b4c311f2d44e87f5c7a23a7a458d383ad96938744d59cc0e09N.exe	35
PID 2360 wrote to memory of 2772	2360	9fff1a4afe4950b4c311f2d44e87f5c7a23a7a458d383ad96938744d59cc0e09N.exe	35
PID 1100 wrote to memory of 2848	1100	Unicorn-9161.exe	36
PID 1100 wrote to memory of 2848	1100	Unicorn-9161.exe	36
PID 1100 wrote to memory of 2848	1100	Unicorn-9161.exe	36
PID 1100 wrote to memory of 2848	1100	Unicorn-9161.exe	36
PID 2832 wrote to memory of 1940	2832	Unicorn-18695.exe	38
PID 2832 wrote to memory of 1940	2832	Unicorn-18695.exe	38
PID 2832 wrote to memory of 1940	2832	Unicorn-18695.exe	38
PID 2832 wrote to memory of 1940	2832	Unicorn-18695.exe	38
PID 1264 wrote to memory of 692	1264	Unicorn-38949.exe	39
PID 1264 wrote to memory of 692	1264	Unicorn-38949.exe	39
PID 1264 wrote to memory of 692	1264	Unicorn-38949.exe	39
PID 1264 wrote to memory of 692	1264	Unicorn-38949.exe	39
PID 2772 wrote to memory of 1648	2772	Unicorn-57489.exe	40
PID 2772 wrote to memory of 1648	2772	Unicorn-57489.exe	40
PID 2772 wrote to memory of 1648	2772	Unicorn-57489.exe	40
PID 2772 wrote to memory of 1648	2772	Unicorn-57489.exe	40
PID 2360 wrote to memory of 588	2360	9fff1a4afe4950b4c311f2d44e87f5c7a23a7a458d383ad96938744d59cc0e09N.exe	41
PID 2360 wrote to memory of 588	2360	9fff1a4afe4950b4c311f2d44e87f5c7a23a7a458d383ad96938744d59cc0e09N.exe	41
PID 2360 wrote to memory of 588	2360	9fff1a4afe4950b4c311f2d44e87f5c7a23a7a458d383ad96938744d59cc0e09N.exe	41
PID 2360 wrote to memory of 588	2360	9fff1a4afe4950b4c311f2d44e87f5c7a23a7a458d383ad96938744d59cc0e09N.exe	41
PID 3016 wrote to memory of 1956	3016	Unicorn-22779.exe	42
PID 3016 wrote to memory of 1956	3016	Unicorn-22779.exe	42
PID 3016 wrote to memory of 1956	3016	Unicorn-22779.exe	42
PID 3016 wrote to memory of 1956	3016	Unicorn-22779.exe	42
PID 1724 wrote to memory of 320	1724	Unicorn-56032.exe	44
PID 1724 wrote to memory of 320	1724	Unicorn-56032.exe	44
PID 1724 wrote to memory of 320	1724	Unicorn-56032.exe	44
PID 1724 wrote to memory of 320	1724	Unicorn-56032.exe	44
PID 1100 wrote to memory of 1996	1100	Unicorn-9161.exe	43
PID 1100 wrote to memory of 1996	1100	Unicorn-9161.exe	43
PID 1100 wrote to memory of 1996	1100	Unicorn-9161.exe	43
PID 1100 wrote to memory of 1996	1100	Unicorn-9161.exe	43
PID 1940 wrote to memory of 1640	1940	Unicorn-60770.exe	45
PID 1940 wrote to memory of 1640	1940	Unicorn-60770.exe	45
PID 1940 wrote to memory of 1640	1940	Unicorn-60770.exe	45
PID 1940 wrote to memory of 1640	1940	Unicorn-60770.exe	45
PID 2832 wrote to memory of 2976	2832	Unicorn-18695.exe	46
PID 2832 wrote to memory of 2976	2832	Unicorn-18695.exe	46
PID 2832 wrote to memory of 2976	2832	Unicorn-18695.exe	46
PID 2832 wrote to memory of 2976	2832	Unicorn-18695.exe	46

C:\Users\Admin\AppData\Local\Temp\9fff1a4afe4950b4c311f2d44e87f5c7a23a7a458d383ad96938744d59cc0e09N.exe
"C:\Users\Admin\AppData\Local\Temp\9fff1a4afe4950b4c311f2d44e87f5c7a23a7a458d383ad96938744d59cc0e09N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2360
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9161.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9161.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38949.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38949.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18695.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18695.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60770.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53801.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22364.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1977.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6196.exe
        9⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65314.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48949.exe
        9⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25993.exe
        9⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32599.exe
        8⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54161.exe
        8⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9505.exe
        8⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57291.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35396.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36430.exe
        8⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6413.exe
        8⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53963.exe
        8⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57291.exe
        8⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58696.exe
        7⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12278.exe
        7⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45298.exe
        7⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46612.exe
        7⤵
        
        PID:6628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63759.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32102.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38096.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25241.exe
        8⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64901.exe
        8⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25993.exe
        8⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64612.exe
        7⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65501.exe
        7⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29895.exe
        7⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40755.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1275.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42081.exe
        7⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59822.exe
        8⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18919.exe
        8⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63621.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1583.exe
        7⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38063.exe
        7⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40755.exe
        7⤵
        
        PID:6572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41816.exe
        6⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60218.exe
        7⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45901.exe
        7⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28611.exe
        7⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-419.exe
        7⤵
        
        PID:5340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37115.exe
        6⤵
        
        PID:3408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40300.exe
        6⤵
        
        PID:4228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51998.exe
        6⤵
        
        PID:6084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61864.exe
        6⤵
        
        PID:6176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46188.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7576.exe
        6⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32154.exe
        7⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49886.exe
        7⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61255.exe
        7⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46729.exe
        7⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57291.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29915.exe
        6⤵
        
        PID:2148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12278.exe
        6⤵
        
        PID:4092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46149.exe
        6⤵
        
        PID:4740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62245.exe
        6⤵
        
        PID:6444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44521.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-664.exe
        6⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38096.exe
        7⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48594.exe
        7⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11892.exe
        7⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21219.exe
        7⤵
        
        PID:6964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18230.exe
        6⤵
        
        PID:3320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54161.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9505.exe
        6⤵
        
        PID:944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13243.exe
        6⤵
        
        PID:6324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41816.exe
        5⤵
        
        PID:884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60550.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58215.exe
        6⤵
        
        PID:3652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48098.exe
        6⤵
        
        PID:2480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-419.exe
        6⤵
        
        PID:5672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62803.exe
        5⤵
        
        PID:2664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39293.exe
        5⤵
        
        PID:3872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45828.exe
        5⤵
        
        PID:5020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36290.exe
        5⤵
        
        PID:5840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44989.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33189.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18555.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48438.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2221.exe
        8⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49886.exe
        8⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61255.exe
        8⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23377.exe
        8⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13243.exe
        8⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12288.exe
        7⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12278.exe
        7⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45298.exe
        7⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62245.exe
        7⤵
        
        PID:6316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44717.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22066.exe
        7⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49886.exe
        7⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61255.exe
        7⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17948.exe
        7⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57291.exe
        7⤵
        
        PID:6732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13195.exe
        6⤵
        
        PID:2124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3613.exe
        6⤵
        
        PID:4084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28762.exe
        6⤵
        
        PID:4852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57821.exe
        6⤵
        
        PID:6468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31361.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56414.exe
        6⤵
        Executes dropped EXE
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38869.exe
        7⤵
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-545.exe
        7⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52841.exe
        7⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21908.exe
        7⤵
        
        PID:6372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18230.exe
        6⤵
        
        PID:3388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54161.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9505.exe
        6⤵
        
        PID:936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13243.exe
        6⤵
        
        PID:6796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21503.exe
        5⤵
        
        PID:592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38096.exe
        6⤵
        
        PID:3496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7561.exe
        6⤵
        
        PID:4568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52841.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21908.exe
        6⤵
        
        PID:6396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37831.exe
        5⤵
        
        PID:3372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47277.exe
        5⤵
        
        PID:3972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49841.exe
        5⤵
        
        PID:4736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25081.exe
        5⤵
        
        PID:6644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27058.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27058.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52104.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27634.exe
        6⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19793.exe
        7⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48594.exe
        7⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11892.exe
        7⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21219.exe
        7⤵
        
        PID:6972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18230.exe
        6⤵
        
        PID:3288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54161.exe
        6⤵
        
        PID:3924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9505.exe
        6⤵
        
        PID:4676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57291.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7576.exe
        5⤵
        
        PID:1944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43830.exe
        6⤵
        
        PID:2612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49886.exe
        6⤵
        
        PID:3744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61255.exe
        6⤵
        
        PID:4016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19292.exe
        6⤵
        
        PID:5924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13243.exe
        6⤵
        
        PID:6804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24871.exe
        5⤵
        
        PID:2508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3949.exe
        5⤵
        
        PID:2644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58455.exe
        5⤵
        
        PID:4500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59629.exe
        5⤵
        
        PID:5816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13773.exe
        5⤵
        
        PID:6388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6722.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11873.exe
        5⤵
        
        PID:2004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50898.exe
        6⤵
        
        PID:3620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45901.exe
        6⤵
        
        PID:4196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54268.exe
        6⤵
        
        PID:6076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25993.exe
        6⤵
        
        PID:6228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13461.exe
        5⤵
        
        PID:3748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6543.exe
        5⤵
        
        PID:5040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46729.exe
        5⤵
        
        PID:5536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57291.exe
        5⤵
        
        PID:6700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61464.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61464.exe
      4⤵
      PID:2952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39663.exe
        5⤵
        
        PID:2248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49886.exe
        5⤵
        
        PID:3708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61255.exe
        5⤵
        
        PID:5096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38369.exe
        5⤵
        
        PID:5684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57291.exe
        5⤵
        
        PID:6668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29464.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29464.exe
      4⤵
      PID:1620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48149.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48149.exe
      4⤵
      PID:3644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18962.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18962.exe
      4⤵
      PID:4704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35155.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35155.exe
      4⤵
      PID:6452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43753.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43753.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47532.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47532.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51227.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27442.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42081.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15709.exe
        8⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48594.exe
        8⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11892.exe
        8⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18230.exe
        7⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50077.exe
        7⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58706.exe
        7⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29546.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26299.exe
        6⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38869.exe
        7⤵
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48594.exe
        7⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32228.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-419.exe
        7⤵
        
        PID:5364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31965.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55942.exe
        6⤵
        
        PID:3844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30272.exe
        6⤵
        
        PID:5356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62974.exe
        6⤵
        
        PID:5416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8920.exe
        5⤵
        
        PID:2404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38096.exe
        6⤵
        
        PID:3512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53830.exe
        6⤵
        
        PID:4416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40589.exe
        6⤵
        
        PID:4620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21908.exe
        6⤵
        
        PID:6380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31965.exe
        5⤵
        
        PID:3184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47966.exe
        5⤵
        
        PID:3968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61333.exe
        5⤵
        
        PID:840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40755.exe
        5⤵
        
        PID:6016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45974.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53290.exe
        5⤵
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4063.exe
        6⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3456.exe
        7⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44510.exe
        7⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3640.exe
        7⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21908.exe
        7⤵
        
        PID:6292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18230.exe
        6⤵
        
        PID:3260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4816.exe
        6⤵
        
        PID:4696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29895.exe
        6⤵
        
        PID:5436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40755.exe
        6⤵
        
        PID:6548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24980.exe
        5⤵
        
        PID:3048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21935.exe
        5⤵
        
        PID:3900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56836.exe
        5⤵
        
        PID:4116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13360.exe
        5⤵
        
        PID:5504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57821.exe
        5⤵
        
        PID:6516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11800.exe
      4⤵
      PID:2880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56466.exe
        5⤵
        
        PID:2728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44894.exe
        5⤵
        
        PID:3896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48098.exe
        5⤵
        
        PID:4816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-419.exe
        5⤵
        
        PID:5308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29938.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29938.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34825.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34825.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1370.exe
      4⤵
      PID:4820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57779.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57779.exe
      4⤵
      PID:6308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55948.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55948.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34341.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63095.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1494.exe
        6⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55231.exe
        7⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49886.exe
        7⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61255.exe
        7⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46729.exe
        7⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57291.exe
        7⤵
        
        PID:6708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24404.exe
        6⤵
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3949.exe
        6⤵
        
        PID:3592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58455.exe
        6⤵
        
        PID:4492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59629.exe
        6⤵
        
        PID:5824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17857.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3959.exe
        5⤵
        
        PID:1484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38096.exe
        6⤵
        
        PID:3456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5589.exe
        6⤵
        
        PID:4668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11892.exe
        6⤵
        
        PID:5612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9242.exe
        6⤵
        
        PID:7008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31965.exe
        5⤵
        
        PID:3208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55942.exe
        5⤵
        
        PID:3856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30272.exe
        5⤵
        
        PID:5396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62974.exe
        5⤵
        
        PID:4772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2197.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4063.exe
        5⤵
        
        PID:2740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65058.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43506.exe
        6⤵
        
        PID:6160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26180.exe
        5⤵
        
        PID:3428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29788.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38063.exe
        5⤵
        
        PID:5528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40755.exe
        5⤵
        
        PID:6612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44202.exe
      4⤵
      PID:920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64826.exe
        5⤵
        
        PID:2000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58215.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48098.exe
        5⤵
        
        PID:4828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-419.exe
        5⤵
        
        PID:5332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60285.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60285.exe
      4⤵
      PID:2352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3613.exe
      4⤵
      PID:3176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28762.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28762.exe
      4⤵
      PID:1476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57821.exe
      4⤵
      PID:6524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38160.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38160.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35467.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35467.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12065.exe
        5⤵
        
        PID:2764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49948.exe
        6⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53706.exe
        7⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36448.exe
        7⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60091.exe
        7⤵
        
        PID:6460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63621.exe
        6⤵
        
        PID:3172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1583.exe
        6⤵
        
        PID:4480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51468.exe
        6⤵
        
        PID:6128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62245.exe
        6⤵
        
        PID:6412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29890.exe
        5⤵
        
        PID:2268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25351.exe
        6⤵
        
        PID:3580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58345.exe
        6⤵
        
        PID:5056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25679.exe
        6⤵
        
        PID:5968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21908.exe
        6⤵
        
        PID:6364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39916.exe
        5⤵
        
        PID:3416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65501.exe
        5⤵
        
        PID:4188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38063.exe
        5⤵
        
        PID:5496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40755.exe
        5⤵
        
        PID:6620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49377.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49377.exe
      4⤵
      PID:2748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38096.exe
        5⤵
        
        PID:3472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48594.exe
        5⤵
        
        PID:4344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11892.exe
        5⤵
        
        PID:5592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14362.exe
        5⤵
        
        PID:6776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31965.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31965.exe
      4⤵
      PID:3328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2465.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2465.exe
      4⤵
      PID:4444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62101.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62101.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62245.exe
      4⤵
      PID:6428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42873.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42873.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22066.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49886.exe
      4⤵
      PID:3808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61255.exe
      4⤵
      PID:5048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19292.exe
      4⤵
      PID:5784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13243.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13243.exe
      4⤵
      PID:6844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42868.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42868.exe
    3⤵
    PID:2744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61351.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61351.exe
    3⤵
    PID:3612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37454.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37454.exe
    3⤵
    PID:4508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53912.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53912.exe
    3⤵
    PID:5940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56645.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56645.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5312
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56032.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56032.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22779.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22779.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31990.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31990.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5752.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19323.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42081.exe
        7⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38096.exe
        8⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48594.exe
        8⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11892.exe
        8⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26154.exe
        8⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18230.exe
        7⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62329.exe
        7⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48152.exe
        7⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5151.exe
        7⤵
        
        PID:6996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22215.exe
        6⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55847.exe
        7⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6392.exe
        7⤵
        
        PID:6752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3949.exe
        6⤵
        
        PID:3548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58455.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21528.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57821.exe
        6⤵
        
        PID:6532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15601.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39663.exe
        6⤵
        
        PID:2592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49886.exe
        6⤵
        
        PID:3768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61255.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38369.exe
        6⤵
        
        PID:5692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13243.exe
        6⤵
        
        PID:6836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48800.exe
        5⤵
        
        PID:1380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3949.exe
        5⤵
        
        PID:3572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50939.exe
        5⤵
        
        PID:4616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34318.exe
        5⤵
        
        PID:5704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57779.exe
        5⤵
        
        PID:6356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30811.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30811.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57737.exe
        5⤵
        
        PID:2808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22035.exe
        6⤵
        
        PID:3908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45901.exe
        6⤵
        
        PID:4180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54268.exe
        6⤵
        
        PID:6092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25993.exe
        6⤵
        
        PID:6252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31965.exe
        5⤵
        
        PID:3216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55942.exe
        5⤵
        
        PID:3672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-840.exe
        5⤵
        
        PID:4728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40755.exe
        5⤵
        
        PID:6588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29144.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29144.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49948.exe
        5⤵
        
        PID:1748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43201.exe
        6⤵
        
        PID:5316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61763.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26180.exe
        5⤵
        
        PID:3164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59636.exe
        5⤵
        
        PID:4272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34477.exe
        5⤵
        
        PID:5368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57291.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59003.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59003.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52277.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56911.exe
        5⤵
        
        PID:7044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37115.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37115.exe
      4⤵
      PID:1164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21652.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21652.exe
      4⤵
      PID:4640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55163.exe
      4⤵
      PID:5760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52444.exe
      4⤵
      PID:5544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42212.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42212.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42701.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42701.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30423.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3705.exe
        6⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35906.exe
        7⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45901.exe
        7⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17511.exe
        7⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25993.exe
        7⤵
        
        PID:6284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50602.exe
        6⤵
        
        PID:3552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6112.exe
        6⤵
        
        PID:4580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58706.exe
        6⤵
        
        PID:4432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13243.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5604.exe
        5⤵
        
        PID:604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59507.exe
        6⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52050.exe
        7⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45901.exe
        7⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13427.exe
        7⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25993.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49886.exe
        6⤵
        
        PID:3796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61255.exe
        6⤵
        
        PID:4100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19292.exe
        6⤵
        
        PID:5768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13243.exe
        6⤵
        
        PID:6812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28680.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3949.exe
        5⤵
        
        PID:3540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58455.exe
        5⤵
        
        PID:4488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59629.exe
        5⤵
        
        PID:5776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13773.exe
        5⤵
        
        PID:6340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63842.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29253.exe
        5⤵
        
        PID:1860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51350.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40532.exe
        6⤵
        
        PID:6120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20127.exe
        6⤵
        
        PID:6212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26180.exe
        5⤵
        
        PID:3528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59636.exe
        5⤵
        
        PID:4164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38369.exe
        5⤵
        
        PID:5676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57291.exe
        5⤵
        
        PID:6692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18846.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18846.exe
      4⤵
      PID:1068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38096.exe
        5⤵
        
        PID:3504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11645.exe
        5⤵
        
        PID:4556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52841.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25993.exe
        5⤵
        
        PID:6260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37831.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37831.exe
      4⤵
      PID:3380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51361.exe
      4⤵
      PID:4108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49841.exe
      4⤵
      PID:4784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13773.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13773.exe
      4⤵
      PID:6300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15958.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15958.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9810.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9810.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33446.exe
        5⤵
        
        PID:1732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38096.exe
        6⤵
        
        PID:3464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48594.exe
        6⤵
        
        PID:4312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4766.exe
        6⤵
        
        PID:5732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63107.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18230.exe
        5⤵
        
        PID:3232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4816.exe
        5⤵
        
        PID:4712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9283.exe
        5⤵
        
        PID:5644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40755.exe
        5⤵
        
        PID:6564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16595.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16595.exe
      4⤵
      PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35714.exe
        5⤵
        
        PID:3700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45901.exe
        5⤵
        
        PID:4236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17511.exe
        5⤵
        
        PID:5976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25993.exe
        5⤵
        
        PID:6196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48084.exe
      4⤵
      PID:4048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65501.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65501.exe
      4⤵
      PID:4200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25811.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25811.exe
      4⤵
      PID:5388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40755.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40755.exe
      4⤵
      PID:6604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27226.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27226.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11873.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11873.exe
      4⤵
      PID:1536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60825.exe
        5⤵
        
        PID:996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48594.exe
        5⤵
        
        PID:4296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11892.exe
        5⤵
        
        PID:5652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21219.exe
        5⤵
        
        PID:6956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18230.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41909.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41909.exe
      4⤵
      PID:4436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5229.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5229.exe
      4⤵
      PID:5268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13243.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13243.exe
      4⤵
      PID:6852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48143.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48143.exe
    3⤵
    PID:2368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62766.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62766.exe
      4⤵
      PID:3988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45901.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45901.exe
      4⤵
      PID:4212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17511.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25993.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25993.exe
      4⤵
      PID:6268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45276.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45276.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57366.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57366.exe
    3⤵
    PID:4128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55163.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55163.exe
    3⤵
    PID:5752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23946.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23946.exe
    3⤵
    PID:6740
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57489.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57489.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52410.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52410.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26173.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35467.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3098.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49886.exe
        6⤵
        
        PID:3772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61255.exe
        6⤵
        
        PID:4244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42453.exe
        6⤵
        
        PID:5932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13243.exe
        6⤵
        
        PID:6860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47509.exe
        5⤵
        
        PID:2792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63621.exe
        5⤵
        
        PID:3640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1583.exe
        5⤵
        
        PID:4552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43300.exe
        5⤵
        
        PID:6068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62245.exe
        5⤵
        
        PID:6404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56634.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56634.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36461.exe
        5⤵
        
        PID:2152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10581.exe
        6⤵
        
        PID:448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49886.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61255.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46729.exe
        6⤵
        
        PID:5468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57291.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53321.exe
        5⤵
        
        PID:2780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14420.exe
        5⤵
        
        PID:3816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5475.exe
        5⤵
        
        PID:4592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10627.exe
        5⤵
        
        PID:5900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-792.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17694.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17694.exe
      4⤵
      PID:2100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7790.exe
        5⤵
        
        PID:4692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37024.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57242.exe
        5⤵
        
        PID:5492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45781.exe
      4⤵
      PID:2684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56836.exe
      4⤵
      PID:4136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59629.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59629.exe
      4⤵
      PID:5808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13773.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13773.exe
      4⤵
      PID:6348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51424.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51424.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30231.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14006.exe
        5⤵
        
        PID:572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49886.exe
        5⤵
        
        PID:3804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61255.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23377.exe
        5⤵
        
        PID:5884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17327.exe
        5⤵
        
        PID:6244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44686.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44686.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63621.exe
      4⤵
      PID:3608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1583.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1583.exe
      4⤵
      PID:4460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10627.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10627.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62245.exe
      4⤵
      PID:6420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11848.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11848.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42081.exe
      4⤵
      PID:1600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30866.exe
        5⤵
        
        PID:5700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40382.exe
        5⤵
        
        PID:7116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63621.exe
      4⤵
      PID:3244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1583.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1583.exe
      4⤵
      PID:4576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10627.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10627.exe
      4⤵
      PID:5916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62245.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41816.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41816.exe
    3⤵
    PID:1532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38096.exe
      4⤵
      PID:3448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48594.exe
      4⤵
      PID:4328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24060.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24060.exe
      4⤵
      PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-419.exe
      4⤵
      PID:4780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29165.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29165.exe
    3⤵
    PID:3312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30741.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30741.exe
    3⤵
    PID:4056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50571.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50571.exe
    3⤵
    PID:4660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36290.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36290.exe
    3⤵
    PID:5864
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31725.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31725.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46977.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46977.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35467.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35467.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16870.exe
        5⤵
        
        PID:2804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38096.exe
        6⤵
        
        PID:3488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48594.exe
        6⤵
        
        PID:4140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11892.exe
        6⤵
        
        PID:5604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13710.exe
        6⤵
        
        PID:7124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31965.exe
        5⤵
        
        PID:3224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2657.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29428.exe
        5⤵
        
        PID:5148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40755.exe
        5⤵
        
        PID:6596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36932.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36932.exe
      4⤵
      PID:1680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50140.exe
        5⤵
        
        PID:1660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55039.exe
        6⤵
        
        PID:2712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49886.exe
        6⤵
        
        PID:3712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61255.exe
        6⤵
        
        PID:4372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19292.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17327.exe
        6⤵
        
        PID:6236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44686.exe
        5⤵
        
        PID:2672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3743.exe
        5⤵
        
        PID:5032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21528.exe
        5⤵
        
        PID:5564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57821.exe
        5⤵
        
        PID:6500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23397.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23397.exe
      4⤵
      PID:2924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56361.exe
        5⤵
        
        PID:4628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52827.exe
        5⤵
        
        PID:7084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60821.exe
      4⤵
      PID:3600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41919.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41919.exe
      4⤵
      PID:4360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43830.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43830.exe
      4⤵
      PID:6036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61864.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61864.exe
      4⤵
      PID:6168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40105.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40105.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8723.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8723.exe
      4⤵
      PID:1092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2797.exe
        5⤵
        
        PID:3024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49886.exe
        5⤵
        
        PID:3780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61255.exe
        5⤵
        
        PID:5024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46729.exe
        5⤵
        
        PID:5620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57291.exe
        5⤵
        
        PID:6716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60721.exe
      4⤵
      PID:2852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12278.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12278.exe
      4⤵
      PID:4072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45298.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45298.exe
      4⤵
      PID:2512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40755.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40755.exe
      4⤵
      PID:6556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31804.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31804.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35257.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35257.exe
    3⤵
    PID:3824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56836.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56836.exe
    3⤵
    PID:4160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21528.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21528.exe
    3⤵
    PID:5548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57821.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57821.exe
    3⤵
    PID:6492
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54191.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54191.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17979.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17979.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4063.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4063.exe
      4⤵
      PID:3008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38096.exe
        5⤵
        
        PID:3432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48594.exe
        5⤵
        
        PID:4288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52841.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-419.exe
        5⤵
        
        PID:6104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18230.exe
      4⤵
      PID:3248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62137.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62137.exe
      4⤵
      PID:4400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38094.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38094.exe
      4⤵
      PID:5140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57291.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57291.exe
      4⤵
      PID:6684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30466.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30466.exe
    3⤵
    PID:1464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47722.exe
      4⤵
      PID:2932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49886.exe
      4⤵
      PID:3724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61255.exe
      4⤵
      PID:4356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19292.exe
      4⤵
      PID:5800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13243.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13243.exe
      4⤵
      PID:6820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30299.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30299.exe
    3⤵
    PID:2428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3613.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3613.exe
    3⤵
    PID:4000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-833.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-833.exe
    3⤵
    PID:4840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57821.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57821.exe
    3⤵
    PID:6508
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47141.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47141.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64857.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64857.exe
    3⤵
    PID:1888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25310.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48701.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48701.exe
      4⤵
      PID:5244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65244.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65244.exe
      4⤵
      PID:5420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63621.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63621.exe
    3⤵
    PID:3204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1583.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1583.exe
    3⤵
    PID:4456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38063.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38063.exe
    3⤵
    PID:5520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40755.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40755.exe
    3⤵
    PID:6580
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20852.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20852.exe
  2⤵
  PID:1036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38096.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38096.exe
    3⤵
    PID:3400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36341.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36341.exe
    3⤵
    PID:3848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3640.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3640.exe
    3⤵
    PID:4684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-419.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-419.exe
    3⤵
    PID:6024
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8165.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8165.exe
  2⤵
  PID:3304
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20941.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20941.exe
  2⤵
  PID:3976
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44241.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44241.exe
  2⤵
  PID:4624
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7419.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7419.exe
  2⤵
  PID:6332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11848.exe

Filesize
468KB

MD5
e25b79730900bfa15f2512085f9a74a0

SHA1
b2f21d731f65b98783942fcd0a53e30d1a5af46c

SHA256
4af430447cbcaadac3a64a8c3468ce9bb05bd3e6877396043a8142cac4c53a0e

SHA512
c1b19e91820a31a6115068f13e1141796005c670b5a0c73b5054938b812d21b2e4985a476fd6af644ae00e5546f3a417cd6ca3eedde652957fcaffb369318039

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18695.exe

Filesize
468KB

MD5
eb6f95e2a9f868fead0c88dc71823d52

SHA1
73aad6a631eb73d14c9b4b94b3ee25f17046143f

SHA256
6bed6fd8f69f01688da95538e30c1ced213fdb25861672e511c97184bbd16f6a

SHA512
dc2e8530e85d1ffe107a271f5e443b8782f81e922fddc1b79c541067d4cef1e894afa49809e04cb1de6ad80e3c422ecd1175869cbbb130b175cc887c552368a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27058.exe

Filesize
468KB

MD5
a8cafb98e72edc233092fd4580963249

SHA1
b6c45de6c8a800485d6f518fc4d12ca5c40f9dcd

SHA256
b026cbf1ffd5902bd75d590b9e34ffa2c75188acb04c9c5d183a830c202c8a5b

SHA512
3a575726f6014706bdbde3cb04c8bca4b67a2f5e6b2638bd33dae5a75138439723a92caf7c131f5540514476131e48956342132564fa3863346fe353cb01571b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31725.exe

Filesize
468KB

MD5
eafab0af534efa0adaa5729b0da5be09

SHA1
9ce5783d7b90fb6c69fe1820b5e71d34b87f71a9

SHA256
3d2bb6a6853c391c9b443f491ca4929070f695a82a35f044d734eecd01e22a6b

SHA512
0f159fecd30ab457da512b3144894e58ab4085bdf1f00d3e06157ebf66846f94feae4c4dc98e7f10000a970f9fd1d75c95bbd3bb7e70f8db309c47b03b34f601

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40105.exe

Filesize
468KB

MD5
276ef63267eb33e3635b976297f52f39

SHA1
a44816cfa67584748c81fe4368473ab7e3303bae

SHA256
165c18e473aa0d43b00d5c800dc962a82d909ad0986a15385f6391fd6596dd17

SHA512
5ba89a2f138d11aa2a0c926b1541c0ba3e37c63069298252be284a3b8451829740f7bc45febaa75bde7319271ffc6d5fb46c2fbdcd1cbe74820f17c12a284603

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55948.exe

Filesize
468KB

MD5
d135778836ee572cd4fc844190041604

SHA1
862dd10f03f5540106bd2313b6edc813f21334f4

SHA256
bfb711787c04f179a8336cf4de62b53a6135296771a2af9e75668de7a8f392f2

SHA512
e9514be3d5b80d45ffe5b3e4e667642f6807a8a33b7ca93890917e7e3311242a81b170d27adcee4418f4a77554aebe088231417ac521165b01363c5eafe321b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5752.exe

Filesize
468KB

MD5
bd7afec509775cdf47abd8931243a312

SHA1
f7e9c52cbe88687bb349755f0a59db41567b060a

SHA256
0f5865da856b08a03d8c7d56d7861940d39fea515a9502f6ad269d7e05a8a0b5

SHA512
af7b7abdc6d445d01548396b2dd247dfbec14325ed8cb97503902e33ba481387b4b16b861edee45733241ee34183740184642ec5c0d5cced701eed1f58d9ef18

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60770.exe

Filesize
468KB

MD5
29e27b7d1487f9e48ffacd3a2b93efc7

SHA1
91eb936ee338f74eb297052254ddd6416f3fb7cc

SHA256
2be130d87f58abafe1db7513f71ca4fc1b45e6c8f28733fb9752fa0c2e519f95

SHA512
7a518267f1ccba56cf1f568cd9898839e90aaeeeedf9463ffe76f596c625b3b6bd21c0c8fdd33a556d5d8d26fe5054cd2f1f10fcdee37c9fbf5b33b37c464cfb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22779.exe

Filesize
468KB

MD5
96a7a39fc1564222f0933db915a4ff03

SHA1
b882d661bc2060c2ed00b3710429c6d9b647d83d

SHA256
6ec04499de2172ce296dbdf769abcab22678aa441937233f47e71e086a33ca6f

SHA512
fc5755da53920f28196f65032389c8e107f003b269c2f7fade7b9d7f4a5eecf0ff8576e639a259f6198fb571f8d2f81bfd750b1fd2fc12bda202065fd874de1d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31990.exe

Filesize
468KB

MD5
26c5cf85e6241e00b5e791c2ce93f1c4

SHA1
9c0230fedbe1e0a3f2320c9aa9b8965cdc4bb982

SHA256
1952192aa076106c498754df8badf1fd32f252412f913cbcd7c71a5575d3e7a8

SHA512
090013d695d98fd647c601599220bc6a0d90fc1505616742614fd5daa458e1fdf278c9778239bec22f51d27db7650ae59dc07427ec04b1ef459aeaad8b2ca866

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33189.exe

Filesize
468KB

MD5
234b63628898325b87ae9ad026f43fbd

SHA1
22e53c181cb31138c6508dd4376488e846722591

SHA256
cea1a9b2cca9431e114ade7a2aeb3e06091b56453ad242e74005c8e8a1307014

SHA512
8e50caf0939c3aec924d56bd64c3f04a3e8df6a0c230c8b9d59e33e0a22126a4b17d5dac26df02c40832d033702abaf0be12ac29d7dfc9311764cf5839a43582

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38949.exe

Filesize
468KB

MD5
91dd176db071c7d25969740aaa76959e

SHA1
d426703f53874a037c471f53ec96519f05049cb3

SHA256
c6630323ec86e20d5076818109cf7cb1a6e62ce9660bd0f14d7f27367e087453

SHA512
66c7bffe068829914adc253086a4e85ff4944b32bc5dca02dc9c8ab2207b6fc60ef1c5c1481f6f6dab950618994e04b15165b2be3ca84dd41b30e8b80258d1e6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42212.exe

Filesize
468KB

MD5
1cf8eb8270706e422d8a62dae44e0409

SHA1
18668d5ee0116612df2deba1e9011cac17f84688

SHA256
bc5591739ea57f873e49ff911b34c9e9aa9727c7b6d08109e128bfc86336ae31

SHA512
5e0bc5d47f5f7276fa52eb0f0898407378903163d4446e3b48f2eba670140c43f2cf3b9a179c191ad90f128211b73c40eddc43f99f47ef7d5781e1a1edcda067

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43753.exe

Filesize
468KB

MD5
0ecc3db87410ae4fa1636170bc175241

SHA1
956f1aee239c27772783ff3f03291181b0d5ed3f

SHA256
3bdea88228490739d251185d9edc60bf65e5af7b1250894dd253f49744e8163b

SHA512
822680938757cc9d07389eb663f913b61f370fee662b8fa06bb4d03fe494a6455e1b71af05fcb1b3ad57f6b3772f31432dec624849a787795b746305be6f5fb1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44989.exe

Filesize
468KB

MD5
0424cdaec021e1af9b171ea2baaace98

SHA1
742a5519f99bf0c24986ed5997ef0bde029df356

SHA256
7707de2aed2cda53872370eccbec23a370ef52bb980ebb99d6b94ba1c1d81c97

SHA512
0d47f9489991642d89c68c7db52cdff9d0b8406af4d86abff266f40c0d8111b160462f080189663c42861deff7178cb9a150d9b37e48f791a1c9fccdaaf2947b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46188.exe

Filesize
468KB

MD5
f1a031c0711ffe655245656ff52d8ad6

SHA1
998f4801cb769449895e9b75d493c64a43aa6628

SHA256
8e607460646d4ac5075e6eedbb1298cebdcef1d54cfb5a2732fdf3bebb92a2f0

SHA512
847cec6ac39867ddb42ae0b8697aa55a8e98719f5f131482659eada466565dde3e77616dc4c11a6f745ce70945dfbf9a246b206a875897232def4e040fca53a4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52410.exe

Filesize
468KB

MD5
4faf3378a730682b8291923d456d25b1

SHA1
22261daa8c77d5ad048724ecb0449ac1373f13a8

SHA256
752bc3ca2dabaadaf7ee4d17439fb057d4a43b774479ff5ddaafde514dfc1f67

SHA512
b8136562426485b80aa1d55e99a23600b070e47cede5e65c95af3a8ab676dde03f459b7e30c67adba036b78fc932bfdef7c5777c389e14ff9d34a465acc91912

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53801.exe

Filesize
468KB

MD5
400091cdb0776f46276d371198df8c76

SHA1
3b4984831b033708b0b9a9dc2b0f889080af6829

SHA256
cf5a386fbc380c84f583a848e07ad87c07d23148a7276f89a2009f6daffed965

SHA512
b0f807287ac009f5d5119209a52960af7a5ad4926e2bf40eba06b9c5176d9b6ea61545c7bf48ec394f6ffb1649a5ed3f431fe66d0e1563aa2252b2756adc413b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56032.exe

Filesize
468KB

MD5
c16fd846d7db8b57dfb8da36917750a8

SHA1
8b3aebd90460a54806dadf4cc2d26386cdaf5947

SHA256
55c52ddcd52ca4973f84ca5f255108bfb3d34b5a5d5adb74b455d181d43f1489

SHA512
2153704731d1cb109c9880a19154e86b3c0a6d09ffe1d0ca3e99609c14428e27e5d6627b4f164ffe90f3f554c0784e7d9a7e32cc66419d5105d798da4b7af099

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57489.exe

Filesize
468KB

MD5
ae6a2a8dcece8da8e264cbced1569f87

SHA1
75b02646232c2d52687245121eff86983770285a

SHA256
6be952072efc67c59e2848a2a2f26e8926f3cadfcb918985d00ba07058545169

SHA512
71695bfc13292eb6886b67bf3849bc104fd2c3b66e52f03951b2a8d614ab4bfda9a1582e517ee6c6bb546e15976deea2568e63036e683e6b3f8c7b00296c9e82

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9161.exe

Filesize
468KB

MD5
f91e67ab0850c227ee945477d23f3a2f

SHA1
726f056a0f1b4cc2f7689dd092d531b877d9e849

SHA256
f88a99e43edd4d20eb8d31aaf278e0bd4dddafe1926b873aa12b5cf934d5fd9c

SHA512
f10cd05a7827584fb55a3922aad8b5c953ebd5b2a6391b1eca9140598b498b579098669d987c198f48b8f561c38262e70aecb29469eea75aee213c494bac8e88

Download Submit