cd555f298f2d0e28df80387814855f4a5f20fd2b37559aa4fc8ad927e254f8ec

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30/09/2024, 05:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cd555f298f2d0e28df80387814855f4a5f20fd2b37559aa4fc8ad927e254f8ecN.exe
Size

468KB
MD5

512b10d0c980fb2c38b50700a3d47270
SHA1

5f701b75f8e83a0c5e95f418f3ff8f3613c1e811
SHA256

cd555f298f2d0e28df80387814855f4a5f20fd2b37559aa4fc8ad927e254f8ec
SHA512

5a24cc9fe33d801badfee7a4fb57896915cf7aee9034a1e7a3626f08edd886297d2eb2aa0d10a6d13dd632059a608e7e1c8cdc52dfa37faca2589c23fc95780c
SSDEEP

3072:ITJDog/d1O8uxbYeWbi/ff8/Prhjq7pnndHetVpxczFmwjA/GAlv:ITpoC/uxJWW/ffZFYHczAiA/G

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2156	Unicorn-12552.exe
2772	Unicorn-38567.exe
2864	Unicorn-33968.exe
2788	Unicorn-16261.exe
2660	Unicorn-27030.exe
2844	Unicorn-5287.exe
2616	Unicorn-38728.exe
1732	Unicorn-13040.exe
2992	Unicorn-56683.exe
1700	Unicorn-7482.exe
2580	Unicorn-27348.exe
2956	Unicorn-51852.exe
2892	Unicorn-9314.exe
264	Unicorn-3449.exe
2332	Unicorn-22360.exe
1928	Unicorn-1193.exe
2432	Unicorn-48484.exe
1568	Unicorn-30872.exe
2572	Unicorn-47208.exe
1860	Unicorn-22325.exe
3060	Unicorn-27150.exe
928	Unicorn-31256.exe
832	Unicorn-25125.exe
572	Unicorn-10024.exe
1308	Unicorn-15889.exe
2476	Unicorn-8863.exe
2320	Unicorn-16155.exe
1552	Unicorn-61826.exe
2744	Unicorn-57462.exe
2768	Unicorn-48334.exe
2732	Unicorn-9147.exe
2652	Unicorn-3859.exe
2080	Unicorn-55661.exe
1804	Unicorn-9989.exe
2088	Unicorn-5884.exe
2092	Unicorn-23454.exe
1312	Unicorn-44237.exe
2940	Unicorn-4678.exe
1756	Unicorn-14226.exe
2164	Unicorn-39053.exe
2160	Unicorn-28529.exe
2208	Unicorn-28794.exe
2192	Unicorn-22663.exe
2324	Unicorn-28794.exe
892	Unicorn-28602.exe
2072	Unicorn-22471.exe
1372	Unicorn-53874.exe
1824	Unicorn-23314.exe
1020	Unicorn-62291.exe
1976	Unicorn-25897.exe
2456	Unicorn-53361.exe
1688	Unicorn-62291.exe
1708	Unicorn-56161.exe
2480	Unicorn-62026.exe
2004	Unicorn-56737.exe
2380	Unicorn-62867.exe
2836	Unicorn-8985.exe
2792	Unicorn-4154.exe
2852	Unicorn-33297.exe
2628	Unicorn-45379.exe
2752	Unicorn-25513.exe
1144	Unicorn-45379.exe
2804	Unicorn-31264.exe
1664	Unicorn-47984.exe

Loads dropped DLL 64 IoCs

pid	Process
2236	cd555f298f2d0e28df80387814855f4a5f20fd2b37559aa4fc8ad927e254f8ecN.exe
2236	cd555f298f2d0e28df80387814855f4a5f20fd2b37559aa4fc8ad927e254f8ecN.exe
2156	Unicorn-12552.exe
2156	Unicorn-12552.exe
2236	cd555f298f2d0e28df80387814855f4a5f20fd2b37559aa4fc8ad927e254f8ecN.exe
2236	cd555f298f2d0e28df80387814855f4a5f20fd2b37559aa4fc8ad927e254f8ecN.exe
2156	Unicorn-12552.exe
2236	cd555f298f2d0e28df80387814855f4a5f20fd2b37559aa4fc8ad927e254f8ecN.exe
2864	Unicorn-33968.exe
2236	cd555f298f2d0e28df80387814855f4a5f20fd2b37559aa4fc8ad927e254f8ecN.exe
2864	Unicorn-33968.exe
2156	Unicorn-12552.exe
2772	Unicorn-38567.exe
2772	Unicorn-38567.exe
2616	Unicorn-38728.exe
2616	Unicorn-38728.exe
2772	Unicorn-38567.exe
2772	Unicorn-38567.exe
2864	Unicorn-33968.exe
2864	Unicorn-33968.exe
2660	Unicorn-27030.exe
2788	Unicorn-16261.exe
2660	Unicorn-27030.exe
2788	Unicorn-16261.exe
2236	cd555f298f2d0e28df80387814855f4a5f20fd2b37559aa4fc8ad927e254f8ecN.exe
2236	cd555f298f2d0e28df80387814855f4a5f20fd2b37559aa4fc8ad927e254f8ecN.exe
2156	Unicorn-12552.exe
2156	Unicorn-12552.exe
2844	Unicorn-5287.exe
2844	Unicorn-5287.exe
1732	Unicorn-13040.exe
1732	Unicorn-13040.exe
2616	Unicorn-38728.exe
2616	Unicorn-38728.exe
2580	Unicorn-27348.exe
2580	Unicorn-27348.exe
2892	Unicorn-9314.exe
2892	Unicorn-9314.exe
2660	Unicorn-27030.exe
2660	Unicorn-27030.exe
2236	cd555f298f2d0e28df80387814855f4a5f20fd2b37559aa4fc8ad927e254f8ecN.exe
2236	cd555f298f2d0e28df80387814855f4a5f20fd2b37559aa4fc8ad927e254f8ecN.exe
2956	Unicorn-51852.exe
2772	Unicorn-38567.exe
2956	Unicorn-51852.exe
2772	Unicorn-38567.exe
2864	Unicorn-33968.exe
2864	Unicorn-33968.exe
2156	Unicorn-12552.exe
2992	Unicorn-56683.exe
264	Unicorn-3449.exe
2788	Unicorn-16261.exe
2992	Unicorn-56683.exe
2156	Unicorn-12552.exe
2788	Unicorn-16261.exe
264	Unicorn-3449.exe
2332	Unicorn-22360.exe
2332	Unicorn-22360.exe
1928	Unicorn-1193.exe
1928	Unicorn-1193.exe
2844	Unicorn-5287.exe
2844	Unicorn-5287.exe
2616	Unicorn-38728.exe
2616	Unicorn-38728.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2552	892	WerFault.exe	74
2052	1372	WerFault.exe	76

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52633.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47501.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4193.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58825.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27348.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31264.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12700.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15368.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64121.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20736.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20935.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17089.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53157.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44114.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2185.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15898.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29447.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30441.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56913.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8396.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20736.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50121.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26192.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53874.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42712.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9846.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34563.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8863.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8772.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24034.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4246.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7249.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49715.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34116.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35762.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8396.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58637.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22251.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29901.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13189.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14132.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22955.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21311.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63273.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5287.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17921.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1384.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45937.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28764.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49366.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54569.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57650.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57835.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59587.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8036.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65496.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58825.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48732.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48484.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33407.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22402.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-810.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3999.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2236	cd555f298f2d0e28df80387814855f4a5f20fd2b37559aa4fc8ad927e254f8ecN.exe
2156	Unicorn-12552.exe
2864	Unicorn-33968.exe
2772	Unicorn-38567.exe
2844	Unicorn-5287.exe
2788	Unicorn-16261.exe
2616	Unicorn-38728.exe
2660	Unicorn-27030.exe
1732	Unicorn-13040.exe
1700	Unicorn-7482.exe
2580	Unicorn-27348.exe
2892	Unicorn-9314.exe
264	Unicorn-3449.exe
2992	Unicorn-56683.exe
2956	Unicorn-51852.exe
2332	Unicorn-22360.exe
1928	Unicorn-1193.exe
2432	Unicorn-48484.exe
1568	Unicorn-30872.exe
1860	Unicorn-22325.exe
572	Unicorn-10024.exe
2320	Unicorn-16155.exe
3060	Unicorn-27150.exe
928	Unicorn-31256.exe
1552	Unicorn-61826.exe
2768	Unicorn-48334.exe
1308	Unicorn-15889.exe
2572	Unicorn-47208.exe
2476	Unicorn-8863.exe
832	Unicorn-25125.exe
2744	Unicorn-57462.exe
2088	Unicorn-5884.exe
2732	Unicorn-9147.exe
1804	Unicorn-9989.exe
2652	Unicorn-3859.exe
2080	Unicorn-55661.exe
2092	Unicorn-23454.exe
1312	Unicorn-44237.exe
2940	Unicorn-4678.exe
1756	Unicorn-14226.exe
2164	Unicorn-39053.exe
2160	Unicorn-28529.exe
2192	Unicorn-22663.exe
2208	Unicorn-28794.exe
892	Unicorn-28602.exe
1372	Unicorn-53874.exe
2324	Unicorn-28794.exe
2072	Unicorn-22471.exe
1976	Unicorn-25897.exe
1824	Unicorn-23314.exe
2480	Unicorn-62026.exe
1708	Unicorn-56161.exe
1688	Unicorn-62291.exe
2004	Unicorn-56737.exe
2456	Unicorn-53361.exe
1020	Unicorn-62291.exe
2380	Unicorn-62867.exe
2836	Unicorn-8985.exe
2852	Unicorn-33297.exe
2792	Unicorn-4154.exe
2752	Unicorn-25513.exe
2628	Unicorn-45379.exe
1144	Unicorn-45379.exe
2804	Unicorn-31264.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2236 wrote to memory of 2156	2236	cd555f298f2d0e28df80387814855f4a5f20fd2b37559aa4fc8ad927e254f8ecN.exe	30
PID 2236 wrote to memory of 2156	2236	cd555f298f2d0e28df80387814855f4a5f20fd2b37559aa4fc8ad927e254f8ecN.exe	30
PID 2236 wrote to memory of 2156	2236	cd555f298f2d0e28df80387814855f4a5f20fd2b37559aa4fc8ad927e254f8ecN.exe	30
PID 2236 wrote to memory of 2156	2236	cd555f298f2d0e28df80387814855f4a5f20fd2b37559aa4fc8ad927e254f8ecN.exe	30
PID 2156 wrote to memory of 2772	2156	Unicorn-12552.exe	31
PID 2156 wrote to memory of 2772	2156	Unicorn-12552.exe	31
PID 2156 wrote to memory of 2772	2156	Unicorn-12552.exe	31
PID 2156 wrote to memory of 2772	2156	Unicorn-12552.exe	31
PID 2236 wrote to memory of 2864	2236	cd555f298f2d0e28df80387814855f4a5f20fd2b37559aa4fc8ad927e254f8ecN.exe	32
PID 2236 wrote to memory of 2864	2236	cd555f298f2d0e28df80387814855f4a5f20fd2b37559aa4fc8ad927e254f8ecN.exe	32
PID 2236 wrote to memory of 2864	2236	cd555f298f2d0e28df80387814855f4a5f20fd2b37559aa4fc8ad927e254f8ecN.exe	32
PID 2236 wrote to memory of 2864	2236	cd555f298f2d0e28df80387814855f4a5f20fd2b37559aa4fc8ad927e254f8ecN.exe	32
PID 2236 wrote to memory of 2788	2236	cd555f298f2d0e28df80387814855f4a5f20fd2b37559aa4fc8ad927e254f8ecN.exe	34
PID 2236 wrote to memory of 2788	2236	cd555f298f2d0e28df80387814855f4a5f20fd2b37559aa4fc8ad927e254f8ecN.exe	34
PID 2236 wrote to memory of 2788	2236	cd555f298f2d0e28df80387814855f4a5f20fd2b37559aa4fc8ad927e254f8ecN.exe	34
PID 2236 wrote to memory of 2788	2236	cd555f298f2d0e28df80387814855f4a5f20fd2b37559aa4fc8ad927e254f8ecN.exe	34
PID 2864 wrote to memory of 2844	2864	Unicorn-33968.exe	35
PID 2864 wrote to memory of 2844	2864	Unicorn-33968.exe	35
PID 2864 wrote to memory of 2844	2864	Unicorn-33968.exe	35
PID 2864 wrote to memory of 2844	2864	Unicorn-33968.exe	35
PID 2156 wrote to memory of 2660	2156	Unicorn-12552.exe	33
PID 2156 wrote to memory of 2660	2156	Unicorn-12552.exe	33
PID 2156 wrote to memory of 2660	2156	Unicorn-12552.exe	33
PID 2156 wrote to memory of 2660	2156	Unicorn-12552.exe	33
PID 2772 wrote to memory of 2616	2772	Unicorn-38567.exe	36
PID 2772 wrote to memory of 2616	2772	Unicorn-38567.exe	36
PID 2772 wrote to memory of 2616	2772	Unicorn-38567.exe	36
PID 2772 wrote to memory of 2616	2772	Unicorn-38567.exe	36
PID 2616 wrote to memory of 1732	2616	Unicorn-38728.exe	37
PID 2616 wrote to memory of 1732	2616	Unicorn-38728.exe	37
PID 2616 wrote to memory of 1732	2616	Unicorn-38728.exe	37
PID 2616 wrote to memory of 1732	2616	Unicorn-38728.exe	37
PID 2772 wrote to memory of 1700	2772	Unicorn-38567.exe	38
PID 2772 wrote to memory of 1700	2772	Unicorn-38567.exe	38
PID 2772 wrote to memory of 1700	2772	Unicorn-38567.exe	38
PID 2772 wrote to memory of 1700	2772	Unicorn-38567.exe	38
PID 2864 wrote to memory of 2992	2864	Unicorn-33968.exe	39
PID 2864 wrote to memory of 2992	2864	Unicorn-33968.exe	39
PID 2864 wrote to memory of 2992	2864	Unicorn-33968.exe	39
PID 2864 wrote to memory of 2992	2864	Unicorn-33968.exe	39
PID 2660 wrote to memory of 2580	2660	Unicorn-27030.exe	40
PID 2660 wrote to memory of 2580	2660	Unicorn-27030.exe	40
PID 2660 wrote to memory of 2580	2660	Unicorn-27030.exe	40
PID 2660 wrote to memory of 2580	2660	Unicorn-27030.exe	40
PID 2788 wrote to memory of 2956	2788	Unicorn-16261.exe	41
PID 2788 wrote to memory of 2956	2788	Unicorn-16261.exe	41
PID 2788 wrote to memory of 2956	2788	Unicorn-16261.exe	41
PID 2788 wrote to memory of 2956	2788	Unicorn-16261.exe	41
PID 2236 wrote to memory of 2892	2236	cd555f298f2d0e28df80387814855f4a5f20fd2b37559aa4fc8ad927e254f8ecN.exe	42
PID 2236 wrote to memory of 2892	2236	cd555f298f2d0e28df80387814855f4a5f20fd2b37559aa4fc8ad927e254f8ecN.exe	42
PID 2236 wrote to memory of 2892	2236	cd555f298f2d0e28df80387814855f4a5f20fd2b37559aa4fc8ad927e254f8ecN.exe	42
PID 2236 wrote to memory of 2892	2236	cd555f298f2d0e28df80387814855f4a5f20fd2b37559aa4fc8ad927e254f8ecN.exe	42
PID 2156 wrote to memory of 264	2156	Unicorn-12552.exe	43
PID 2156 wrote to memory of 264	2156	Unicorn-12552.exe	43
PID 2156 wrote to memory of 264	2156	Unicorn-12552.exe	43
PID 2156 wrote to memory of 264	2156	Unicorn-12552.exe	43
PID 2844 wrote to memory of 2332	2844	Unicorn-5287.exe	44
PID 2844 wrote to memory of 2332	2844	Unicorn-5287.exe	44
PID 2844 wrote to memory of 2332	2844	Unicorn-5287.exe	44
PID 2844 wrote to memory of 2332	2844	Unicorn-5287.exe	44
PID 1732 wrote to memory of 1928	1732	Unicorn-13040.exe	45
PID 1732 wrote to memory of 1928	1732	Unicorn-13040.exe	45
PID 1732 wrote to memory of 1928	1732	Unicorn-13040.exe	45
PID 1732 wrote to memory of 1928	1732	Unicorn-13040.exe	45

C:\Users\Admin\AppData\Local\Temp\cd555f298f2d0e28df80387814855f4a5f20fd2b37559aa4fc8ad927e254f8ecN.exe
"C:\Users\Admin\AppData\Local\Temp\cd555f298f2d0e28df80387814855f4a5f20fd2b37559aa4fc8ad927e254f8ecN.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2236
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12552.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12552.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38567.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38567.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38728.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13040.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1193.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48334.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45379.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2684.exe
        9⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38170.exe
        9⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57650.exe
        9⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53269.exe
        9⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44902.exe
        8⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2471.exe
        8⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14289.exe
        8⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40372.exe
        8⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2218.exe
        8⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47984.exe
        7⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43776.exe
        8⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21340.exe
        9⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24406.exe
        9⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60574.exe
        8⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12969.exe
        8⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58564.exe
        8⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30843.exe
        8⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8036.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30375.exe
        7⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15335.exe
        7⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42259.exe
        7⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39898.exe
        7⤵
        
        PID:5932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55661.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6209.exe
        7⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54033.exe
        7⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22955.exe
        7⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47585.exe
        7⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61429.exe
        7⤵
        
        PID:5668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4153.exe
        6⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39682.exe
        7⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46680.exe
        7⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17089.exe
        7⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57405.exe
        7⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59057.exe
        7⤵
        
        PID:5388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58031.exe
        6⤵
        
        PID:2536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9177.exe
        6⤵
        
        PID:3484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4246.exe
        6⤵
        
        PID:5004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41844.exe
        6⤵
        
        PID:5640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48803.exe
        6⤵
        
        PID:6620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48484.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9989.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51513.exe
        7⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54298.exe
        8⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32304.exe
        8⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1162.exe
        8⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45300.exe
        8⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47315.exe
        7⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36032.exe
        8⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38961.exe
        8⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40072.exe
        8⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20669.exe
        7⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22955.exe
        7⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65268.exe
        7⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33585.exe
        7⤵
        
        PID:5704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18300.exe
        6⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-121.exe
        7⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53157.exe
        7⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54903.exe
        7⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17587.exe
        7⤵
        
        PID:6740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8554.exe
        6⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2684.exe
        7⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54568.exe
        7⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52697.exe
        7⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45937.exe
        7⤵
        
        PID:5732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43836.exe
        6⤵
        
        PID:3616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7174.exe
        6⤵
        
        PID:4044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25193.exe
        6⤵
        
        PID:4704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37802.exe
        6⤵
        
        PID:5976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3859.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53874.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1372 -s 240
        7⤵
        Program crash
        
        PID:2052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57325.exe
        6⤵
        
        PID:664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46331.exe
        6⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31144.exe
        7⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30378.exe
        7⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15427.exe
        7⤵
        
        PID:6576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12969.exe
        6⤵
        
        PID:4764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58180.exe
        6⤵
        
        PID:5512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48803.exe
        6⤵
        
        PID:6568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62026.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43776.exe
        6⤵
        
        PID:520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60574.exe
        6⤵
        
        PID:580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14132.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41729.exe
        6⤵
        
        PID:4744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20736.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34845.exe
        5⤵
        
        PID:2960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54974.exe
        5⤵
        
        PID:1016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15898.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43120.exe
        5⤵
        
        PID:4316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10936.exe
        5⤵
        
        PID:5928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7482.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7482.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5884.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62291.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11653.exe
        7⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36032.exe
        8⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53186.exe
        8⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63699.exe
        8⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25003.exe
        7⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22955.exe
        7⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62708.exe
        7⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52374.exe
        7⤵
        
        PID:6856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57325.exe
        6⤵
        
        PID:864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22402.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11274.exe
        6⤵
        
        PID:4328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48732.exe
        6⤵
        
        PID:4732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50651.exe
        6⤵
        
        PID:5992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56737.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38430.exe
        6⤵
        
        PID:2900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20145.exe
        6⤵
        
        PID:3444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29447.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33145.exe
        6⤵
        
        PID:5564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28764.exe
        6⤵
        
        PID:6704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64502.exe
        5⤵
        
        PID:900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48248.exe
        5⤵
        
        PID:4060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60276.exe
        5⤵
        
        PID:4104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-261.exe
        5⤵
        
        PID:4584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5192.exe
        5⤵
        
        PID:5464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25125.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25125.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28602.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:892
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 188
        6⤵
        Program crash
        
        PID:2552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57325.exe
        5⤵
        
        PID:1748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38398.exe
        6⤵
        
        PID:1292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24651.exe
        6⤵
        
        PID:4484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2531.exe
        6⤵
        
        PID:4680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58786.exe
        6⤵
        
        PID:1912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22402.exe
        5⤵
        
        PID:3476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14289.exe
        5⤵
        
        PID:4320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48732.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46027.exe
        5⤵
        
        PID:6992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2510.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2510.exe
      4⤵
      PID:3056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22251.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65429.exe
        5⤵
        
        PID:4032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13498.exe
        5⤵
        
        PID:4424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        5⤵
        
        PID:6972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13811.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13811.exe
      4⤵
      PID:2100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52924.exe
        5⤵
        
        PID:4860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41603.exe
        5⤵
        
        PID:6024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42712.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58825.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58825.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22404.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22404.exe
      4⤵
      PID:4944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4057.exe
      4⤵
      PID:6048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27030.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27030.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27348.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27348.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47208.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62867.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14033.exe
        7⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20935.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1384.exe
        7⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4027.exe
        7⤵
        
        PID:5856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44902.exe
        6⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63273.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17921.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5185.exe
        6⤵
        
        PID:4900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63775.exe
        6⤵
        
        PID:5428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65228.exe
        6⤵
        
        PID:6780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8985.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52461.exe
        6⤵
        
        PID:3344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17089.exe
        6⤵
        
        PID:4264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8396.exe
        6⤵
        
        PID:4608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26192.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58637.exe
        5⤵
        
        PID:2584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56913.exe
        5⤵
        
        PID:1316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14289.exe
        5⤵
        
        PID:4204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40372.exe
        5⤵
        
        PID:5200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59587.exe
        5⤵
        
        PID:5708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27150.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27150.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28794.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43776.exe
        6⤵
        
        PID:956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48168.exe
        6⤵
        
        PID:3868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31621.exe
        6⤵
        
        PID:3996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64121.exe
        6⤵
        
        PID:4576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44363.exe
        6⤵
        
        PID:5924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62888.exe
        5⤵
        
        PID:1472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5490.exe
        5⤵
        
        PID:3256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14289.exe
        5⤵
        
        PID:4212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32204.exe
        5⤵
        
        PID:4952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59587.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22471.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22471.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51036.exe
        5⤵
        
        PID:1716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35762.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28460.exe
        6⤵
        
        PID:4440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38567.exe
        6⤵
        
        PID:5312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42284.exe
        6⤵
        
        PID:6588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16809.exe
        5⤵
        
        PID:3252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17089.exe
        5⤵
        
        PID:4296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36.exe
        5⤵
        
        PID:5168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59057.exe
        5⤵
        
        PID:5336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11388.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11388.exe
      4⤵
      PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16961.exe
        5⤵
        
        PID:3716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3354.exe
        5⤵
        
        PID:4172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2531.exe
        5⤵
        
        PID:4948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58786.exe
        5⤵
        
        PID:2720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11242.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11242.exe
      4⤵
      PID:3548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65496.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65496.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36571.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36571.exe
      4⤵
      PID:5908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29708.exe
      4⤵
      PID:6876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3449.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3449.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16155.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16155.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4678.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43776.exe
        6⤵
        
        PID:1516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60574.exe
        6⤵
        
        PID:2936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18168.exe
        6⤵
        
        PID:3824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3798.exe
        6⤵
        
        PID:4592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50313.exe
        6⤵
        
        PID:5392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14953.exe
        5⤵
        
        PID:2060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35123.exe
        6⤵
        
        PID:6288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8772.exe
        5⤵
        
        PID:1028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24034.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64121.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20736.exe
        5⤵
        
        PID:5896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14226.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28021.exe
        5⤵
        
        PID:2980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14506.exe
        6⤵
        
        PID:4716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22210.exe
        6⤵
        
        PID:5500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48100.exe
        6⤵
        
        PID:6676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57912.exe
        5⤵
        
        PID:1540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4193.exe
        5⤵
        
        PID:3628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29447.exe
        5⤵
        
        PID:4972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33145.exe
        5⤵
        
        PID:5556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28764.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13447.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13447.exe
      4⤵
      PID:2152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41154.exe
        5⤵
        
        PID:3396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53157.exe
        5⤵
        
        PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46735.exe
        5⤵
        
        PID:4776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42284.exe
        5⤵
        
        PID:6552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3999.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3999.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60682.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60682.exe
      4⤵
      PID:3876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5185.exe
      4⤵
      PID:4868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9363.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9363.exe
      4⤵
      PID:5824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48995.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48995.exe
      4⤵
      PID:6516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15889.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15889.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23314.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10131.exe
        5⤵
        
        PID:3756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10785.exe
        5⤵
        
        PID:4924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44114.exe
        5⤵
        
        PID:5596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12932.exe
        5⤵
        
        PID:6644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32436.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32436.exe
      4⤵
      PID:3024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11065.exe
        5⤵
        
        PID:3216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53157.exe
        5⤵
        
        PID:4372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63071.exe
        5⤵
        
        PID:5304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58620.exe
        5⤵
        
        PID:6532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38547.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38547.exe
      4⤵
      PID:3516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14289.exe
      4⤵
      PID:4228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48732.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48732.exe
      4⤵
      PID:4832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50651.exe
      4⤵
      PID:5984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53361.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53361.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38206.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38206.exe
      4⤵
      PID:3112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29560.exe
      4⤵
      PID:4600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59708.exe
      4⤵
      PID:5124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2185.exe
      4⤵
      PID:6032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39301.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39301.exe
    3⤵
    PID:1728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48778.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48778.exe
    3⤵
    PID:4084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58825.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58825.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38932.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38932.exe
    3⤵
    PID:4840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27985.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27985.exe
    3⤵
    PID:2296
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33968.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33968.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5287.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5287.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22360.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22360.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57462.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38166.exe
        6⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14902.exe
        7⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4433.exe
        7⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1384.exe
        7⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45937.exe
        7⤵
        
        PID:5812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12032.exe
        6⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58296.exe
        7⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14033.exe
        8⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20935.exe
        8⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52697.exe
        8⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45937.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32953.exe
        7⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17089.exe
        7⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57405.exe
        7⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26192.exe
        7⤵
        
        PID:6184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63671.exe
        6⤵
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26203.exe
        6⤵
        
        PID:3828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21720.exe
        6⤵
        
        PID:4876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57835.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46022.exe
        6⤵
        
        PID:6544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64102.exe
        5⤵
        
        PID:2488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43776.exe
        6⤵
        
        PID:2180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60574.exe
        6⤵
        
        PID:924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18168.exe
        6⤵
        
        PID:3816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7249.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60899.exe
        6⤵
        
        PID:5840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13189.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5103.exe
        5⤵
        
        PID:3724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46191.exe
        5⤵
        
        PID:3420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53203.exe
        5⤵
        
        PID:4812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23785.exe
        5⤵
        
        PID:5700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9147.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6209.exe
        5⤵
        
        PID:620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36032.exe
        6⤵
        
        PID:3440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53186.exe
        6⤵
        
        PID:5020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40072.exe
        6⤵
        
        PID:5712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8772.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5467.exe
        5⤵
        
        PID:3248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47585.exe
        5⤵
        
        PID:5064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5550.exe
        5⤵
        
        PID:6412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25068.exe
      4⤵
      PID:2904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49366.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49366.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-810.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-810.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21311.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21311.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20313.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20313.exe
      4⤵
      PID:5656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43468.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43468.exe
      4⤵
      PID:6612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56683.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56683.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8863.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4154.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10131.exe
        6⤵
        
        PID:3820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9846.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44114.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12932.exe
        6⤵
        
        PID:6628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44902.exe
        5⤵
        
        PID:968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47457.exe
        5⤵
        
        PID:4024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19939.exe
        5⤵
        
        PID:4388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56908.exe
        5⤵
        
        PID:5208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42521.exe
        5⤵
        
        PID:6052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33297.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33297.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43776.exe
        5⤵
        
        PID:1272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36032.exe
        6⤵
        
        PID:3556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53186.exe
        6⤵
        
        PID:4988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63699.exe
        6⤵
        
        PID:5632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60574.exe
        5⤵
        
        PID:1696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18168.exe
        5⤵
        
        PID:3892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7249.exe
        5⤵
        
        PID:4544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37271.exe
        5⤵
        
        PID:5736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37646.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37646.exe
      4⤵
      PID:2504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14637.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14637.exe
      4⤵
      PID:1580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15368.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47585.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47585.exe
      4⤵
      PID:4368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37802.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37802.exe
      4⤵
      PID:5964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10024.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10024.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39053.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39053.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26971.exe
        5⤵
        
        PID:3968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-339.exe
        5⤵
        
        PID:4352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59708.exe
        5⤵
        
        PID:5240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2185.exe
        5⤵
        
        PID:5340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23718.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23718.exe
      4⤵
      PID:304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34297.exe
        5⤵
        
        PID:4648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30441.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8772.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8772.exe
      4⤵
      PID:2108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24034.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24034.exe
      4⤵
      PID:4008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64121.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64121.exe
      4⤵
      PID:4572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29001.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29001.exe
      4⤵
      PID:6460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28529.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28529.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26037.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26037.exe
      4⤵
      PID:3196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16166.exe
      4⤵
      PID:3180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17720.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17720.exe
      4⤵
      PID:4936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28470.exe
      4⤵
      PID:6476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2723.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2723.exe
    3⤵
    PID:2404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11288.exe
      4⤵
      PID:3880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3354.exe
      4⤵
      PID:4180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59708.exe
      4⤵
      PID:5148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2185.exe
      4⤵
      PID:5364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19403.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19403.exe
    3⤵
    PID:3400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27632.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27632.exe
    3⤵
    PID:3164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43120.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43120.exe
    3⤵
    PID:4960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34563.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34563.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5580
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16261.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16261.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51852.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51852.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31256.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31256.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45379.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26660.exe
        6⤵
        
        PID:3700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10785.exe
        6⤵
        
        PID:4916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44114.exe
        6⤵
        
        PID:5608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12932.exe
        6⤵
        
        PID:6592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44902.exe
        5⤵
        
        PID:1988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51048.exe
        5⤵
        
        PID:2948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22955.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48740.exe
        5⤵
        
        PID:4612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9657.exe
        5⤵
        
        PID:5352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25513.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55494.exe
        5⤵
        
        PID:2140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64604.exe
        5⤵
        
        PID:4016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34219.exe
        5⤵
        
        PID:4196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52600.exe
        5⤵
        
        PID:5368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49955.exe
        5⤵
        
        PID:6500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58637.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58637.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50282.exe
        5⤵
        
        PID:3408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53157.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46735.exe
        5⤵
        
        PID:5380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34116.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56913.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56913.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11274.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11274.exe
      4⤵
      PID:4336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40372.exe
      4⤵
      PID:5224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59587.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59587.exe
      4⤵
      PID:5276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61826.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61826.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47984.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47984.exe
      4⤵
      Executes dropped EXE
      PID:1664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16973.exe
        5⤵
        
        PID:2812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12659.exe
        6⤵
        
        PID:4700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49715.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38142.exe
        6⤵
        
        PID:6240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47501.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39306.exe
        6⤵
        
        PID:3780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20935.exe
        6⤵
        
        PID:3132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1384.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45937.exe
        6⤵
        
        PID:5776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62777.exe
        5⤵
        
        PID:3932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11274.exe
        5⤵
        
        PID:3096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46141.exe
        5⤵
        
        PID:5968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63516.exe
        5⤵
        
        PID:6916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30058.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30058.exe
      4⤵
      PID:2636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53008.exe
      4⤵
      PID:2452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1393.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1393.exe
      4⤵
      PID:3652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4246.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39078.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39078.exe
      4⤵
      PID:5572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5659.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5659.exe
      4⤵
      PID:6884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56161.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56161.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24477.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24477.exe
      4⤵
      PID:3040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65305.exe
        5⤵
        
        PID:4068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40279.exe
        5⤵
        
        PID:4624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52921.exe
        5⤵
        
        PID:5588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8470.exe
      4⤵
      PID:3684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17089.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17089.exe
      4⤵
      PID:4288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8396.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8396.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50121.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50121.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64502.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64502.exe
    3⤵
    PID:692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54298.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54298.exe
      4⤵
      PID:3916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-339.exe
      4⤵
      PID:4344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59708.exe
      4⤵
      PID:5160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2185.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48248.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48248.exe
    3⤵
    PID:4072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60276.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60276.exe
    3⤵
    PID:4360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57438.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57438.exe
    3⤵
    PID:5184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46224.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46224.exe
    3⤵
    PID:5720
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9314.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9314.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30872.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30872.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23454.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23454.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62291.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10283.exe
        6⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17217.exe
        7⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56343.exe
        8⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10785.exe
        8⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35946.exe
        8⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53965.exe
        8⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57292.exe
        7⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29901.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50394.exe
        7⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37271.exe
        7⤵
        
        PID:5956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47045.exe
        6⤵
        
        PID:1148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54691.exe
        6⤵
        
        PID:3276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35767.exe
        6⤵
        
        PID:3236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64121.exe
        6⤵
        
        PID:4528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44363.exe
        6⤵
        
        PID:5900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55955.exe
        5⤵
        
        PID:2024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13701.exe
        6⤵
        
        PID:4056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24651.exe
        6⤵
        
        PID:4476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2531.exe
        6⤵
        
        PID:4848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58786.exe
        6⤵
        
        PID:6004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53366.exe
        5⤵
        
        PID:1788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36032.exe
        6⤵
        
        PID:3572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53186.exe
        6⤵
        
        PID:4508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63699.exe
        6⤵
        
        PID:5852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56728.exe
        5⤵
        
        PID:3080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47556.exe
        5⤵
        
        PID:4384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52633.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61819.exe
        5⤵
        
        PID:6472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25897.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25897.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-304.exe
        5⤵
        
        PID:2868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39306.exe
        6⤵
        
        PID:3788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51792.exe
        6⤵
        
        PID:3472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52697.exe
        6⤵
        
        PID:4672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45937.exe
        6⤵
        
        PID:5904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40955.exe
        5⤵
        
        PID:3300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29901.exe
        5⤵
        
        PID:1388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7249.exe
        5⤵
        
        PID:4468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60899.exe
        5⤵
        
        PID:5676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5523.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5523.exe
      4⤵
      PID:1656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51548.exe
        5⤵
        
        PID:3312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26435.exe
        5⤵
        
        PID:4500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11567.exe
        5⤵
        
        PID:5476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9306.exe
        5⤵
        
        PID:6792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28268.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28268.exe
      4⤵
      PID:3488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27101.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27101.exe
      4⤵
      PID:3144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47585.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47585.exe
      4⤵
      PID:5068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61429.exe
      4⤵
      PID:5592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44237.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44237.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28794.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52525.exe
        5⤵
        
        PID:2856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8553.exe
        6⤵
        
        PID:7068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33407.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4418.exe
        6⤵
        
        PID:4688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12589.exe
        6⤵
        
        PID:5416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4488.exe
        6⤵
        
        PID:5468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4193.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30386.exe
        5⤵
        
        PID:4908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57650.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53461.exe
        5⤵
        
        PID:6536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57081.exe
      4⤵
      PID:2528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40813.exe
        5⤵
        
        PID:1772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21599.exe
        5⤵
        
        PID:3804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17089.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36.exe
        5⤵
        
        PID:5176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1688.exe
        5⤵
        
        PID:5760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52166.exe
      4⤵
      PID:2600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50282.exe
        5⤵
        
        PID:3340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28460.exe
        5⤵
        
        PID:4456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30206.exe
        5⤵
        
        PID:5440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17971.exe
        5⤵
        
        PID:6828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26011.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26011.exe
      4⤵
      PID:3500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20781.exe
      4⤵
      PID:5012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16610.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16610.exe
      4⤵
      PID:5532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51009.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51009.exe
      4⤵
      PID:6396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22663.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22663.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22469.exe
      4⤵
      PID:1952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1081.exe
        5⤵
        
        PID:3288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28460.exe
        5⤵
        
        PID:4452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38567.exe
        5⤵
        
        PID:5320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42284.exe
        5⤵
        
        PID:6636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46680.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46680.exe
      4⤵
      PID:3860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17089.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17089.exe
      4⤵
      PID:4272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8396.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8396.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50121.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50121.exe
      4⤵
      PID:3012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17793.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17793.exe
    3⤵
    PID:2408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25537.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25537.exe
    3⤵
    PID:3336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14819.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14819.exe
    3⤵
    PID:3292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44267.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44267.exe
    3⤵
    PID:4856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23785.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23785.exe
    3⤵
    PID:5872
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22325.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22325.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31264.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31264.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43776.exe
      4⤵
      PID:2168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60574.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60574.exe
      4⤵
      PID:2592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18168.exe
      4⤵
      PID:3864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7249.exe
      4⤵
      PID:4556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60899.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60899.exe
      4⤵
      PID:5800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45976.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45976.exe
    3⤵
    PID:1612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54691.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54691.exe
    3⤵
    PID:3264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14289.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14289.exe
    3⤵
    PID:4220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48732.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48732.exe
    3⤵
    PID:4312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26723.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26723.exe
    3⤵
    PID:5344
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12700.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12700.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43776.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43776.exe
    3⤵
    PID:2116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28642.exe
      4⤵
      PID:3664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45248.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45248.exe
      4⤵
      PID:3944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1384.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1384.exe
      4⤵
      PID:5080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4027.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4027.exe
      4⤵
      PID:5528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60574.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60574.exe
    3⤵
    PID:2944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14132.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14132.exe
    3⤵
    PID:3352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49897.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49897.exe
    3⤵
    PID:4800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20736.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20736.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5748
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1359.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1359.exe
  2⤵
  PID:2196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44101.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44101.exe
    3⤵
    PID:3604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61776.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61776.exe
    3⤵
    PID:3952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1384.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1384.exe
    3⤵
    PID:5056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4027.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4027.exe
    3⤵
    PID:5496
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50508.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50508.exe
  2⤵
  PID:1848
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54569.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54569.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4000
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41985.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41985.exe
  2⤵
  PID:3676
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24333.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24333.exe
  2⤵
  PID:4796
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56522.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56522.exe
  2⤵
  PID:5884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1193.exe

Filesize
468KB

MD5
7e8197cb7c151875337779f6ff3e7e75

SHA1
2a45e398f6c012e861fac8dcacbbe99d94b741e9

SHA256
df6aacc497ec37e0a6703fbc3d0b224324dd379476bd19073e665e1f0c4171f0

SHA512
f476bc536c039f773b45a5ef09fba71609182f6d0196f5648f5a824e02136e16970c85a4f92b996eab63023be6816c774d0898ba735a30893fada5b54b7b4e9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17793.exe

Filesize
468KB

MD5
b73aef4073ecac95467ba6f96745cc64

SHA1
3100927ff1cf1c586d3166c80f4a50e723fcc3f5

SHA256
7df0ecef6625aebaf867101d8fc6f3ffa8a16ec90a0c71ff3adbbd1b2f2dcc88

SHA512
5d91d94ff27f009caf082b1835e4c3889fd62ba669e5d22617c97fe6e68ae52fca1cb7bbb039d2f81217f4c965545ec1437da67dd2c856301ac4a22bfc3a30ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27030.exe

Filesize
468KB

MD5
cdb721c257bf473c71a34b002a9fa34e

SHA1
97a1164b61e33f0f9efbef065d7ac7f446116436

SHA256
25cc5b2833a804617f7a2285bdce32e1639640bb31cfc5ad1d4471eacad15036

SHA512
04dfeb03ad5f63c9bcbb0c526dd602ee585fe39ac5b006d2f385a0510b3ad1f75f8fed6d71e2603db492c8f37fcd35915b70cfe02dc68c8dbf3ef0353e02f6ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3859.exe

Filesize
468KB

MD5
3c5c2248ed4e3058c16300f5d6ab27ac

SHA1
889c997b7f01694432b418330b60f63f59a30edd

SHA256
c62110b7b63e3fcb086c9e1a5672d5ba519a7c1a6a6520105f05abf5188f4a2a

SHA512
620632e35be2a413fdbe418b8b1ca9a0a89e159844b822a485bd93adc0791513e00d3798d8897c9e41aa607b983c038a8ec970b35d56c43b853e51b178cc859a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38728.exe

Filesize
468KB

MD5
a16e02c843903f7f71c4c9b2bfa0faeb

SHA1
8a1cc9aa778fa6ef763c5f4eec96140955f9e18c

SHA256
886c4a813c98a96835e5cafe29065acc6c1d23a06c53bd0f0b29a4b2f2991979

SHA512
619f226b2502faa17818d0acffe0dce6df5679629591594a28d5f88e4f290875b975d0b7471be019741b05464d4fc4fc14d397c3199e54ef221b246b20a24a34

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41985.exe

Filesize
468KB

MD5
592e7e5d1b6b7475039a252591677fd0

SHA1
782417633d22e2e24e3b7172c03dfded2b5cf9f3

SHA256
342136368f1adf0a05964dfcc2d482eee67df6c4bfdeb8b06f0819eb3d0e05a5

SHA512
e47d96316634c9b7d52296d5ebbb7db4ea60e4969969652e06fc8d67c4078299dbe9e03f2ad195342415a447e3696ff68d1c061a82e32a39e43af49ce1d2b45e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5287.exe

Filesize
468KB

MD5
7e13235edc676112e6f69072bb6dfd42

SHA1
64b4510e321ea117b141209198ef80f9f9cc7e25

SHA256
8710206a421547372d320620ff7341455ecc732cb11b1bb54c60491080ac9ca9

SHA512
83a7c698d96209004dc1ea95e51592af3f4e686fd5e902176feb94ea986fba4205b8dd072c691a6c8c5242acfd64b0ba71b3e8e0527f1f3439705e673a8903dc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12552.exe

Filesize
468KB

MD5
96bbda74100b97290b137f845494a68b

SHA1
23e7c82e9b223c862836f035917393ff7c420a2a

SHA256
4cbc6907cb5eac06326458ed2252b25353d86c427ecb40ca545bd0ce862e4276

SHA512
d32c124f64bf45074733d48e74db8ea419fa1f41c7c5e3e06ee3aae8b325504143e08b3ab677afda1ae70a4448f8044dbea9d578a665ed963385037734dc14a7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13040.exe

Filesize
468KB

MD5
306b1a1a021ff5c0508a454bc483010f

SHA1
463eb2af70a2dc462773b9aae950badea9be34af

SHA256
e41969d1464be02398d19048ebd9e07a47e77803741c80f1a176903ba1ca1d24

SHA512
f42a6f0ac7fae98b461d2fa89091a245480a12a3ff0dfb353d8b687ef04b24852f7cf73511bb28bfd401eeb6d3fa3b8b76e6f53fe8b9b023ea7f72f146cb88ce

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16261.exe

Filesize
468KB

MD5
8a4f005cd41bce3e3c38401700f5f8b1

SHA1
4ab10f8179a8fcb318f871f7a31117ff68eb2896

SHA256
f95fb93064383675b0fb151c5775a22e3ad28a6f81e943c1b3efd017b55a5b5a

SHA512
aafc4fa5f604d56d2bdcdd8cbc60daaa13ce87b949f97937fadf14d8c9596b147c8d2895e64d48641d4d9cba29b9a99e8abdc00114a7c5a2be1d627ba82f4453

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22360.exe

Filesize
468KB

MD5
d87bf811adc9779387eff5d8981bf363

SHA1
53d2642a9c3c6ce26518c776bfd2bcbefe5a6c6b

SHA256
1d67bd5499c2b268ed09ac95e680a84e3f2edf379a32d2398b2e93d2c1b4c34c

SHA512
5f386f6f836d562bf433da94a9b37434a30e66329ee7261e516b1515fa2d70501a0a89b68563d543920ca5d4dd73d96c74b7161f3c69a89fa6c2f5d45a39b30a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27348.exe

Filesize
468KB

MD5
f2aef3b0bc9721a94b8a4303be3387df

SHA1
2708cb84a41c010d4a81b500350e5a3135dc4ec8

SHA256
80c46994c2f626e1ce1c14eaf3ffb4771a4da4c2923b64c80b5bb3b023454f1c

SHA512
60387ee7ed7acfc7582f60f2b8a08c6ff75b13ee531fcc3de7a1b1d2d033dc7e9fa1e8acb52c31fff641f7becc1ec75340d1090d12ee3a0e17c8660c4a1aa329

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33968.exe

Filesize
468KB

MD5
b3e0b470c7de258e42004d1f2630e826

SHA1
fffc5f8afa93f6eb380c03b3efc8e89bc2ab624b

SHA256
9d868b3becf5d2232f0b2e5e60223deb1ff5278cfa70da37147374b5371a38c3

SHA512
1de7cfc70cc850d2ed7e6864617a9c6b1fd1b63941e5de507eeaba70a9b7b1437bb489e0883d1247bd3898cd90c09c07b06b40c2dd6dbfdb4ca3d1b36158e974

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3449.exe

Filesize
468KB

MD5
3a9837f6ff678dab06a2ec7e70f40cc1

SHA1
35e88d50ecf7b755acf0632bad1547d82198e96d

SHA256
83225c3f8c4db37b12ae4a6777f61d62d9a5af1588837b9389be1cdd6b69e2bc

SHA512
179c1517f7b9c156a03b8033275dd4378694436bfc1af0e69931560265aeecf1c8b00b218d05e1b1b0cc0305be655b05b73a530643a81e350cd27870fe68aef0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38567.exe

Filesize
468KB

MD5
9a559122668b2c8094ad4680955ce8e9

SHA1
315833cb63c15df1879ee4bf33481c6287770172

SHA256
82d6b63d3e0c641476aa45044c9a2458e1484a8e27f0a03aabaedd9f5083d17b

SHA512
393718862f7fb0ce62988b4bf8a72aad0f2c42d1f3b72ce63f224080bac3000e506521cce559e7dee441acb4057cb94ebe08d23a701124cea9189e40774b6a59

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47208.exe

Filesize
468KB

MD5
2ecef00f5f88a959340db0404b8b9029

SHA1
921e9b86d8eba2f162fc2d91ed701977624444fd

SHA256
c6fa8752b8d5afa3cac805aa863f790a262539790f0dc9d34161c9397cc93509

SHA512
b6b00f467928467e5bca2815a4adfabd0a082d57b9d3b98f04dbf99f990fcbfdcb7efac53a5e6e7dea0608bd12fed4c32c28732a00ac74dcc4e847f2fb3cdad5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48484.exe

Filesize
468KB

MD5
fa1e7e8111cd314fa6901f24fd01795a

SHA1
67aa74ad624b7afebdf5a7e3bb8dec873c26982b

SHA256
43de60b3ef155df029b9f5f1a8f9ba19997d2cee1893b802133c158edd5f0cd3

SHA512
25f4a323a7569e657dbfebf3d6cdfbdcec6a3eea96e8064fac0e731e835988a84de5377d65df356b9d613352baeb1af19354ac559a9e5cd170086b6aae7d2181

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51852.exe

Filesize
468KB

MD5
d80bb9f83666f277ce5c9dc9a0b19b00

SHA1
f4f28fecf2b8930ec410ba3203be77d5b2c47890

SHA256
c0c3d5dc71401a6e8e2427e59293d696fb2124dfc7925c6e6cc2c0bcf723f12b

SHA512
91fb8605effbc0569e14fb99aca263dee85c32d136afcea4681e308f0a7877a45d733747da9752adafd6860e96c0eeb2ce7d5e3f5a9ed27b39d28fde598e34e1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56683.exe

Filesize
468KB

MD5
17d8179980d6f5e30bae110a94ccc00a

SHA1
eaa67f0c89c36b34dc1edbc68dc2d7aa6671a4e9

SHA256
728356eda731142c3494c2cd75a8952586a2e825fb749ab1552a91974424e485

SHA512
4073c85ba63c6282753e2fa6040c673449ae58e87465b0437afc4e423d06dda408cf59d55ecc5c49c5bf1fa0498ba0f0f5a040fa9fd03ab31c44ea991b484992

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7482.exe

Filesize
468KB

MD5
e67b79ac0e5104fbcde2be1fe4a27eef

SHA1
1e1f86c98d95119b571c9bd84bc20c138ea20d7f

SHA256
0594385723c1521aae5010e1a151614f1637aaffed85a8ca3b21abff9cc8dac8

SHA512
92352fbf923990c71da6a3b5919b7581ee2013d1d7730b53b47b4e5ba644f79874c5c46c0e5f57b799269179075ef435d88e2df82ac35becc3758cacd7e32b38

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9314.exe

Filesize
468KB

MD5
bc8ee5c982b81b3c620803bb0c7e8b89

SHA1
1c468de9cb4805bb4a4cdf06a779800a8bd23c5b

SHA256
4384d9dbc4753adf01a33bb04b2a2aaddd1fd85634c16942f3e9afb1afeb6489

SHA512
a0b8d64ff1c7294d184a6eddfdcd85290fa00ba2c6f72e705eb0f38ca0cd8524a3ccf69fe04b672f860381f3a89cf8566e4a2292787de4de3981da7546232f24

Download Submit
memory/264-287-0x0000000000620000-0x0000000000695000-memory.dmp

Filesize
468KB

Download
memory/264-305-0x0000000000620000-0x0000000000695000-memory.dmp

Filesize
468KB

Download
memory/264-166-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/572-281-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/832-274-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/928-269-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1308-310-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1312-418-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1552-311-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1568-237-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1568-388-0x0000000002670000-0x00000000026E5000-memory.dmp

Filesize
468KB

Download
memory/1700-382-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1700-376-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1700-121-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1732-363-0x0000000001FF0000-0x0000000002065000-memory.dmp

Filesize
468KB

Download
memory/1732-372-0x0000000001FF0000-0x0000000002065000-memory.dmp

Filesize
468KB

Download
memory/1732-95-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1732-197-0x0000000002B20000-0x0000000002B95000-memory.dmp

Filesize
468KB

Download
memory/1732-196-0x0000000002B20000-0x0000000002B95000-memory.dmp

Filesize
468KB

Download
memory/1804-374-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1928-336-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1928-337-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1928-199-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2080-373-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2088-383-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2092-390-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2156-297-0x0000000001E00000-0x0000000001E75000-memory.dmp

Filesize
468KB

Download
memory/2156-65-0x00000000027B0000-0x0000000002825000-memory.dmp

Filesize
468KB

Download
memory/2156-283-0x0000000001E00000-0x0000000001E75000-memory.dmp

Filesize
468KB

Download
memory/2156-26-0x00000000027B0000-0x0000000002825000-memory.dmp

Filesize
468KB

Download
memory/2156-162-0x0000000001E00000-0x0000000001E75000-memory.dmp

Filesize
468KB

Download
memory/2156-391-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2156-160-0x0000000001E00000-0x0000000001E75000-memory.dmp

Filesize
468KB

Download
memory/2236-248-0x00000000033D0000-0x0000000003445000-memory.dmp

Filesize
468KB

Download
memory/2236-158-0x00000000028A0000-0x0000000002915000-memory.dmp

Filesize
468KB

Download
memory/2236-359-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2236-389-0x00000000028A0000-0x0000000002915000-memory.dmp

Filesize
468KB

Download
memory/2236-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2236-27-0x00000000028A0000-0x0000000002915000-memory.dmp

Filesize
468KB

Download
memory/2236-7-0x00000000033D0000-0x0000000003445000-memory.dmp

Filesize
468KB

Download
memory/2236-159-0x00000000028A0000-0x0000000002915000-memory.dmp

Filesize
468KB

Download
memory/2236-11-0x00000000028A0000-0x0000000002915000-memory.dmp

Filesize
468KB

Download
memory/2320-427-0x00000000028D0000-0x0000000002945000-memory.dmp

Filesize
468KB

Download
memory/2320-426-0x00000000028D0000-0x0000000002945000-memory.dmp

Filesize
468KB

Download
memory/2320-307-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2332-334-0x0000000002660000-0x00000000026D5000-memory.dmp

Filesize
468KB

Download
memory/2332-195-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2332-332-0x0000000002660000-0x00000000026D5000-memory.dmp

Filesize
468KB

Download
memory/2432-362-0x0000000002740000-0x00000000027B5000-memory.dmp

Filesize
468KB

Download
memory/2432-371-0x0000000002740000-0x00000000027B5000-memory.dmp

Filesize
468KB

Download
memory/2432-214-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2476-306-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2572-238-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2580-229-0x0000000001DF0000-0x0000000001E65000-memory.dmp

Filesize
468KB

Download
memory/2580-230-0x0000000001DF0000-0x0000000001E65000-memory.dmp

Filesize
468KB

Download
memory/2580-142-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2616-212-0x00000000026B0000-0x0000000002725000-memory.dmp

Filesize
468KB

Download
memory/2616-213-0x00000000026B0000-0x0000000002725000-memory.dmp

Filesize
468KB

Download
memory/2616-357-0x00000000026B0000-0x0000000002725000-memory.dmp

Filesize
468KB

Download
memory/2616-93-0x00000000026B0000-0x0000000002725000-memory.dmp

Filesize
468KB

Download
memory/2616-79-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2652-360-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2660-246-0x0000000002910000-0x0000000002985000-memory.dmp

Filesize
468KB

Download
memory/2660-244-0x0000000002910000-0x0000000002985000-memory.dmp

Filesize
468KB

Download
memory/2660-139-0x0000000002910000-0x0000000002985000-memory.dmp

Filesize
468KB

Download
memory/2660-125-0x0000000002910000-0x0000000002985000-memory.dmp

Filesize
468KB

Download
memory/2660-69-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2732-355-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2744-335-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2768-339-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2772-272-0x00000000025E0000-0x0000000002655000-memory.dmp

Filesize
468KB

Download
memory/2772-259-0x00000000025E0000-0x0000000002655000-memory.dmp

Filesize
468KB

Download
memory/2788-140-0x0000000001E50000-0x0000000001EC5000-memory.dmp

Filesize
468KB

Download
memory/2788-128-0x0000000001E50000-0x0000000001EC5000-memory.dmp

Filesize
468KB

Download
memory/2788-66-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2788-289-0x0000000001E50000-0x0000000001EC5000-memory.dmp

Filesize
468KB

Download
memory/2788-304-0x0000000001E50000-0x0000000001EC5000-memory.dmp

Filesize
468KB

Download
memory/2844-358-0x0000000000370000-0x00000000003E5000-memory.dmp

Filesize
468KB

Download
memory/2844-187-0x0000000000370000-0x00000000003E5000-memory.dmp

Filesize
468KB

Download
memory/2844-74-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2844-186-0x0000000000370000-0x00000000003E5000-memory.dmp

Filesize
468KB

Download
memory/2844-354-0x0000000000370000-0x00000000003E5000-memory.dmp

Filesize
468KB

Download
memory/2864-276-0x0000000001D40000-0x0000000001DB5000-memory.dmp

Filesize
468KB

Download
memory/2864-280-0x0000000001D40000-0x0000000001DB5000-memory.dmp

Filesize
468KB

Download
memory/2892-236-0x00000000028C0000-0x0000000002935000-memory.dmp

Filesize
468KB

Download
memory/2892-235-0x00000000028C0000-0x0000000002935000-memory.dmp

Filesize
468KB

Download
memory/2892-416-0x00000000033F0000-0x0000000003465000-memory.dmp

Filesize
468KB

Download
memory/2892-164-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2892-417-0x00000000033F0000-0x0000000003465000-memory.dmp

Filesize
468KB

Download
memory/2956-161-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2956-256-0x0000000002720000-0x0000000002795000-memory.dmp

Filesize
468KB

Download
memory/2956-267-0x0000000002720000-0x0000000002795000-memory.dmp

Filesize
468KB

Download
memory/2992-120-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2992-296-0x0000000002600000-0x0000000002675000-memory.dmp

Filesize
468KB

Download
memory/2992-285-0x0000000002600000-0x0000000002675000-memory.dmp

Filesize
468KB

Download
memory/3060-257-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download