d85a65fdacc8dcfabd08f268c2e94b267c87c681c66bc7fbc4677efa4a197710

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30/09/2024, 08:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d85a65fdacc8dcfabd08f268c2e94b267c87c681c66bc7fbc4677efa4a197710N.exe
Size

468KB
MD5

75d0c527bbfb22df20f619bf80379330
SHA1

a58805bf27c4ecba641f3d0d28e4f0f2a049e963
SHA256

d85a65fdacc8dcfabd08f268c2e94b267c87c681c66bc7fbc4677efa4a197710
SHA512

060ee171f32e2f1fbed249bf295e23a16a65c94f701f25ad9b8caa88f66fd683134610c98c9197b6b3f3ba22bacae9f2f8d0b25763ac65d96cec71814199f54f
SSDEEP

3072:8qb8ogWxj28U2bYcPz3gqf8/lCZjG4plPmHx8/Hf3zg+xGrN+nl/:8qIoxXU2XPDgqf0EcK3zXArN+

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2764	Unicorn-18799.exe
2408	Unicorn-41606.exe
2396	Unicorn-13572.exe
2656	Unicorn-20893.exe
2360	Unicorn-55795.exe
3052	Unicorn-36352.exe
2012	Unicorn-32822.exe
3016	Unicorn-56383.exe
2016	Unicorn-38245.exe
2284	Unicorn-25631.exe
664	Unicorn-25823.exe
1888	Unicorn-1930.exe
2808	Unicorn-25823.exe
2072	Unicorn-55158.exe
2520	Unicorn-60725.exe
392	Unicorn-27873.exe
1832	Unicorn-20966.exe
1936	Unicorn-8199.exe
980	Unicorn-22043.exe
1768	Unicorn-36918.exe
1596	Unicorn-4245.exe
564	Unicorn-52029.exe
236	Unicorn-3897.exe
2444	Unicorn-40291.exe
2152	Unicorn-19081.exe
2440	Unicorn-22611.exe
1484	Unicorn-24648.exe
2060	Unicorn-54713.exe
264	Unicorn-22611.exe
2784	Unicorn-22346.exe
2568	Unicorn-31760.exe
2556	Unicorn-36507.exe
3036	Unicorn-63664.exe
2896	Unicorn-43991.exe
1952	Unicorn-32253.exe
2916	Unicorn-56757.exe
2604	Unicorn-17571.exe
924	Unicorn-42533.exe
1432	Unicorn-42533.exe
2872	Unicorn-31027.exe
1852	Unicorn-39387.exe
2128	Unicorn-8900.exe
1556	Unicorn-45138.exe
2452	Unicorn-25272.exe
904	Unicorn-50161.exe
2252	Unicorn-4489.exe
2044	Unicorn-7784.exe
1772	Unicorn-5375.exe
1288	Unicorn-11505.exe
680	Unicorn-60898.exe
596	Unicorn-60898.exe
1844	Unicorn-60898.exe
1120	Unicorn-54768.exe
1664	Unicorn-45520.exe
2076	Unicorn-22476.exe
1084	Unicorn-31142.exe
2692	Unicorn-31407.exe
2708	Unicorn-17300.exe
2756	Unicorn-23431.exe
1172	Unicorn-18557.exe
2936	Unicorn-22279.exe
1708	Unicorn-38837.exe
2632	Unicorn-29435.exe
1912	Unicorn-38252.exe

Loads dropped DLL 64 IoCs

pid	Process
2776	d85a65fdacc8dcfabd08f268c2e94b267c87c681c66bc7fbc4677efa4a197710N.exe
2776	d85a65fdacc8dcfabd08f268c2e94b267c87c681c66bc7fbc4677efa4a197710N.exe
2764	Unicorn-18799.exe
2764	Unicorn-18799.exe
2776	d85a65fdacc8dcfabd08f268c2e94b267c87c681c66bc7fbc4677efa4a197710N.exe
2776	d85a65fdacc8dcfabd08f268c2e94b267c87c681c66bc7fbc4677efa4a197710N.exe
2408	Unicorn-41606.exe
2408	Unicorn-41606.exe
2764	Unicorn-18799.exe
2776	d85a65fdacc8dcfabd08f268c2e94b267c87c681c66bc7fbc4677efa4a197710N.exe
2396	Unicorn-13572.exe
2776	d85a65fdacc8dcfabd08f268c2e94b267c87c681c66bc7fbc4677efa4a197710N.exe
2396	Unicorn-13572.exe
2764	Unicorn-18799.exe
2656	Unicorn-20893.exe
2656	Unicorn-20893.exe
2408	Unicorn-41606.exe
2408	Unicorn-41606.exe
2360	Unicorn-55795.exe
2360	Unicorn-55795.exe
2776	d85a65fdacc8dcfabd08f268c2e94b267c87c681c66bc7fbc4677efa4a197710N.exe
2776	d85a65fdacc8dcfabd08f268c2e94b267c87c681c66bc7fbc4677efa4a197710N.exe
2012	Unicorn-32822.exe
2012	Unicorn-32822.exe
3052	Unicorn-36352.exe
3052	Unicorn-36352.exe
2396	Unicorn-13572.exe
2764	Unicorn-18799.exe
2396	Unicorn-13572.exe
2764	Unicorn-18799.exe
3016	Unicorn-56383.exe
3016	Unicorn-56383.exe
2656	Unicorn-20893.exe
2016	Unicorn-38245.exe
2656	Unicorn-20893.exe
2016	Unicorn-38245.exe
2408	Unicorn-41606.exe
2408	Unicorn-41606.exe
2284	Unicorn-25631.exe
2284	Unicorn-25631.exe
664	Unicorn-25823.exe
664	Unicorn-25823.exe
2360	Unicorn-55795.exe
2360	Unicorn-55795.exe
2012	Unicorn-32822.exe
2012	Unicorn-32822.exe
2808	Unicorn-25823.exe
2808	Unicorn-25823.exe
3052	Unicorn-36352.exe
3052	Unicorn-36352.exe
2072	Unicorn-55158.exe
1888	Unicorn-1930.exe
1888	Unicorn-1930.exe
2764	Unicorn-18799.exe
2072	Unicorn-55158.exe
2396	Unicorn-13572.exe
2764	Unicorn-18799.exe
2396	Unicorn-13572.exe
2776	d85a65fdacc8dcfabd08f268c2e94b267c87c681c66bc7fbc4677efa4a197710N.exe
2776	d85a65fdacc8dcfabd08f268c2e94b267c87c681c66bc7fbc4677efa4a197710N.exe
392	Unicorn-27873.exe
392	Unicorn-27873.exe
3016	Unicorn-56383.exe
3016	Unicorn-56383.exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47349.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62805.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38211.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48331.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45236.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35436.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60758.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60137.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38211.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62805.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62515.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24475.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11130.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19795.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45236.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45236.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19858.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32473.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19795.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13388.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64427.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22709.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44300.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45236.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61772.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4900.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10160.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11176.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48331.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21523.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57881.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61772.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4945.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27964.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45236.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32858.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40133.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46061.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45236.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35111.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54630.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50837.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61772.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49591.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56477.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7302.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33201.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48331.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62364.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62364.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22476.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48331.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13572.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35111.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35410.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22098.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17300.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45236.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27131.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3202.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32473.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27873.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41239.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64427.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2776	d85a65fdacc8dcfabd08f268c2e94b267c87c681c66bc7fbc4677efa4a197710N.exe
2764	Unicorn-18799.exe
2408	Unicorn-41606.exe
2396	Unicorn-13572.exe
2656	Unicorn-20893.exe
3052	Unicorn-36352.exe
2360	Unicorn-55795.exe
2012	Unicorn-32822.exe
3016	Unicorn-56383.exe
2016	Unicorn-38245.exe
2284	Unicorn-25631.exe
664	Unicorn-25823.exe
2520	Unicorn-60725.exe
2072	Unicorn-55158.exe
1888	Unicorn-1930.exe
2808	Unicorn-25823.exe
392	Unicorn-27873.exe
1936	Unicorn-8199.exe
1832	Unicorn-20966.exe
980	Unicorn-22043.exe
1768	Unicorn-36918.exe
1596	Unicorn-4245.exe
2444	Unicorn-40291.exe
564	Unicorn-52029.exe
236	Unicorn-3897.exe
2440	Unicorn-22611.exe
1484	Unicorn-24648.exe
264	Unicorn-22611.exe
2152	Unicorn-19081.exe
2060	Unicorn-54713.exe
2784	Unicorn-22346.exe
2568	Unicorn-31760.exe
2556	Unicorn-36507.exe
2916	Unicorn-56757.exe
2604	Unicorn-17571.exe
3036	Unicorn-63664.exe
2896	Unicorn-43991.exe
1952	Unicorn-32253.exe
924	Unicorn-42533.exe
1432	Unicorn-42533.exe
2872	Unicorn-31027.exe
1852	Unicorn-39387.exe
2128	Unicorn-8900.exe
1556	Unicorn-45138.exe
2452	Unicorn-25272.exe
904	Unicorn-50161.exe
2252	Unicorn-4489.exe
1288	Unicorn-11505.exe
1772	Unicorn-5375.exe
680	Unicorn-60898.exe
1844	Unicorn-60898.exe
1120	Unicorn-54768.exe
2044	Unicorn-7784.exe
1664	Unicorn-45520.exe
596	Unicorn-60898.exe
2076	Unicorn-22476.exe
2692	Unicorn-31407.exe
1084	Unicorn-31142.exe
2708	Unicorn-17300.exe
2756	Unicorn-23431.exe
1172	Unicorn-18557.exe
2936	Unicorn-22279.exe
1708	Unicorn-38837.exe
2632	Unicorn-29435.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2776 wrote to memory of 2764	2776	d85a65fdacc8dcfabd08f268c2e94b267c87c681c66bc7fbc4677efa4a197710N.exe	31
PID 2776 wrote to memory of 2764	2776	d85a65fdacc8dcfabd08f268c2e94b267c87c681c66bc7fbc4677efa4a197710N.exe	31
PID 2776 wrote to memory of 2764	2776	d85a65fdacc8dcfabd08f268c2e94b267c87c681c66bc7fbc4677efa4a197710N.exe	31
PID 2776 wrote to memory of 2764	2776	d85a65fdacc8dcfabd08f268c2e94b267c87c681c66bc7fbc4677efa4a197710N.exe	31
PID 2764 wrote to memory of 2408	2764	Unicorn-18799.exe	32
PID 2764 wrote to memory of 2408	2764	Unicorn-18799.exe	32
PID 2764 wrote to memory of 2408	2764	Unicorn-18799.exe	32
PID 2764 wrote to memory of 2408	2764	Unicorn-18799.exe	32
PID 2776 wrote to memory of 2396	2776	d85a65fdacc8dcfabd08f268c2e94b267c87c681c66bc7fbc4677efa4a197710N.exe	33
PID 2776 wrote to memory of 2396	2776	d85a65fdacc8dcfabd08f268c2e94b267c87c681c66bc7fbc4677efa4a197710N.exe	33
PID 2776 wrote to memory of 2396	2776	d85a65fdacc8dcfabd08f268c2e94b267c87c681c66bc7fbc4677efa4a197710N.exe	33
PID 2776 wrote to memory of 2396	2776	d85a65fdacc8dcfabd08f268c2e94b267c87c681c66bc7fbc4677efa4a197710N.exe	33
PID 2408 wrote to memory of 2656	2408	Unicorn-41606.exe	34
PID 2408 wrote to memory of 2656	2408	Unicorn-41606.exe	34
PID 2408 wrote to memory of 2656	2408	Unicorn-41606.exe	34
PID 2408 wrote to memory of 2656	2408	Unicorn-41606.exe	34
PID 2776 wrote to memory of 2360	2776	d85a65fdacc8dcfabd08f268c2e94b267c87c681c66bc7fbc4677efa4a197710N.exe	36
PID 2776 wrote to memory of 2360	2776	d85a65fdacc8dcfabd08f268c2e94b267c87c681c66bc7fbc4677efa4a197710N.exe	36
PID 2776 wrote to memory of 2360	2776	d85a65fdacc8dcfabd08f268c2e94b267c87c681c66bc7fbc4677efa4a197710N.exe	36
PID 2776 wrote to memory of 2360	2776	d85a65fdacc8dcfabd08f268c2e94b267c87c681c66bc7fbc4677efa4a197710N.exe	36
PID 2396 wrote to memory of 3052	2396	Unicorn-13572.exe	37
PID 2396 wrote to memory of 3052	2396	Unicorn-13572.exe	37
PID 2396 wrote to memory of 3052	2396	Unicorn-13572.exe	37
PID 2396 wrote to memory of 3052	2396	Unicorn-13572.exe	37
PID 2764 wrote to memory of 2012	2764	Unicorn-18799.exe	35
PID 2764 wrote to memory of 2012	2764	Unicorn-18799.exe	35
PID 2764 wrote to memory of 2012	2764	Unicorn-18799.exe	35
PID 2764 wrote to memory of 2012	2764	Unicorn-18799.exe	35
PID 2656 wrote to memory of 3016	2656	Unicorn-20893.exe	38
PID 2656 wrote to memory of 3016	2656	Unicorn-20893.exe	38
PID 2656 wrote to memory of 3016	2656	Unicorn-20893.exe	38
PID 2656 wrote to memory of 3016	2656	Unicorn-20893.exe	38
PID 2408 wrote to memory of 2016	2408	Unicorn-41606.exe	39
PID 2408 wrote to memory of 2016	2408	Unicorn-41606.exe	39
PID 2408 wrote to memory of 2016	2408	Unicorn-41606.exe	39
PID 2408 wrote to memory of 2016	2408	Unicorn-41606.exe	39
PID 2360 wrote to memory of 2284	2360	Unicorn-55795.exe	40
PID 2360 wrote to memory of 2284	2360	Unicorn-55795.exe	40
PID 2360 wrote to memory of 2284	2360	Unicorn-55795.exe	40
PID 2360 wrote to memory of 2284	2360	Unicorn-55795.exe	40
PID 2776 wrote to memory of 1888	2776	d85a65fdacc8dcfabd08f268c2e94b267c87c681c66bc7fbc4677efa4a197710N.exe	41
PID 2776 wrote to memory of 1888	2776	d85a65fdacc8dcfabd08f268c2e94b267c87c681c66bc7fbc4677efa4a197710N.exe	41
PID 2776 wrote to memory of 1888	2776	d85a65fdacc8dcfabd08f268c2e94b267c87c681c66bc7fbc4677efa4a197710N.exe	41
PID 2776 wrote to memory of 1888	2776	d85a65fdacc8dcfabd08f268c2e94b267c87c681c66bc7fbc4677efa4a197710N.exe	41
PID 2012 wrote to memory of 664	2012	Unicorn-32822.exe	42
PID 2012 wrote to memory of 664	2012	Unicorn-32822.exe	42
PID 2012 wrote to memory of 664	2012	Unicorn-32822.exe	42
PID 2012 wrote to memory of 664	2012	Unicorn-32822.exe	42
PID 3052 wrote to memory of 2808	3052	Unicorn-36352.exe	43
PID 3052 wrote to memory of 2808	3052	Unicorn-36352.exe	43
PID 3052 wrote to memory of 2808	3052	Unicorn-36352.exe	43
PID 3052 wrote to memory of 2808	3052	Unicorn-36352.exe	43
PID 2396 wrote to memory of 2072	2396	Unicorn-13572.exe	44
PID 2396 wrote to memory of 2072	2396	Unicorn-13572.exe	44
PID 2396 wrote to memory of 2072	2396	Unicorn-13572.exe	44
PID 2396 wrote to memory of 2072	2396	Unicorn-13572.exe	44
PID 2764 wrote to memory of 2520	2764	Unicorn-18799.exe	45
PID 2764 wrote to memory of 2520	2764	Unicorn-18799.exe	45
PID 2764 wrote to memory of 2520	2764	Unicorn-18799.exe	45
PID 2764 wrote to memory of 2520	2764	Unicorn-18799.exe	45
PID 3016 wrote to memory of 392	3016	Unicorn-56383.exe	46
PID 3016 wrote to memory of 392	3016	Unicorn-56383.exe	46
PID 3016 wrote to memory of 392	3016	Unicorn-56383.exe	46
PID 3016 wrote to memory of 392	3016	Unicorn-56383.exe	46

C:\Users\Admin\AppData\Local\Temp\d85a65fdacc8dcfabd08f268c2e94b267c87c681c66bc7fbc4677efa4a197710N.exe
"C:\Users\Admin\AppData\Local\Temp\d85a65fdacc8dcfabd08f268c2e94b267c87c681c66bc7fbc4677efa4a197710N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2776
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18799.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18799.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41606.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41606.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20893.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20893.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56383.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27873.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31760.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23431.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3965.exe
        9⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52557.exe
        10⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49081.exe
        10⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22098.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15425.exe
        10⤵
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32691.exe
        9⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62515.exe
        9⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19795.exe
        9⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61772.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23041.exe
        8⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21146.exe
        9⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54630.exe
        9⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29692.exe
        9⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30583.exe
        8⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60212.exe
        8⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35634.exe
        8⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
        8⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18557.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22653.exe
        8⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3398.exe
        9⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24475.exe
        9⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48331.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15425.exe
        9⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62805.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9640.exe
        8⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1388.exe
        8⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59961.exe
        8⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60051.exe
        7⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52733.exe
        8⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18225.exe
        8⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7471.exe
        7⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51472.exe
        7⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61860.exe
        7⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59961.exe
        7⤵
        
        PID:6148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36507.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22279.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34900.exe
        8⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49070.exe
        8⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38211.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27964.exe
        8⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61772.exe
        8⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-426.exe
        7⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62805.exe
        7⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27267.exe
        7⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59961.exe
        7⤵
        
        PID:5440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38837.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49591.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49070.exe
        7⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38211.exe
        7⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27964.exe
        7⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64427.exe
        7⤵
        
        PID:6268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57878.exe
        6⤵
        
        PID:2752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60005.exe
        6⤵
        
        PID:2816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18875.exe
        6⤵
        
        PID:4308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19828.exe
        6⤵
        
        PID:5296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40771.exe
        6⤵
        
        PID:6540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8199.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56757.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38252.exe
        7⤵
        Executes dropped EXE
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56166.exe
        8⤵
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54630.exe
        8⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54196.exe
        8⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64427.exe
        8⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8070.exe
        7⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62515.exe
        7⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44300.exe
        7⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45677.exe
        7⤵
        
        PID:6600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25402.exe
        6⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65368.exe
        7⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59252.exe
        7⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45531.exe
        7⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
        7⤵
        
        PID:6424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55407.exe
        6⤵
        
        PID:1764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2843.exe
        6⤵
        
        PID:3308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11130.exe
        6⤵
        
        PID:5044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
        6⤵
        
        PID:6176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29435.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36649.exe
        6⤵
        
        PID:2596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10160.exe
        6⤵
        
        PID:4444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48331.exe
        6⤵
        
        PID:5692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15425.exe
        6⤵
        
        PID:7116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3598.exe
        5⤵
        
        PID:1960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35011.exe
        5⤵
        
        PID:3528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36165.exe
        5⤵
        
        PID:4544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40771.exe
        5⤵
        
        PID:6532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38245.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20966.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63664.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6721.exe
        7⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16506.exe
        7⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38211.exe
        7⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27964.exe
        7⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61772.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29725.exe
        6⤵
        
        PID:1640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62805.exe
        6⤵
        
        PID:4056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe
        6⤵
        
        PID:4492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45531.exe
        6⤵
        
        PID:5380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43991.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31236.exe
        6⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1490.exe
        7⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32303.exe
        8⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25728.exe
        8⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13930.exe
        8⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15425.exe
        8⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10901.exe
        7⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62816.exe
        7⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54196.exe
        7⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64427.exe
        7⤵
        
        PID:5860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43518.exe
        6⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16865.exe
        7⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40536.exe
        7⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48331.exe
        7⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4900.exe
        7⤵
        
        PID:6988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60298.exe
        6⤵
        
        PID:3900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60137.exe
        6⤵
        
        PID:4924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53699.exe
        6⤵
        
        PID:5732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
        6⤵
        
        PID:6200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64986.exe
        5⤵
        
        PID:2828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13851.exe
        6⤵
        
        PID:2232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5635.exe
        6⤵
        
        PID:3344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22098.exe
        6⤵
        
        PID:5244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4900.exe
        6⤵
        
        PID:6748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13586.exe
        5⤵
        
        PID:1720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62813.exe
        5⤵
        
        PID:4752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10285.exe
        5⤵
        
        PID:5428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40771.exe
        5⤵
        
        PID:6564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22043.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22043.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32253.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12595.exe
        6⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15203.exe
        7⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62515.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44300.exe
        7⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61772.exe
        7⤵
        
        PID:6796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27940.exe
        6⤵
        
        PID:2400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62515.exe
        6⤵
        
        PID:2996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19795.exe
        6⤵
        
        PID:4536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61772.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1282.exe
        5⤵
        
        PID:440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3815.exe
        6⤵
        
        PID:1192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32473.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12986.exe
        6⤵
        
        PID:5864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21805.exe
        5⤵
        
        PID:2888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2843.exe
        5⤵
        
        PID:4024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11130.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
        5⤵
        
        PID:6524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17571.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17571.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17806.exe
        5⤵
        
        PID:1400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44690.exe
        6⤵
        
        PID:3264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10160.exe
        6⤵
        
        PID:4392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48331.exe
        6⤵
        
        PID:5612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4900.exe
        6⤵
        
        PID:6932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38747.exe
        5⤵
        
        PID:2500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62515.exe
        5⤵
        
        PID:2496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44300.exe
        5⤵
        
        PID:4872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61772.exe
        5⤵
        
        PID:6804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27131.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27131.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62798.exe
        5⤵
        
        PID:1372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54630.exe
        5⤵
        
        PID:4724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62364.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64427.exe
        5⤵
        
        PID:6284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22340.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22340.exe
      4⤵
      PID:1876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60245.exe
      4⤵
      PID:3560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63835.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63835.exe
      4⤵
      PID:5256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35436.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35436.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32822.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32822.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25823.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25823.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4245.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42533.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29316.exe
        7⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47806.exe
        8⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10160.exe
        8⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13930.exe
        8⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4900.exe
        8⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51293.exe
        7⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40232.exe
        7⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27964.exe
        7⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64427.exe
        7⤵
        
        PID:6656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3202.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34163.exe
        7⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33455.exe
        8⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40344.exe
        8⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31994.exe
        8⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4900.exe
        8⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11176.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62515.exe
        7⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19795.exe
        7⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45677.exe
        7⤵
        
        PID:6596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28032.exe
        6⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41239.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51193.exe
        7⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38435.exe
        7⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4900.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30777.exe
        6⤵
        
        PID:3588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59715.exe
        6⤵
        
        PID:3576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60132.exe
        6⤵
        
        PID:5112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30777.exe
        5⤵
        
        PID:1008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43237.exe
        6⤵
        
        PID:2648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        6⤵
        
        PID:4384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22098.exe
        6⤵
        
        PID:5196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15425.exe
        6⤵
        
        PID:7136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27671.exe
        5⤵
        
        PID:1872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59715.exe
        5⤵
        
        PID:4036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19099.exe
        5⤵
        
        PID:4820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62302.exe
        5⤵
        
        PID:6676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3897.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3897.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11505.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22845.exe
        6⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4945.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19769.exe
        7⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64572.exe
        7⤵
        
        PID:6492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12074.exe
        6⤵
        
        PID:3076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54272.exe
        6⤵
        
        PID:5024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54196.exe
        6⤵
        
        PID:5652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61772.exe
        6⤵
        
        PID:6828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5200.exe
        5⤵
        
        PID:1320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35214.exe
        6⤵
        
        PID:4980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50837.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44367.exe
        5⤵
        
        PID:3324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60137.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45531.exe
        5⤵
        
        PID:5596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54768.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54768.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38989.exe
        5⤵
        
        PID:2876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33201.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40536.exe
        6⤵
        
        PID:4940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48331.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15425.exe
        6⤵
        
        PID:6468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
        5⤵
        
        PID:4060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54272.exe
        5⤵
        
        PID:5000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54196.exe
        5⤵
        
        PID:5572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47468.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47468.exe
      4⤵
      PID:1820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3398.exe
        5⤵
        
        PID:3296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24475.exe
        5⤵
        
        PID:4212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56499.exe
        5⤵
        
        PID:5484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4900.exe
        5⤵
        
        PID:6684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46554.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46554.exe
      4⤵
      PID:3140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34936.exe
      4⤵
      PID:4992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29725.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29725.exe
      4⤵
      PID:5708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40771.exe
      4⤵
      PID:6556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60725.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60725.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56477.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3398.exe
        6⤵
        
        PID:3380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24475.exe
        6⤵
        
        PID:4404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48331.exe
        6⤵
        
        PID:5700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4900.exe
        6⤵
        
        PID:6980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19858.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54272.exe
        5⤵
        
        PID:5008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45459.exe
        5⤵
        
        PID:5848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32858.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32858.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3398.exe
        5⤵
        
        PID:3376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24475.exe
        5⤵
        
        PID:4352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48331.exe
        5⤵
        
        PID:5644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4900.exe
        5⤵
        
        PID:6940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15146.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15146.exe
      4⤵
      PID:4072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51472.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51472.exe
      4⤵
      PID:4964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37163.exe
      4⤵
      PID:5772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22346.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22346.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60898.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6529.exe
        5⤵
        
        PID:1004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40133.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54630.exe
        5⤵
        
        PID:4812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21523.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61772.exe
        5⤵
        
        PID:6860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22709.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22709.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62805.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62805.exe
      4⤵
      PID:3196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe
      4⤵
      PID:4504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45531.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45531.exe
      4⤵
      PID:5604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22476.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22476.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36649.exe
      4⤵
      PID:2720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10160.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10160.exe
      4⤵
      PID:4452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48331.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48331.exe
      4⤵
      PID:5684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4900.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4900.exe
      4⤵
      PID:6972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35111.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35111.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43909.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43909.exe
    3⤵
    PID:1420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24530.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24530.exe
    3⤵
    PID:5836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35436.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35436.exe
    3⤵
    PID:6708
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13572.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13572.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36352.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36352.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25823.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25823.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40291.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8900.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57577.exe
        7⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10756.exe
        8⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10160.exe
        8⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48331.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4900.exe
        8⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9836.exe
        7⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51777.exe
        7⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19298.exe
        7⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
        7⤵
        
        PID:5760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21375.exe
        6⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61345.exe
        7⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54630.exe
        7⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62364.exe
        7⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64427.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22843.exe
        6⤵
        
        PID:2368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2843.exe
        6⤵
        
        PID:3640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35634.exe
        6⤵
        
        PID:4844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
        6⤵
        
        PID:6384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25272.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5963.exe
        6⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44197.exe
        7⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54630.exe
        7⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21523.exe
        7⤵
        
        PID:5588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7302.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62515.exe
        6⤵
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19795.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64427.exe
        6⤵
        
        PID:6244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35111.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44690.exe
        6⤵
        
        PID:3256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10160.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13930.exe
        6⤵
        
        PID:5052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4900.exe
        6⤵
        
        PID:6996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-787.exe
        5⤵
        
        PID:2352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21095.exe
        5⤵
        
        PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28995.exe
        5⤵
        
        PID:5828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62302.exe
        5⤵
        
        PID:6724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19081.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31407.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18019.exe
        6⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33455.exe
        7⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9392.exe
        7⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48331.exe
        7⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4900.exe
        7⤵
        
        PID:6812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2733.exe
        6⤵
        
        PID:3672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62515.exe
        6⤵
        
        PID:3236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44300.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64427.exe
        6⤵
        
        PID:6296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51879.exe
        5⤵
        
        PID:1600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3398.exe
        6⤵
        
        PID:3272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24475.exe
        6⤵
        
        PID:4224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48331.exe
        6⤵
        
        PID:5452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4900.exe
        6⤵
        
        PID:6884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44154.exe
        5⤵
        
        PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60137.exe
        5⤵
        
        PID:4984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19298.exe
        5⤵
        
        PID:5204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
        5⤵
        
        PID:6516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17300.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17300.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60758.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53242.exe
        6⤵
        
        PID:3416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10160.exe
        6⤵
        
        PID:4376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48331.exe
        6⤵
        
        PID:5668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4900.exe
        6⤵
        
        PID:6948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3133.exe
        5⤵
        
        PID:4092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35410.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61860.exe
        5⤵
        
        PID:5556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59961.exe
        5⤵
        
        PID:2240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44349.exe
      4⤵
      PID:2792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44080.exe
        5⤵
        
        PID:1208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54630.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62364.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45677.exe
        5⤵
        
        PID:6588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49683.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49683.exe
      4⤵
      PID:1504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26843.exe
      4⤵
      PID:376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46061.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46061.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40771.exe
      4⤵
      PID:6572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55158.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55158.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22611.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51251.exe
        5⤵
        
        PID:1016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13851.exe
        6⤵
        
        PID:2504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48780.exe
        6⤵
        
        PID:3512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22098.exe
        6⤵
        
        PID:5220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4900.exe
        6⤵
        
        PID:6964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33294.exe
        5⤵
        
        PID:3020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33404.exe
        5⤵
        
        PID:3472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45531.exe
        5⤵
        
        PID:5364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
        5⤵
        
        PID:6400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7784.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7784.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13851.exe
        5⤵
        
        PID:984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51878.exe
        5⤵
        
        PID:4764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48331.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4900.exe
        5⤵
        
        PID:6924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30518.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30518.exe
      4⤵
      PID:1228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36201.exe
      4⤵
      PID:4248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54441.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54441.exe
      4⤵
      PID:4904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
      4⤵
      PID:6432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24648.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24648.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60898.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28443.exe
        5⤵
        
        PID:480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3398.exe
        6⤵
        
        PID:3292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24475.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15658.exe
        6⤵
        
        PID:5580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4900.exe
        6⤵
        
        PID:6892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33593.exe
        5⤵
        
        PID:3984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60137.exe
        5⤵
        
        PID:4912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58757.exe
        5⤵
        
        PID:5356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59961.exe
        5⤵
        
        PID:6732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56845.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56845.exe
      4⤵
      PID:2268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58613.exe
        5⤵
        
        PID:1540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32473.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12986.exe
        5⤵
        
        PID:5844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36339.exe
      4⤵
      PID:1264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2843.exe
      4⤵
      PID:3456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11130.exe
      4⤵
      PID:4948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
      4⤵
      PID:6408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31142.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31142.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31226.exe
      4⤵
      PID:276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16506.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16506.exe
      4⤵
      PID:3424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38211.exe
      4⤵
      PID:4304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62364.exe
      4⤵
      PID:5508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64427.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-972.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-972.exe
    3⤵
    PID:2716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43469.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43469.exe
    3⤵
    PID:3892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35941.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35941.exe
    3⤵
    PID:4496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48956.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48956.exe
    3⤵
    PID:5496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39636.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39636.exe
    3⤵
    PID:6484
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55795.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55795.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25631.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25631.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36918.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36918.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42533.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39202.exe
        6⤵
        
        PID:1636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16506.exe
        6⤵
        
        PID:3412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38211.exe
        6⤵
        
        PID:4152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27964.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61772.exe
        6⤵
        
        PID:6756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19336.exe
        5⤵
        
        PID:2468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30241.exe
        5⤵
        
        PID:3440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60495.exe
        5⤵
        
        PID:4736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53699.exe
        5⤵
        
        PID:5724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31027.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31027.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23041.exe
        5⤵
        
        PID:892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4233.exe
        6⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25417.exe
        7⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7048.exe
        7⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62447.exe
        7⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64427.exe
        7⤵
        
        PID:6152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49070.exe
        6⤵
        
        PID:3168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38211.exe
        6⤵
        
        PID:4244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54196.exe
        6⤵
        
        PID:5460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45677.exe
        6⤵
        
        PID:6456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6079.exe
        5⤵
        
        PID:3368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2843.exe
        5⤵
        
        PID:3348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11130.exe
        5⤵
        
        PID:4876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
        5⤵
        
        PID:6440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16937.exe
      4⤵
      PID:1604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47349.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28652.exe
        6⤵
        
        PID:2112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49070.exe
        6⤵
        
        PID:4044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38211.exe
        6⤵
        
        PID:4324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27964.exe
        6⤵
        
        PID:5308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45677.exe
        6⤵
        
        PID:6608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25314.exe
        5⤵
        
        PID:3044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62805.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe
        5⤵
        
        PID:4508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21026.exe
        5⤵
        
        PID:5884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41604.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41604.exe
      4⤵
      PID:1544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39846.exe
        5⤵
        
        PID:4676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41567.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41567.exe
      4⤵
      PID:3288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34936.exe
      4⤵
      PID:4932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13388.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13388.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40771.exe
      4⤵
      PID:6548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52029.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52029.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4489.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61142.exe
        5⤵
        
        PID:1588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63138.exe
        6⤵
        
        PID:3488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54630.exe
        6⤵
        
        PID:4772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27964.exe
        6⤵
        
        PID:5288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61772.exe
        6⤵
        
        PID:6764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22603.exe
        5⤵
        
        PID:1464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30335.exe
        5⤵
        
        PID:4260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27964.exe
        5⤵
        
        PID:5144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64427.exe
        5⤵
        
        PID:6664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7452.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7452.exe
      4⤵
      PID:2388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4339.exe
        5⤵
        
        PID:372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49070.exe
        5⤵
        
        PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38211.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27964.exe
        5⤵
        
        PID:5236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61772.exe
        5⤵
        
        PID:6780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7721.exe
      4⤵
      PID:760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41463.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41463.exe
      4⤵
      PID:3240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45531.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45531.exe
      4⤵
      PID:5388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
      4⤵
      PID:6208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5375.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5375.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36649.exe
      4⤵
      PID:1240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59169.exe
      4⤵
      PID:4284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30266.exe
      4⤵
      PID:4124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4900.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4900.exe
      4⤵
      PID:6820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11879.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11879.exe
    3⤵
    PID:1280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59715.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59715.exe
    3⤵
    PID:2944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60132.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60132.exe
    3⤵
    PID:4612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59961.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59961.exe
    3⤵
    PID:6156
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1930.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1930.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22611.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22611.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45138.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45138.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31345.exe
        5⤵
        
        PID:2700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52557.exe
        6⤵
        
        PID:2536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10160.exe
        6⤵
        
        PID:4360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13930.exe
        6⤵
        
        PID:5084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15425.exe
        6⤵
        
        PID:6236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31806.exe
        5⤵
        
        PID:3000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62515.exe
        5⤵
        
        PID:3248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9755.exe
        5⤵
        
        PID:5396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52704.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52704.exe
      4⤵
      PID:2564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11524.exe
        5⤵
        
        PID:2724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10160.exe
        5⤵
        
        PID:4436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13930.exe
        5⤵
        
        PID:5040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15425.exe
        5⤵
        
        PID:7144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21037.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21037.exe
      4⤵
      PID:872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2843.exe
      4⤵
      PID:3484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35634.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35634.exe
      4⤵
      PID:4600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50161.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50161.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47733.exe
      4⤵
      PID:1892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50497.exe
        5⤵
        
        PID:3364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49070.exe
        5⤵
        
        PID:3124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38211.exe
        5⤵
        
        PID:4220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19795.exe
        5⤵
        
        PID:5060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61772.exe
        5⤵
        
        PID:6852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35618.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35618.exe
      4⤵
      PID:3156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54272.exe
      4⤵
      PID:5016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37860.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37860.exe
      4⤵
      PID:5808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61772.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61772.exe
      4⤵
      PID:6844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8951.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8951.exe
    3⤵
    PID:2332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36649.exe
      4⤵
      PID:2920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10160.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10160.exe
      4⤵
      PID:4460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48331.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48331.exe
      4⤵
      PID:5620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15425.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15425.exe
      4⤵
      PID:6380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62533.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62533.exe
    3⤵
    PID:852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51547.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51547.exe
    3⤵
    PID:3504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19099.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19099.exe
    3⤵
    PID:4592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62302.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62302.exe
    3⤵
    PID:6716
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54713.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54713.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60898.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60898.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42907.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42907.exe
      4⤵
      PID:2216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8950.exe
        5⤵
        
        PID:3796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50617.exe
        5⤵
        
        PID:4632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15658.exe
        5⤵
        
        PID:5872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15425.exe
        5⤵
        
        PID:6240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57881.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57881.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62515.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62515.exe
      4⤵
      PID:3556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19795.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19795.exe
      4⤵
      PID:4584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64427.exe
      4⤵
      PID:6276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23425.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23425.exe
    3⤵
    PID:1648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52557.exe
      4⤵
      PID:2156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39651.exe
      4⤵
      PID:4204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22098.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22098.exe
      4⤵
      PID:5152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4900.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4900.exe
      4⤵
      PID:6876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30199.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30199.exe
    3⤵
    PID:3172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13232.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13232.exe
    3⤵
    PID:4272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19298.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19298.exe
    3⤵
    PID:5184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
    3⤵
    PID:6220
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45520.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45520.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41241.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41241.exe
    3⤵
    PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36029.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36029.exe
      4⤵
      PID:2640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49081.exe
      4⤵
      PID:4188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13930.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13930.exe
      4⤵
      PID:4312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4900.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4900.exe
      4⤵
      PID:6900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46724.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46724.exe
    3⤵
    PID:2208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60495.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60495.exe
    3⤵
    PID:4728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53699.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53699.exe
    3⤵
    PID:5740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
    3⤵
    PID:6192
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32841.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32841.exe
  2⤵
  PID:2620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64370.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64370.exe
    3⤵
    PID:2524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62816.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62816.exe
    3⤵
    PID:4196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19795.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19795.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45677.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45677.exe
    3⤵
    PID:7024
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6718.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6718.exe
  2⤵
  PID:2960
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33379.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33379.exe
  2⤵
  PID:3564
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62700.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62700.exe
  2⤵
  PID:5172
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11900.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11900.exe
  2⤵
  PID:6700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13572.exe

Filesize
468KB

MD5
901b55b3c6889af08c98472f35d5c824

SHA1
7415f78d09d38eacc1cded31b83a7437adecff6f

SHA256
c44e89d296e2beafd63be9b3534ab9ae409776bd972272f6857955f94e59a5fa

SHA512
54e9c311857513b062919700e4854d28049ead33dbc2bee85aed724666570a9a6a765b0380666def5c476d3a24083afcf18da3eabf1da5217b9c796935060f78

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1930.exe

Filesize
468KB

MD5
0bfc5a04a1af9afd0ff744a642653296

SHA1
bd009acbb32965444160051e3e727d3115b30d0d

SHA256
d6bfa4c1b7620f27265e3c793d8dd06b17c2c642b3026cfc78b9053364413476

SHA512
c800cbf442e207d7b71bbc80823a1f6be68ee38c04705e30262c4f2970f8f164abc9d548fc0b1546bdd70584064f65c68aa398469bfdd5238fccc83d03ec6c95

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20893.exe

Filesize
468KB

MD5
b6ed16177664b91b3b13b384cea2a00d

SHA1
4a10235f058204e91c38397c81e89c4d8e5f87dc

SHA256
add54dd2890786148038b9a852d11ce1f4cb091d6aa1f272bfecacad3b7818ce

SHA512
4d4dab9f9b4e346998caf5f5bb9eed6b34f57bcd25180fd836e9086ad03581f466e018c20a62effe79c47ef8b11e989fb244d0d12eb6c69941e6bd70e7b8a762

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20966.exe

Filesize
468KB

MD5
84cef09f9e26f0aaacb982c9f36eda47

SHA1
286063e8b42684d8f8b8faf15f614427b4ecde76

SHA256
77f3cc6c4ce6e375ce93247dc4bffc272ac288ead41d8c93b4a8727d83319eae

SHA512
2bfa75d1604cdd16d5a73aa293daee0cdfd01801acd052dc041196e742aa9841bf8d50f0115e01c0daaeab4f24b10f9eb3660f31fa8ff5dadf64b97fd33ec676

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25823.exe

Filesize
468KB

MD5
eeb636ea99064779933e5c8ef3b9c733

SHA1
d10f57e32bf3f1ed56a11ffea21df0a92d850d11

SHA256
f51ac245cb7d4bd882301796dd4e26b7a1de79c4859913ed20963c84bcde783d

SHA512
6fb7f208ce5046488959516435e3d03d9ee27bb4c575ba9821f8eb18a5d8578059153215af274a1669b6ace4efec32aa0ffb9b183541a51fe2a9216f795b1905

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32822.exe

Filesize
468KB

MD5
c802067c51ad3d32ea7a456834bdd410

SHA1
f6a5111df294198e326b8a6895395ab9e45f92e5

SHA256
e99a7e58496a49cc5f19e78e3d5d2b8f0c3c42a55de4c01636108498b101262f

SHA512
fe8478c5fc56f594fcf8ee9bf64ffdb0042a3c7d1b14a0cf9e29708fb59d6c171574176f53dffbba3d2f606f8d3d392c7d01fdb85e0185b8558ff82af2a4e7e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36352.exe

Filesize
468KB

MD5
39d46d0185bb4021012f63b6204dc517

SHA1
84891e455cf28752c267c4ac909edbdaa37e55ff

SHA256
9d347bddd1f185b79899eb4e933b781295d2944a23137329d1b76defd9702bea

SHA512
a21e733c448a9e8d0d5723a8ceb8782392b5bc9e3c773dce4c94272f370db42602ae26fdea409ffc74432c587ff9e8aa91103f2103af46d40acdf4ca6456b7a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56383.exe

Filesize
468KB

MD5
7ff71f985e28b4a10e88bcce752f7c10

SHA1
a1fcc16ccb2647d85216f15cfde223aeda5c35c6

SHA256
d5b56bed7a29b4555cfe6726ff0a9b1414e73120bf65f7779bb3d1b39180f50f

SHA512
265e031f123b7d31946ac54c6e677e878f46f589cdd4166371b647b5f1ccf46ff379c9771bfedfdcf535784d60150aeb7404cf6c91871263d7a6d610645cf69c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5963.exe

Filesize
468KB

MD5
886f23b715064b3cd4110782c7e331f1

SHA1
373d7f769b4ccca90e0e2f850d7e240f9ebc69c0

SHA256
cdab43455173636d3850575b9432e826a70012d27ac7b128d3f6f0dff9ea61da

SHA512
92fa1baa0b3ab637f3c861cb5326579a7f6c01250de41ce931512de51956f8ed526e1f2cfc5786632b177f6325a546a7e5af20e3b2c4cd8713d9baeb6c97ec9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60725.exe

Filesize
468KB

MD5
5ad40cf9e6977e32812692664c7474e0

SHA1
9bdc2907c0a45744f8b625fea2e20963ed79fb31

SHA256
e3d856f78a2a4c3b7e630bc41cd72067f4116fc05ef212891526f60c71f51d97

SHA512
25344a01b3ea4a0f2f2044e113d8584eaa5027a9cff0f3208d3e16059191ed22893b890dec7164b823a86e354e033898f8b94a87989f89a521cec4cc56456157

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8199.exe

Filesize
468KB

MD5
b59a9aa2161a653dd9c209187b98b429

SHA1
47e7186e3c6d9171ce37906f473c77b15942c2d1

SHA256
b945c99f2cc2c4833290cf64dc1a2bf2bea75990a220ebcf41274a4d0e0b5c7f

SHA512
e5faa41455555ecd0eab0271154c34ac93f896cab1818ed4312f3d9167bd98e1b25dcfedee3d01652a673d428686b0aabd95871d316c17a86fdc96e51276784b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18799.exe

Filesize
468KB

MD5
9b09fc7f28ad7b7c4830a03f716842f3

SHA1
e66cc5ff90baa665481b4de3d62b94dee4d702b6

SHA256
8b072f854e60dcd66565b625b28836b4e87a4633ec40de9a2c90c7a53e04a8a3

SHA512
94382cd77bb0649fbc72c3da1c2b62e718f7211a4e28461956579da072504fc686c60c3b54f8b69b01a2cbcb74001d42ef7e9f586734bdbd2fad66ee5d569937

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25631.exe

Filesize
468KB

MD5
a458820316f8eb54250a8d25d57cd3eb

SHA1
bc0d31cd52c01c0d996952b7ff73628b58e7687f

SHA256
82fb3a6ec29d3d42aca03bbce9040d9303c4555eb3b94d9c3b996093e8aee52d

SHA512
931b27b535ef350d7386ebc8bd421f47324e9eeb06a98fa4c13a7064f31f78a2ae7708021e3f419d552446180a3f136620cc35678bedcd7e49f9488a668a3e69

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27873.exe

Filesize
468KB

MD5
11630881d3329d74191597c6759f838e

SHA1
35821a9360ea4c7790d19e62cb96debaeaf5f0e6

SHA256
d76f9b383a8bc849eeb617128fe5cbd7115f003e2647885f6b1b38a033b4c5d3

SHA512
cd87e9b63725af0b94a3c48e58b7724a995df62e244b1ff5bc415e45179568035b962d483c36fe51e7b49568e58907f9d65be8ef1d901b6bcb96a1a2d3fa3fc2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38245.exe

Filesize
468KB

MD5
da43f78cc80584259c3613430d228662

SHA1
00dafbbf38598e0dd54a31a46465c35082710942

SHA256
4dc9452c21821faa1da75ea61936313223fa8662ebb84af478c8fc0ec6c84254

SHA512
8cc11910bfeace3b9ae73b2ab5c22d736c5d05059a006d82721ae6f80a3a84bb770f3ef00905c7cebdbd1391ecc51bd34f7aee66ab7484aa79e71a5365e7449f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41606.exe

Filesize
468KB

MD5
fed015ca009f1e8e26ddc21df9adf4bb

SHA1
8c4836d91ba66915b41b84daf743c9a3538f3af4

SHA256
54d34f567cdfd3e7986c6e552f53bd11c1cf367b7874ea9dede53dae2f14c5f4

SHA512
b5f6dc5ca303560334c98650c3fcc0f2e22d6bf290885a684f168394d984a4c864e2d052fa80788bff7b4b1125a56801a7ac97f3032b77483bb3b84ab3743e3c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55158.exe

Filesize
468KB

MD5
4ac803a5a716bae589869a056219c14b

SHA1
eba31896ffc6eec54b368691c5168e3970cf9762

SHA256
5e0c8918224b761f331fda61d7f97879c092314d199655b4325021ba7364d0e3

SHA512
117a5efc99196353256828d0d125660873bd88555eaf5dda76c7386f8d766119b142bfe191f79a4532e59d5269fbee4ba2eb12fa604faf02152eb487804ead57

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55795.exe

Filesize
468KB

MD5
ab13605577c82a1a19b1f4a08369074a

SHA1
1d9a1629372ab1e52942434e2f56344317cc1ef0

SHA256
483da80d6cfb56033da3a9227b358466a3c23dae9d69430d7edd0a45f5b30361

SHA512
1cf602a1d576478461916df4eee7d64a940a2f84348adf480494464502cd66c74dc574c5b328d743d57e838f7e0fe072f59bdebf8c0224cbc570c991f8b8a913

Download Submit
memory/236-272-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/392-345-0x0000000001CD0000-0x0000000001D45000-memory.dmp

Filesize
468KB

Download
memory/392-344-0x0000000001CD0000-0x0000000001D45000-memory.dmp

Filesize
468KB

Download
memory/392-198-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/564-263-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/664-152-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/664-245-0x0000000002450000-0x00000000024C5000-memory.dmp

Filesize
468KB

Download
memory/664-249-0x0000000002450000-0x00000000024C5000-memory.dmp

Filesize
468KB

Download
memory/924-413-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/980-231-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/980-381-0x00000000028A0000-0x0000000002915000-memory.dmp

Filesize
468KB

Download
memory/1484-324-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1596-414-0x0000000002880000-0x00000000028F5000-memory.dmp

Filesize
468KB

Download
memory/1596-250-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1768-242-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1768-412-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1832-219-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1832-365-0x0000000002810000-0x0000000002885000-memory.dmp

Filesize
468KB

Download
memory/1888-154-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1888-316-0x0000000002110000-0x0000000002185000-memory.dmp

Filesize
468KB

Download
memory/1888-317-0x0000000002110000-0x0000000002185000-memory.dmp

Filesize
468KB

Download
memory/1936-384-0x00000000024F0000-0x0000000002565000-memory.dmp

Filesize
468KB

Download
memory/1936-220-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1936-388-0x00000000024F0000-0x0000000002565000-memory.dmp

Filesize
468KB

Download
memory/1952-383-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2012-265-0x0000000003180000-0x00000000031F5000-memory.dmp

Filesize
468KB

Download
memory/2012-140-0x0000000003380000-0x00000000033F5000-memory.dmp

Filesize
468KB

Download
memory/2012-142-0x0000000003380000-0x00000000033F5000-memory.dmp

Filesize
468KB

Download
memory/2012-271-0x0000000003180000-0x00000000031F5000-memory.dmp

Filesize
468KB

Download
memory/2016-106-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2016-216-0x0000000002570000-0x00000000025E5000-memory.dmp

Filesize
468KB

Download
memory/2016-214-0x0000000002570000-0x00000000025E5000-memory.dmp

Filesize
468KB

Download
memory/2060-326-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2072-172-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2072-323-0x00000000025C0000-0x0000000002635000-memory.dmp

Filesize
468KB

Download
memory/2072-318-0x00000000025C0000-0x0000000002635000-memory.dmp

Filesize
468KB

Download
memory/2152-315-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2284-126-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2284-237-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2284-241-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2360-113-0x00000000024F0000-0x0000000002565000-memory.dmp

Filesize
468KB

Download
memory/2360-79-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2360-262-0x00000000024F0000-0x0000000002565000-memory.dmp

Filesize
468KB

Download
memory/2360-261-0x00000000024F0000-0x0000000002565000-memory.dmp

Filesize
468KB

Download
memory/2396-171-0x0000000003190000-0x0000000003205000-memory.dmp

Filesize
468KB

Download
memory/2396-319-0x0000000003190000-0x0000000003205000-memory.dmp

Filesize
468KB

Download
memory/2396-169-0x0000000003190000-0x0000000003205000-memory.dmp

Filesize
468KB

Download
memory/2396-34-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2396-415-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2408-225-0x0000000002510000-0x0000000002585000-memory.dmp

Filesize
468KB

Download
memory/2408-229-0x0000000002510000-0x0000000002585000-memory.dmp

Filesize
468KB

Download
memory/2408-399-0x0000000002510000-0x0000000002585000-memory.dmp

Filesize
468KB

Download
memory/2408-400-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2440-321-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2444-279-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2520-175-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2556-359-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2568-346-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2604-401-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2656-204-0x00000000028B0000-0x0000000002925000-memory.dmp

Filesize
468KB

Download
memory/2656-94-0x0000000002AB0000-0x0000000002B25000-memory.dmp

Filesize
468KB

Download
memory/2656-215-0x00000000028B0000-0x0000000002925000-memory.dmp

Filesize
468KB

Download
memory/2656-49-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2764-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2764-320-0x0000000001DA0000-0x0000000001E15000-memory.dmp

Filesize
468KB

Download
memory/2764-173-0x0000000001DA0000-0x0000000001E15000-memory.dmp

Filesize
468KB

Download
memory/2764-389-0x0000000001DA0000-0x0000000001E15000-memory.dmp

Filesize
468KB

Download
memory/2764-377-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2764-170-0x0000000001DA0000-0x0000000001E15000-memory.dmp

Filesize
468KB

Download
memory/2764-20-0x0000000001DA0000-0x0000000001E15000-memory.dmp

Filesize
468KB

Download
memory/2776-372-0x0000000001DA0000-0x0000000001E15000-memory.dmp

Filesize
468KB

Download
memory/2776-132-0x0000000001DA0000-0x0000000001E15000-memory.dmp

Filesize
468KB

Download
memory/2776-322-0x0000000001DA0000-0x0000000001E15000-memory.dmp

Filesize
468KB

Download
memory/2776-128-0x0000000001DA0000-0x0000000001E15000-memory.dmp

Filesize
468KB

Download
memory/2776-360-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2776-11-0x0000000001DA0000-0x0000000001E15000-memory.dmp

Filesize
468KB

Download
memory/2776-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2776-61-0x0000000001DA0000-0x0000000001E15000-memory.dmp

Filesize
468KB

Download
memory/2776-10-0x0000000001DA0000-0x0000000001E15000-memory.dmp

Filesize
468KB

Download
memory/2776-325-0x0000000001DA0000-0x0000000001E15000-memory.dmp

Filesize
468KB

Download
memory/2784-327-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2808-278-0x0000000002970000-0x00000000029E5000-memory.dmp

Filesize
468KB

Download
memory/2808-274-0x0000000002970000-0x00000000029E5000-memory.dmp

Filesize
468KB

Download
memory/2896-375-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2916-390-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3016-95-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3016-357-0x0000000002730000-0x00000000027A5000-memory.dmp

Filesize
468KB

Download
memory/3016-354-0x0000000002730000-0x00000000027A5000-memory.dmp

Filesize
468KB

Download
memory/3016-194-0x0000000002730000-0x00000000027A5000-memory.dmp

Filesize
468KB

Download
memory/3016-193-0x0000000002730000-0x00000000027A5000-memory.dmp

Filesize
468KB

Download
memory/3036-366-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3052-80-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3052-144-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/3052-143-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/3052-313-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/3052-314-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download