61ba2e9c117bdfa371b925ad13c66a567d088a21e99f7e724fd63fb026eb52f7

Analysis

max time kernel
120s
max time network
18s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01/10/2024, 14:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

61ba2e9c117bdfa371b925ad13c66a567d088a21e99f7e724fd63fb026eb52f7N.exe
Size

468KB
MD5

f59fd58c5ab407668f8d31d7bb52e770
SHA1

3d407d621de9f05c762b346d8e68038f473bb377
SHA256

61ba2e9c117bdfa371b925ad13c66a567d088a21e99f7e724fd63fb026eb52f7
SHA512

4e4458f3cf4604b68c307dde8b7bcd191440afda6eb75726415c4dc39342ec4e1b9dc6589e32db7d1a1e8614f18b1391a65941e67bda9c0199f56b0048a946b0
SSDEEP

3072:aJACo3lwIx3YtbYgPzcYNfT/rChSxIpQnMHcOVQJNijL+wrySBeY:aJ1oRZYt7P4YNfp0SVNinnryS

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3040	Unicorn-21046.exe
2548	Unicorn-61346.exe
2520	Unicorn-3422.exe
2828	Unicorn-39468.exe
2748	Unicorn-4557.exe
2908	Unicorn-7542.exe
2856	Unicorn-23324.exe
2648	Unicorn-2745.exe
2228	Unicorn-56777.exe
1644	Unicorn-33232.exe
1132	Unicorn-32678.exe
1444	Unicorn-49014.exe
1764	Unicorn-30823.exe
1260	Unicorn-36954.exe
272	Unicorn-36689.exe
2936	Unicorn-51427.exe
2940	Unicorn-35645.exe
2212	Unicorn-48303.exe
2192	Unicorn-58509.exe
3024	Unicorn-31775.exe
632	Unicorn-56279.exe
1000	Unicorn-36413.exe
2116	Unicorn-52750.exe
1792	Unicorn-7078.exe
896	Unicorn-61058.exe
1684	Unicorn-52393.exe
1288	Unicorn-61323.exe
700	Unicorn-12122.exe
2332	Unicorn-59277.exe
2488	Unicorn-17145.exe
1732	Unicorn-51640.exe
2316	Unicorn-6523.exe
2464	Unicorn-393.exe
2128	Unicorn-19714.exe
2536	Unicorn-64084.exe
2524	Unicorn-14618.exe
2076	Unicorn-14883.exe
3012	Unicorn-19138.exe
2492	Unicorn-55532.exe
2704	Unicorn-60171.exe
2768	Unicorn-15054.exe
2776	Unicorn-48324.exe
2772	Unicorn-1161.exe
2312	Unicorn-45117.exe
992	Unicorn-3706.exe
2824	Unicorn-12636.exe
1940	Unicorn-33611.exe
2888	Unicorn-61261.exe
1396	Unicorn-57177.exe
1604	Unicorn-28951.exe
1308	Unicorn-42687.exe
1612	Unicorn-61453.exe
1672	Unicorn-24505.exe
2268	Unicorn-26542.exe
2984	Unicorn-41031.exe
580	Unicorn-58884.exe
236	Unicorn-9128.exe
2972	Unicorn-9128.exe
1776	Unicorn-50908.exe
1688	Unicorn-21307.exe
2092	Unicorn-18065.exe
852	Unicorn-22703.exe
696	Unicorn-23410.exe
556	Unicorn-14727.exe

Loads dropped DLL 64 IoCs

pid	Process
1620	61ba2e9c117bdfa371b925ad13c66a567d088a21e99f7e724fd63fb026eb52f7N.exe
1620	61ba2e9c117bdfa371b925ad13c66a567d088a21e99f7e724fd63fb026eb52f7N.exe
1620	61ba2e9c117bdfa371b925ad13c66a567d088a21e99f7e724fd63fb026eb52f7N.exe
3040	Unicorn-21046.exe
1620	61ba2e9c117bdfa371b925ad13c66a567d088a21e99f7e724fd63fb026eb52f7N.exe
3040	Unicorn-21046.exe
2548	Unicorn-61346.exe
2548	Unicorn-61346.exe
1620	61ba2e9c117bdfa371b925ad13c66a567d088a21e99f7e724fd63fb026eb52f7N.exe
1620	61ba2e9c117bdfa371b925ad13c66a567d088a21e99f7e724fd63fb026eb52f7N.exe
3040	Unicorn-21046.exe
3040	Unicorn-21046.exe
2520	Unicorn-3422.exe
2520	Unicorn-3422.exe
2828	Unicorn-39468.exe
2828	Unicorn-39468.exe
2548	Unicorn-61346.exe
2548	Unicorn-61346.exe
2856	Unicorn-23324.exe
2856	Unicorn-23324.exe
2520	Unicorn-3422.exe
2748	Unicorn-4557.exe
2520	Unicorn-3422.exe
2748	Unicorn-4557.exe
3040	Unicorn-21046.exe
1620	61ba2e9c117bdfa371b925ad13c66a567d088a21e99f7e724fd63fb026eb52f7N.exe
3040	Unicorn-21046.exe
1620	61ba2e9c117bdfa371b925ad13c66a567d088a21e99f7e724fd63fb026eb52f7N.exe
2908	Unicorn-7542.exe
2908	Unicorn-7542.exe
2648	Unicorn-2745.exe
2648	Unicorn-2745.exe
2828	Unicorn-39468.exe
2828	Unicorn-39468.exe
2228	Unicorn-56777.exe
2228	Unicorn-56777.exe
2548	Unicorn-61346.exe
2548	Unicorn-61346.exe
1260	Unicorn-36954.exe
1260	Unicorn-36954.exe
2908	Unicorn-7542.exe
1444	Unicorn-49014.exe
2908	Unicorn-7542.exe
1444	Unicorn-49014.exe
2748	Unicorn-4557.exe
2748	Unicorn-4557.exe
272	Unicorn-36689.exe
272	Unicorn-36689.exe
3040	Unicorn-21046.exe
1644	Unicorn-33232.exe
1620	61ba2e9c117bdfa371b925ad13c66a567d088a21e99f7e724fd63fb026eb52f7N.exe
3040	Unicorn-21046.exe
1644	Unicorn-33232.exe
1620	61ba2e9c117bdfa371b925ad13c66a567d088a21e99f7e724fd63fb026eb52f7N.exe
2520	Unicorn-3422.exe
1132	Unicorn-32678.exe
2520	Unicorn-3422.exe
1132	Unicorn-32678.exe
2856	Unicorn-23324.exe
2856	Unicorn-23324.exe
2940	Unicorn-35645.exe
2940	Unicorn-35645.exe
2828	Unicorn-39468.exe
2936	Unicorn-51427.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1828	2984	WerFault.exe	85

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10436.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61364.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58214.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59293.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11733.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63150.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32226.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46750.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39468.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36413.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14618.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59293.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38176.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36310.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44479.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11124.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22879.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24505.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55542.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19875.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58333.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17960.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46750.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50908.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44790.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58214.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59293.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1573.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6543.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1924.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58884.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12096.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55242.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62849.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19818.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46487.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50628.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26123.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10258.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42730.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25848.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43659.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22140.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51079.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24058.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36310.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45962.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50198.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54513.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59293.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24058.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54015.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54712.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30823.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45330.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58214.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55532.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60933.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42181.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9588.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15208.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22740.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15208.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13427.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1620	61ba2e9c117bdfa371b925ad13c66a567d088a21e99f7e724fd63fb026eb52f7N.exe
3040	Unicorn-21046.exe
2548	Unicorn-61346.exe
2520	Unicorn-3422.exe
2828	Unicorn-39468.exe
2856	Unicorn-23324.exe
2908	Unicorn-7542.exe
2748	Unicorn-4557.exe
2648	Unicorn-2745.exe
2228	Unicorn-56777.exe
1644	Unicorn-33232.exe
1132	Unicorn-32678.exe
1444	Unicorn-49014.exe
1764	Unicorn-30823.exe
1260	Unicorn-36954.exe
272	Unicorn-36689.exe
2940	Unicorn-35645.exe
2936	Unicorn-51427.exe
2192	Unicorn-58509.exe
2212	Unicorn-48303.exe
3024	Unicorn-31775.exe
632	Unicorn-56279.exe
1000	Unicorn-36413.exe
2116	Unicorn-52750.exe
1792	Unicorn-7078.exe
896	Unicorn-61058.exe
1684	Unicorn-52393.exe
1288	Unicorn-61323.exe
2332	Unicorn-59277.exe
700	Unicorn-12122.exe
2488	Unicorn-17145.exe
1732	Unicorn-51640.exe
2316	Unicorn-6523.exe
2464	Unicorn-393.exe
2128	Unicorn-19714.exe
2536	Unicorn-64084.exe
2076	Unicorn-14883.exe
2524	Unicorn-14618.exe
3012	Unicorn-19138.exe
2492	Unicorn-55532.exe
2704	Unicorn-60171.exe
2768	Unicorn-15054.exe
2776	Unicorn-48324.exe
2772	Unicorn-1161.exe
2312	Unicorn-45117.exe
992	Unicorn-3706.exe
2824	Unicorn-12636.exe
1940	Unicorn-33611.exe
2888	Unicorn-61261.exe
1396	Unicorn-57177.exe
1308	Unicorn-42687.exe
1604	Unicorn-28951.exe
1612	Unicorn-61453.exe
1672	Unicorn-24505.exe
2268	Unicorn-26542.exe
580	Unicorn-58884.exe
2984	Unicorn-41031.exe
236	Unicorn-9128.exe
2972	Unicorn-9128.exe
1776	Unicorn-50908.exe
1688	Unicorn-21307.exe
852	Unicorn-22703.exe
2092	Unicorn-18065.exe
696	Unicorn-23410.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1620 wrote to memory of 3040	1620	61ba2e9c117bdfa371b925ad13c66a567d088a21e99f7e724fd63fb026eb52f7N.exe	30
PID 1620 wrote to memory of 3040	1620	61ba2e9c117bdfa371b925ad13c66a567d088a21e99f7e724fd63fb026eb52f7N.exe	30
PID 1620 wrote to memory of 3040	1620	61ba2e9c117bdfa371b925ad13c66a567d088a21e99f7e724fd63fb026eb52f7N.exe	30
PID 1620 wrote to memory of 3040	1620	61ba2e9c117bdfa371b925ad13c66a567d088a21e99f7e724fd63fb026eb52f7N.exe	30
PID 1620 wrote to memory of 2548	1620	61ba2e9c117bdfa371b925ad13c66a567d088a21e99f7e724fd63fb026eb52f7N.exe	32
PID 1620 wrote to memory of 2548	1620	61ba2e9c117bdfa371b925ad13c66a567d088a21e99f7e724fd63fb026eb52f7N.exe	32
PID 1620 wrote to memory of 2548	1620	61ba2e9c117bdfa371b925ad13c66a567d088a21e99f7e724fd63fb026eb52f7N.exe	32
PID 1620 wrote to memory of 2548	1620	61ba2e9c117bdfa371b925ad13c66a567d088a21e99f7e724fd63fb026eb52f7N.exe	32
PID 3040 wrote to memory of 2520	3040	Unicorn-21046.exe	33
PID 3040 wrote to memory of 2520	3040	Unicorn-21046.exe	33
PID 3040 wrote to memory of 2520	3040	Unicorn-21046.exe	33
PID 3040 wrote to memory of 2520	3040	Unicorn-21046.exe	33
PID 2548 wrote to memory of 2828	2548	Unicorn-61346.exe	34
PID 2548 wrote to memory of 2828	2548	Unicorn-61346.exe	34
PID 2548 wrote to memory of 2828	2548	Unicorn-61346.exe	34
PID 2548 wrote to memory of 2828	2548	Unicorn-61346.exe	34
PID 1620 wrote to memory of 2748	1620	61ba2e9c117bdfa371b925ad13c66a567d088a21e99f7e724fd63fb026eb52f7N.exe	35
PID 1620 wrote to memory of 2748	1620	61ba2e9c117bdfa371b925ad13c66a567d088a21e99f7e724fd63fb026eb52f7N.exe	35
PID 1620 wrote to memory of 2748	1620	61ba2e9c117bdfa371b925ad13c66a567d088a21e99f7e724fd63fb026eb52f7N.exe	35
PID 1620 wrote to memory of 2748	1620	61ba2e9c117bdfa371b925ad13c66a567d088a21e99f7e724fd63fb026eb52f7N.exe	35
PID 3040 wrote to memory of 2908	3040	Unicorn-21046.exe	36
PID 3040 wrote to memory of 2908	3040	Unicorn-21046.exe	36
PID 3040 wrote to memory of 2908	3040	Unicorn-21046.exe	36
PID 3040 wrote to memory of 2908	3040	Unicorn-21046.exe	36
PID 2520 wrote to memory of 2856	2520	Unicorn-3422.exe	37
PID 2520 wrote to memory of 2856	2520	Unicorn-3422.exe	37
PID 2520 wrote to memory of 2856	2520	Unicorn-3422.exe	37
PID 2520 wrote to memory of 2856	2520	Unicorn-3422.exe	37
PID 2828 wrote to memory of 2648	2828	Unicorn-39468.exe	38
PID 2828 wrote to memory of 2648	2828	Unicorn-39468.exe	38
PID 2828 wrote to memory of 2648	2828	Unicorn-39468.exe	38
PID 2828 wrote to memory of 2648	2828	Unicorn-39468.exe	38
PID 2548 wrote to memory of 2228	2548	Unicorn-61346.exe	39
PID 2548 wrote to memory of 2228	2548	Unicorn-61346.exe	39
PID 2548 wrote to memory of 2228	2548	Unicorn-61346.exe	39
PID 2548 wrote to memory of 2228	2548	Unicorn-61346.exe	39
PID 2856 wrote to memory of 1132	2856	Unicorn-23324.exe	40
PID 2856 wrote to memory of 1132	2856	Unicorn-23324.exe	40
PID 2856 wrote to memory of 1132	2856	Unicorn-23324.exe	40
PID 2856 wrote to memory of 1132	2856	Unicorn-23324.exe	40
PID 2520 wrote to memory of 1644	2520	Unicorn-3422.exe	41
PID 2520 wrote to memory of 1644	2520	Unicorn-3422.exe	41
PID 2520 wrote to memory of 1644	2520	Unicorn-3422.exe	41
PID 2520 wrote to memory of 1644	2520	Unicorn-3422.exe	41
PID 2748 wrote to memory of 1444	2748	Unicorn-4557.exe	42
PID 2748 wrote to memory of 1444	2748	Unicorn-4557.exe	42
PID 2748 wrote to memory of 1444	2748	Unicorn-4557.exe	42
PID 2748 wrote to memory of 1444	2748	Unicorn-4557.exe	42
PID 3040 wrote to memory of 1764	3040	Unicorn-21046.exe	43
PID 3040 wrote to memory of 1764	3040	Unicorn-21046.exe	43
PID 3040 wrote to memory of 1764	3040	Unicorn-21046.exe	43
PID 3040 wrote to memory of 1764	3040	Unicorn-21046.exe	43
PID 1620 wrote to memory of 272	1620	61ba2e9c117bdfa371b925ad13c66a567d088a21e99f7e724fd63fb026eb52f7N.exe	44
PID 1620 wrote to memory of 272	1620	61ba2e9c117bdfa371b925ad13c66a567d088a21e99f7e724fd63fb026eb52f7N.exe	44
PID 1620 wrote to memory of 272	1620	61ba2e9c117bdfa371b925ad13c66a567d088a21e99f7e724fd63fb026eb52f7N.exe	44
PID 1620 wrote to memory of 272	1620	61ba2e9c117bdfa371b925ad13c66a567d088a21e99f7e724fd63fb026eb52f7N.exe	44
PID 2908 wrote to memory of 1260	2908	Unicorn-7542.exe	45
PID 2908 wrote to memory of 1260	2908	Unicorn-7542.exe	45
PID 2908 wrote to memory of 1260	2908	Unicorn-7542.exe	45
PID 2908 wrote to memory of 1260	2908	Unicorn-7542.exe	45
PID 2648 wrote to memory of 2936	2648	Unicorn-2745.exe	46
PID 2648 wrote to memory of 2936	2648	Unicorn-2745.exe	46
PID 2648 wrote to memory of 2936	2648	Unicorn-2745.exe	46
PID 2648 wrote to memory of 2936	2648	Unicorn-2745.exe	46

C:\Users\Admin\AppData\Local\Temp\61ba2e9c117bdfa371b925ad13c66a567d088a21e99f7e724fd63fb026eb52f7N.exe
"C:\Users\Admin\AppData\Local\Temp\61ba2e9c117bdfa371b925ad13c66a567d088a21e99f7e724fd63fb026eb52f7N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1620
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21046.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21046.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3422.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3422.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23324.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23324.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32678.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12122.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61261.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53472.exe
        8⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25848.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45962.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39713.exe
        9⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54712.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9922.exe
        8⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58214.exe
        8⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23377.exe
        8⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        8⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5786.exe
        7⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38854.exe
        8⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30903.exe
        8⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17511.exe
        8⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63377.exe
        8⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63211.exe
        7⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51827.exe
        7⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26963.exe
        7⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38176.exe
        7⤵
        
        PID:7056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28951.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20857.exe
        7⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21837.exe
        8⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17511.exe
        8⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58333.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45330.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42388.exe
        7⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12537.exe
        7⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27569.exe
        7⤵
        
        PID:6600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10258.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54262.exe
        6⤵
        
        PID:3788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59629.exe
        6⤵
        
        PID:4928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63410.exe
        6⤵
        
        PID:6300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17145.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61453.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42730.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47821.exe
        7⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9343.exe
        7⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59293.exe
        7⤵
        
        PID:6232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15464.exe
        6⤵
        
        PID:1420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61364.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19292.exe
        6⤵
        
        PID:5156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        6⤵
        
        PID:5740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26542.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54982.exe
        6⤵
        
        PID:1840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55993.exe
        6⤵
        
        PID:3936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19292.exe
        6⤵
        
        PID:5020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58727.exe
        6⤵
        
        PID:7052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47509.exe
        5⤵
        
        PID:2056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58564.exe
        5⤵
        
        PID:3148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59629.exe
        5⤵
        
        PID:4432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50198.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33232.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61323.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9128.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53124.exe
        7⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-992.exe
        8⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27149.exe
        8⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28923.exe
        8⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17539.exe
        7⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50504.exe
        7⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4502.exe
        7⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40551.exe
        7⤵
        
        PID:6508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28645.exe
        6⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49632.exe
        7⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48915.exe
        7⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46750.exe
        7⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54328.exe
        7⤵
        
        PID:5672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36486.exe
        6⤵
        
        PID:3636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51827.exe
        6⤵
        
        PID:4368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14711.exe
        6⤵
        
        PID:4600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34092.exe
        6⤵
        
        PID:5720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50908.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49445.exe
        6⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64152.exe
        7⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64653.exe
        7⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57512.exe
        7⤵
        
        PID:7164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4681.exe
        6⤵
        
        PID:3920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57659.exe
        6⤵
        
        PID:4900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46750.exe
        6⤵
        
        PID:5828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54328.exe
        6⤵
        
        PID:5716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2282.exe
        5⤵
        
        PID:884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50196.exe
        6⤵
        
        PID:5748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29277.exe
        6⤵
        
        PID:6388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1884.exe
        5⤵
        
        PID:3588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24730.exe
        5⤵
        
        PID:5664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53187.exe
        5⤵
        
        PID:6540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59277.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59277.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9128.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48511.exe
        6⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20468.exe
        7⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44479.exe
        7⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17511.exe
        7⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59293.exe
        7⤵
        
        PID:6152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46487.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58214.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45350.exe
        6⤵
        
        PID:6028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36121.exe
        6⤵
        
        PID:6640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28645.exe
        5⤵
        
        PID:2456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8983.exe
        6⤵
        
        PID:3268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48915.exe
        6⤵
        
        PID:4236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46750.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54328.exe
        6⤵
        
        PID:6988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36294.exe
        5⤵
        
        PID:3544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55911.exe
        5⤵
        
        PID:4112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10627.exe
        5⤵
        
        PID:5208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34092.exe
        5⤵
        
        PID:6172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21307.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21307.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53124.exe
        5⤵
        
        PID:2956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24410.exe
        6⤵
        
        PID:4996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23829.exe
        6⤵
        
        PID:6396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36680.exe
        6⤵
        
        PID:6360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37960.exe
        5⤵
        
        PID:3720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50504.exe
        5⤵
        
        PID:4788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46808.exe
        5⤵
        
        PID:5616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54513.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47749.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47749.exe
      4⤵
      PID:2248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25128.exe
        5⤵
        
        PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48915.exe
        5⤵
        
        PID:4156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46750.exe
        5⤵
        
        PID:5812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54328.exe
        5⤵
        
        PID:7064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40502.exe
      4⤵
      PID:3340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43692.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43692.exe
      4⤵
      PID:4248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55163.exe
      4⤵
      PID:4908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36544.exe
      4⤵
      PID:6280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7542.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7542.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36954.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31775.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55532.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-249.exe
        7⤵
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62849.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47821.exe
        8⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9343.exe
        8⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58333.exe
        8⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18780.exe
        7⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61556.exe
        7⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19292.exe
        7⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49668.exe
        7⤵
        
        PID:6936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24924.exe
        6⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10436.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24058.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13427.exe
        7⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62417.exe
        7⤵
        
        PID:6660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18997.exe
        6⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1957.exe
        7⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65229.exe
        7⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53428.exe
        7⤵
        
        PID:5684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1692.exe
        6⤵
        
        PID:3252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6543.exe
        6⤵
        
        PID:2408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33132.exe
        6⤵
        
        PID:6784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60171.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44790.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29788.exe
        7⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48915.exe
        7⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46750.exe
        7⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26123.exe
        7⤵
        
        PID:6260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5262.exe
        6⤵
        
        PID:3112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45962.exe
        6⤵
        
        PID:4212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23377.exe
        6⤵
        
        PID:4648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        6⤵
        
        PID:5940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55188.exe
        5⤵
        
        PID:1476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8599.exe
        6⤵
        
        PID:3508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36310.exe
        6⤵
        
        PID:3308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13427.exe
        6⤵
        
        PID:4592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58333.exe
        6⤵
        
        PID:6896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-166.exe
        5⤵
        
        PID:3384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5075.exe
        5⤵
        
        PID:5012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38615.exe
        5⤵
        
        PID:5840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12907.exe
        5⤵
        
        PID:7008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36413.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36413.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48324.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34951.exe
        6⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60213.exe
        7⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48915.exe
        7⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46750.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54328.exe
        7⤵
        
        PID:7044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42018.exe
        6⤵
        
        PID:3372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50046.exe
        6⤵
        
        PID:4136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15208.exe
        6⤵
        
        PID:4952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49668.exe
        6⤵
        
        PID:6800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55542.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61863.exe
        6⤵
        
        PID:3060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24410.exe
        6⤵
        
        PID:4980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59002.exe
        6⤵
        
        PID:6016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59481.exe
        6⤵
        
        PID:6760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60933.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19154.exe
        5⤵
        
        PID:3328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6543.exe
        5⤵
        
        PID:4344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33132.exe
        5⤵
        
        PID:6832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1161.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44598.exe
        5⤵
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34583.exe
        6⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13254.exe
        7⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11944.exe
        7⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53428.exe
        7⤵
        
        PID:6160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60073.exe
        6⤵
        
        PID:3748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13427.exe
        6⤵
        
        PID:4580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59293.exe
        6⤵
        
        PID:5892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25106.exe
        5⤵
        
        PID:2504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54780.exe
        5⤵
        
        PID:5112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38084.exe
        5⤵
        
        PID:5924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9588.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47841.exe
      4⤵
      PID:2996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34583.exe
        5⤵
        
        PID:2840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44479.exe
        5⤵
        
        PID:4560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17511.exe
        5⤵
        
        PID:4576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14176.exe
        5⤵
        
        PID:6412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7261.exe
      4⤵
      PID:1664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26626.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26626.exe
      4⤵
      PID:4260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11157.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11157.exe
      4⤵
      PID:4948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29627.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29627.exe
      4⤵
      PID:6184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30823.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30823.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15054.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15054.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48106.exe
        5⤵
        
        PID:2736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8983.exe
        6⤵
        
        PID:3280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32226.exe
        6⤵
        
        PID:4296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49931.exe
        6⤵
        
        PID:5676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19614.exe
        6⤵
        
        PID:6332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61863.exe
        5⤵
        
        PID:584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50046.exe
        5⤵
        
        PID:3812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45350.exe
        5⤵
        
        PID:6000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40205.exe
        5⤵
        
        PID:7004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30875.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30875.exe
      4⤵
      PID:1112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44780.exe
        5⤵
        
        PID:2336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48915.exe
        5⤵
        
        PID:4204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46750.exe
        5⤵
        
        PID:5884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26123.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11458.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11458.exe
      4⤵
      PID:2344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34993.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34993.exe
      4⤵
      PID:3808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59629.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59629.exe
      4⤵
      PID:4880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55242.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55242.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61058.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61058.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45117.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44790.exe
        5⤵
        
        PID:1364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3617.exe
        6⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46154.exe
        7⤵
        
        PID:6608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18137.exe
        6⤵
        
        PID:3188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13427.exe
        6⤵
        
        PID:5052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59293.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13217.exe
        5⤵
        
        PID:2904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40041.exe
        5⤵
        
        PID:3400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11124.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        5⤵
        
        PID:5764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41452.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41452.exe
      4⤵
      PID:1888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62268.exe
        5⤵
        
        PID:3232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1573.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65229.exe
        6⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8311.exe
        6⤵
        
        PID:6404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51495.exe
        5⤵
        
        PID:3856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13427.exe
        5⤵
        
        PID:4848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10092.exe
        5⤵
        
        PID:6436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59838.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59838.exe
      4⤵
      PID:3392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55911.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55911.exe
      4⤵
      PID:4100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6543.exe
      4⤵
      PID:2112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33132.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33132.exe
      4⤵
      PID:6856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3706.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3706.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28641.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28641.exe
      4⤵
      PID:2436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47821.exe
      4⤵
      PID:3652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54015.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54015.exe
      4⤵
      PID:5952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3367.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3367.exe
    3⤵
    PID:1520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59286.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59286.exe
    3⤵
    PID:3564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55163.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55163.exe
    3⤵
    PID:4864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24292.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24292.exe
    3⤵
    PID:6216
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61346.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61346.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39468.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39468.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2745.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51427.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6523.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23410.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13591.exe
        8⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11417.exe
        9⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30903.exe
        9⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37356.exe
        9⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59293.exe
        9⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34099.exe
        8⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50046.exe
        8⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31545.exe
        8⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54712.exe
        8⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62963.exe
        7⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7525.exe
        8⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30903.exe
        8⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25103.exe
        8⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63377.exe
        8⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31991.exe
        7⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43659.exe
        7⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10627.exe
        7⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33132.exe
        7⤵
        
        PID:6944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14727.exe
        6⤵
        Executes dropped EXE
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21023.exe
        7⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43326.exe
        7⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13427.exe
        7⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1924.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11924.exe
        6⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1957.exe
        7⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20112.exe
        7⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52468.exe
        7⤵
        
        PID:6924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1692.exe
        6⤵
        
        PID:3244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6543.exe
        6⤵
        
        PID:2392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33132.exe
        6⤵
        
        PID:6724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19714.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62797.exe
        6⤵
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28833.exe
        7⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47821.exe
        7⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13427.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58333.exe
        7⤵
        
        PID:6692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30347.exe
        6⤵
        
        PID:2628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61556.exe
        6⤵
        
        PID:3540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15208.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49668.exe
        6⤵
        
        PID:6744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45292.exe
        5⤵
        
        PID:1408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54235.exe
        6⤵
        
        PID:2348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44479.exe
        6⤵
        
        PID:4552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13427.exe
        6⤵
        
        PID:5172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14176.exe
        6⤵
        
        PID:6336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14281.exe
        5⤵
        
        PID:1564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30541.exe
        6⤵
        
        PID:5044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31233.exe
        6⤵
        
        PID:5956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28923.exe
        6⤵
        
        PID:6208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34993.exe
        5⤵
        
        PID:3452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55545.exe
        5⤵
        
        PID:4936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50198.exe
        5⤵
        
        PID:6808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35645.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35645.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51640.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18065.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8386.exe
        7⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42257.exe
        8⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54015.exe
        8⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22740.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33847.exe
        7⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58333.exe
        7⤵
        
        PID:6916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10249.exe
        6⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-431.exe
        7⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44479.exe
        7⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17511.exe
        7⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14176.exe
        7⤵
        
        PID:6472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56906.exe
        6⤵
        
        PID:3708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55911.exe
        6⤵
        
        PID:3900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10627.exe
        6⤵
        
        PID:5200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33132.exe
        6⤵
        
        PID:6904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22703.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38091.exe
        6⤵
        
        PID:1272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36310.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9343.exe
        6⤵
        
        PID:2280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58333.exe
        6⤵
        
        PID:6824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7456.exe
        5⤵
        
        PID:2724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55911.exe
        5⤵
        
        PID:4164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31047.exe
        5⤵
        
        PID:5344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38176.exe
        5⤵
        
        PID:7128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-393.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-393.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11733.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4302.exe
        6⤵
        
        PID:2812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54780.exe
        6⤵
        
        PID:3904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38084.exe
        6⤵
        
        PID:5852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9588.exe
        6⤵
        
        PID:6980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63150.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37794.exe
        5⤵
        
        PID:3824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19292.exe
        5⤵
        
        PID:5148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1427.exe
        5⤵
        
        PID:6444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23913.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23913.exe
      4⤵
      PID:2848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20276.exe
        5⤵
        
        PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44479.exe
        5⤵
        
        PID:4512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13427.exe
        5⤵
        
        PID:4752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59293.exe
        5⤵
        
        PID:7100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42181.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42181.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22140.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29336.exe
      4⤵
      PID:6004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27992.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27992.exe
      4⤵
      PID:7076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56777.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56777.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48303.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48303.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14883.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44598.exe
        6⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37961.exe
        7⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47821.exe
        7⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49931.exe
        7⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56741.exe
        7⤵
        
        PID:6628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39776.exe
        6⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57027.exe
        7⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43924.exe
        7⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40885.exe
        7⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34789.exe
        7⤵
        
        PID:6880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61556.exe
        6⤵
        
        PID:3528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19292.exe
        6⤵
        
        PID:4644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34291.exe
        6⤵
        
        PID:6972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12096.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47774.exe
        6⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10244.exe
        7⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24058.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29511.exe
        7⤵
        
        PID:5744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23243.exe
        6⤵
        
        PID:3956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54780.exe
        6⤵
        
        PID:3184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38084.exe
        6⤵
        
        PID:5876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9588.exe
        6⤵
        
        PID:6932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62064.exe
        5⤵
        
        PID:484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1692.exe
        5⤵
        
        PID:3212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10627.exe
        5⤵
        
        PID:4684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34092.exe
        5⤵
        
        PID:5712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19138.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19138.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39035.exe
        5⤵
        
        PID:2960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26415.exe
        6⤵
        
        PID:980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44479.exe
        6⤵
        
        PID:4520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13427.exe
        6⤵
        
        PID:4784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59293.exe
        6⤵
        
        PID:6268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28313.exe
        5⤵
        
        PID:2016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58214.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23377.exe
        5⤵
        
        PID:4632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36605.exe
      4⤵
      PID:1696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14546.exe
        5⤵
        
        PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36310.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13427.exe
        5⤵
        
        PID:4708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58333.exe
        5⤵
        
        PID:6864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26150.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26150.exe
      4⤵
      PID:2652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47246.exe
      4⤵
      PID:3320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10428.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10428.exe
      4⤵
      PID:5360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55242.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55242.exe
      4⤵
      PID:7024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58509.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58509.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64084.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27110.exe
        5⤵
        
        PID:2052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62403.exe
        6⤵
        
        PID:2244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48915.exe
        6⤵
        
        PID:4220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46750.exe
        6⤵
        
        PID:5932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13871.exe
        6⤵
        
        PID:6528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56134.exe
        5⤵
        
        PID:2500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30276.exe
        5⤵
        
        PID:4964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38084.exe
        5⤵
        
        PID:5908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9588.exe
        5⤵
        
        PID:6544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52169.exe
      4⤵
      PID:2144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47774.exe
        5⤵
        
        PID:2308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47629.exe
        5⤵
        
        PID:3208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13427.exe
        5⤵
        
        PID:5164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59293.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1763.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1763.exe
      4⤵
      PID:1484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54262.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54262.exe
      4⤵
      PID:3744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63713.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63713.exe
      4⤵
      PID:4844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54282.exe
      4⤵
      PID:6676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14618.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14618.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51422.exe
      4⤵
      PID:2196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57094.exe
        5⤵
        
        PID:2660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5885.exe
        5⤵
        
        PID:3948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54015.exe
        5⤵
        
        PID:5180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48573.exe
        5⤵
        
        PID:6572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4172.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4172.exe
      4⤵
      PID:2012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57062.exe
      4⤵
      PID:3436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11124.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11124.exe
      4⤵
      PID:4424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
      4⤵
      PID:6224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22263.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22263.exe
    3⤵
    PID:804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28641.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28641.exe
      4⤵
      PID:2988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47821.exe
      4⤵
      PID:3624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9343.exe
      4⤵
      PID:2992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58333.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58333.exe
      4⤵
      PID:6752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58681.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58681.exe
    3⤵
    PID:320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59286.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59286.exe
    3⤵
    PID:3484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51079.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51079.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23332.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23332.exe
    3⤵
    PID:6884
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4557.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4557.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49014.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49014.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56279.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56279.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12636.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20115.exe
        6⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52071.exe
        7⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44479.exe
        7⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13427.exe
        7⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59293.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-218.exe
        6⤵
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45962.exe
        6⤵
        
        PID:4188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15208.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49668.exe
        6⤵
        
        PID:6704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33606.exe
        5⤵
        
        PID:2836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40758.exe
        6⤵
        
        PID:1728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65283.exe
        6⤵
        
        PID:4612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17511.exe
        6⤵
        
        PID:4692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10092.exe
        6⤵
        
        PID:6448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2256.exe
        5⤵
        
        PID:444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45906.exe
        5⤵
        
        PID:3380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6543.exe
        5⤵
        
        PID:4872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33132.exe
        5⤵
        
        PID:6792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33611.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12439.exe
        5⤵
        
        PID:2656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23841.exe
        6⤵
        
        PID:4016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32226.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17511.exe
        6⤵
        
        PID:4628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6008.exe
        6⤵
        
        PID:6292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24971.exe
        5⤵
        
        PID:3124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50046.exe
        5⤵
        
        PID:3476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5717.exe
        5⤵
        
        PID:5784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33907.exe
        5⤵
        
        PID:7016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28073.exe
      4⤵
      PID:1908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11417.exe
        5⤵
        
        PID:3616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30903.exe
        5⤵
        
        PID:4776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49608.exe
        5⤵
        
        PID:5600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59293.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19875.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19875.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47246.exe
      4⤵
      PID:4144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63713.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63713.exe
      4⤵
      PID:4568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51158.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51158.exe
      4⤵
      PID:7120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52750.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52750.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57177.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57177.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30674.exe
        5⤵
        
        PID:1372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23862.exe
        6⤵
        
        PID:3796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30903.exe
        6⤵
        
        PID:4764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29763.exe
        6⤵
        
        PID:5400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63377.exe
        6⤵
        
        PID:7144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39584.exe
        5⤵
        
        PID:3300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
        5⤵
        
        PID:4404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22879.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38176.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55350.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55350.exe
      4⤵
      PID:1312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52237.exe
        5⤵
        
        PID:3084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36310.exe
        5⤵
        
        PID:4120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13427.exe
        5⤵
        
        PID:4824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53538.exe
        5⤵
        
        PID:6516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48738.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48738.exe
      4⤵
      PID:3664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55911.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55911.exe
      4⤵
      PID:3316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10627.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10627.exe
      4⤵
      PID:5184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37216.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37216.exe
      4⤵
      PID:6648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42687.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42687.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50213.exe
      4⤵
      PID:2976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47821.exe
      4⤵
      PID:3568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55032.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55032.exe
      4⤵
      PID:6576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17960.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17960.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58756.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58756.exe
    3⤵
    PID:3496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59629.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59629.exe
    3⤵
    PID:4744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50198.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50198.exe
    3⤵
    PID:6776
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36689.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36689.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7078.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7078.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24505.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3394.exe
        5⤵
        
        PID:2352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12662.exe
        6⤵
        
        PID:2448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43326.exe
        6⤵
        
        PID:3472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29511.exe
        6⤵
        
        PID:5728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44105.exe
        6⤵
        
        PID:6460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5781.exe
        5⤵
        
        PID:1412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58214.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35629.exe
        5⤵
        
        PID:5392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49668.exe
        5⤵
        
        PID:6840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33414.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33414.exe
      4⤵
      PID:2820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34614.exe
        5⤵
        
        PID:3488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36310.exe
        5⤵
        
        PID:3896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9343.exe
        5⤵
        
        PID:920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58333.exe
        5⤵
        
        PID:6848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38707.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38707.exe
      4⤵
      PID:3144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
      4⤵
      PID:4480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14711.exe
      4⤵
      PID:4668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54513.exe
      4⤵
      PID:6420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58884.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58884.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48511.exe
      4⤵
      PID:2124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-431.exe
        5⤵
        
        PID:3348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48915.exe
        5⤵
        
        PID:4224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46750.exe
        5⤵
        
        PID:5820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54328.exe
        5⤵
        
        PID:7160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43170.exe
      4⤵
      PID:3700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58214.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58214.exe
      4⤵
      PID:4496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19292.exe
      4⤵
      PID:4860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
      4⤵
      PID:6240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42381.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42381.exe
    3⤵
    PID:2368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52071.exe
      4⤵
      PID:2896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44479.exe
      4⤵
      PID:4448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13427.exe
      4⤵
      PID:5132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59293.exe
      4⤵
      PID:5660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19818.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19818.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43162.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43162.exe
    3⤵
    PID:4272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59629.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59629.exe
    3⤵
    PID:4720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51158.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51158.exe
    3⤵
    PID:6200
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52393.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52393.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36600.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36600.exe
    3⤵
    PID:1660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38667.exe
      4⤵
      PID:1196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44479.exe
      4⤵
      PID:4536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13427.exe
      4⤵
      PID:4896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14176.exe
      4⤵
      PID:6464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18421.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18421.exe
    3⤵
    PID:408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43659.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43659.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6543.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6543.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33132.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33132.exe
    3⤵
    PID:6872
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41031.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41031.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2984
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 240
    3⤵
    - Program crash
    PID:1828
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13914.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13914.exe
  2⤵
  PID:2932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60213.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60213.exe
    3⤵
    PID:4044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44479.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44479.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54015.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54015.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52657.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52657.exe
    3⤵
    PID:6656
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36037.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36037.exe
  2⤵
  PID:3364
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20910.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20910.exe
  2⤵
  PID:4196
- C:\Users\Admin\AppData\Local\Temp\Unicorn-744.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-744.exe
  2⤵
  PID:5308
- C:\Users\Admin\AppData\Local\Temp\Unicorn-65333.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-65333.exe
  2⤵
  PID:6956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11924.exe

Filesize
468KB

MD5
02fceabbb6d6cfefbe084aaed37bcfef

SHA1
c4d445ebf8b8029e312b91188903bab49fc0a6c1

SHA256
6722dc9e75f4efeb081fe1ee2ca7ab9b1ee830a76658db4443c81a378187744a

SHA512
b0d0f3270d4b3de5b746bf07194e7340d6ef4e342a1c077360c30222435f8c9de499ee0c43372386e7e6087d42f7657213a09187d509d1552cb1b7f93c326488

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33232.exe

Filesize
468KB

MD5
23103e473b68229dc44bda9240dc0c2b

SHA1
e60be0833f8202f1df293d8929f4f9625387e21a

SHA256
0605da189955781ec6f30a783488bd58f916bd0ddd40c6060476e8e9cdc970c8

SHA512
45267604ade11b4958fa0c3cbafed36f2fd80afe829e263aece95fae67d10575080e17438908a599729f29cda0dd0b4f3eb7e336243f08b7ddfcaf1d4f31715f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36689.exe

Filesize
468KB

MD5
60e0e438c821055ccac7ff961339ec0b

SHA1
04f2273d281a88941f008f6aaf78f54f3d56bc4a

SHA256
2cf039f18d784a6fbf698f664516b56582bccfee5e0cbec67b642578dfe75a34

SHA512
d36948433442281005ef843ab98374913a48d13c776cb8747b078ef6e9560c21c52202932157e183cac8ff0bb2fa7abd48954345bc99302549c2b8297e80034a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4557.exe

Filesize
468KB

MD5
b3bdc924a4dc7735ef3fd0c72f2ec1cd

SHA1
d7c2dab00193365b44b040954863cc0ab7231f93

SHA256
4685162bb7c2a79ee336615f243c2def66d94e50c7e0f2e9b90c6242d264e764

SHA512
8ccc5892ff97822f07d6358721cb60f034dd4dae7b3b401293e3504c5092374385b14967580f2574eaeab79be764e1bcc03100b135d73ecba699ddbba1866100

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47629.exe

Filesize
468KB

MD5
8b465067dd92800bb637a04123d19908

SHA1
f3bdc6c920f02994bdee92f659c82a07e7a6fb51

SHA256
e2bc422620fe6555cc48a70508edd2d49a13cc2f581ffb27c3a3dec2b0497cd0

SHA512
0a60011012c3d449dbc2af7a72ccf2c4e2dc7fed33e6d5a471e2875b2b855254738eb15de5f497c96a5db855a12532b9d503b5b0ce962f2343879dcb0e8e0f61

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49014.exe

Filesize
468KB

MD5
80219c4d016dc36b82c5dbb533c1d989

SHA1
3256f27ebf2beba8500b2b38ec46967c7979748a

SHA256
9a2e98638fcf5b5c24458bc6e16a61cb30db959d63cf5abb2a8c12df29a7f248

SHA512
a3a5fab124b35b5418200e26a65b12be610b5f5286119791b59d8dd5168d6841b90ba4af99051b2d51f4a69ea593cf20359fb07e9a55cc7fc51aa03c06960043

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61346.exe

Filesize
468KB

MD5
7d04d28cd946927c70b8d0ae4c61b171

SHA1
9ccc74406c10875ccbbc0b41ffcc7b0ab741a5aa

SHA256
caac9ea2e967a1e22bb5fc9c431bc6cada499730f98b6069958a2e13d7240c1a

SHA512
a266af9b812b08d543bc3689131e3f9a0ea25b3c390e3cdb3d2572d5959729ed14d23c75e2d530faea6b4aa2fb351692321ba3f951426b21ea7e538b063eb57b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21046.exe

Filesize
468KB

MD5
060923f8a338ca2872944c2d6585d4a9

SHA1
22bb3c5e79c858798084063489cec52626800d4d

SHA256
79bc4fb6b84e46f9a51856defa0b734d3994898c23d11e585db4bf82c074fd49

SHA512
52c20f34936e502baef3d31d660fae5a26953002bee9cbd4781658d382a9d45a987d70035a367b6aed4f287cea55bc787b0b8f1dd2fe2aecf9decf13a73c278b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23324.exe

Filesize
468KB

MD5
24c5a1b5bc9773796ddce0362c08fe54

SHA1
2bd3c35ff71ae7d62da995405ed33c174a13da5c

SHA256
c7e625b8147255fbe3517a2c9e459f1f27b5d271f6ae2571c83963ea7108e3b4

SHA512
46b1291c209811a38896fc869942673e6e8f5e05f15e55d11d8b9a15c0c4d3e437daac56fa68b4b7575404e09ebc6c8620ac41f0d8ee90c91fd34f84c1864435

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2745.exe

Filesize
468KB

MD5
be3f64cad2cadee4c5555497787f1919

SHA1
777bb5136026514b6bd8490e05fa2471d8c6f0ff

SHA256
b934b13eeb214d0cdcf0d456586cab8defa563a610a137ef36df238a51bbe3ec

SHA512
b75efddaff017e4985772ff8fbc7fb9da61148f7fbaecad517479c3ab9c7c829811a868dcf394f0f42e1f74492229313f6ca444527a816a55ca54dd01b675feb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30823.exe

Filesize
468KB

MD5
96692c310c3b274c7358e9e5f7c0a76d

SHA1
1ca88ff769f906702cde4faa86dd99868a3c11e1

SHA256
2861c957e8e7a923ed5b71c157b35a7f3a79150bf9c376737af577f60fa3748f

SHA512
8101c7eaf14f2e71638c0328832a333d5d0031148bc1d8c6a670c993fa53b1dd41c70e1a3f9ec83b66ff7f827bde433f6cffecc96fc0549199ba32670be8e365

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32678.exe

Filesize
468KB

MD5
7b556cec2f50bc05deb6918758a8b442

SHA1
8acb9e74f63a9f199bdb49e8f6440dd0ed6311ee

SHA256
285aed104e69c37bda27f0d6b37eb521f7d1f9fe60e5a590456fe72504f043b8

SHA512
b3d4aa0f0d739245efa707d09a7ff8684c2a3445a231d31013a2982ea66586768b952504faf941ef25346ed1d8822b4a51707f43b817a0e49f61073e46b9a6b3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3422.exe

Filesize
468KB

MD5
131304d7dde32d71ea05915b3a8c525d

SHA1
e0ebf38c48f4dc9cc3aaa8597dfb74cff50685a3

SHA256
d108ddac575400b5e30b9f2fa69786834689871662f39ed09d849be90d849538

SHA512
34c09078de5b42456e09411dd7d760cb8c22272a8ad5e2cf7d7147970f7373f0ab7d4040b034eae9ed4650dc46564614c6d0e8c520aa1315646099722fbd12c8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35645.exe

Filesize
468KB

MD5
1a42b2e1dd69c96d659d7a21a0091e66

SHA1
4aaeb3904292600875cccffa907985b93ade5189

SHA256
079b6a6ac8485bed7e33903f5f8254b29815824c5eb5c8703459d0eb9984bd22

SHA512
5b485e0be3db5319c1fd3e027f2a7e9abb443149cd5e567f7509f2da83f97995aed6417bad1d4f29b8748addf93938794f2a322c7c1fe9a947960ef0a99f8296

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36954.exe

Filesize
468KB

MD5
b4069001f5b2ca5bb5170e32ba3216ab

SHA1
27dfc23ac106be2f76f3a36e9df2b766cf13825c

SHA256
9357575cdfad4257edb7568668f413ba7d12200116a1a27e56e08474160e074d

SHA512
26424c7488836e3a6d78fd1894b457906c0ce186792a9fd4558c0d4b125e6693093e64c972e1481adca48ae5b65fb0508b6ed97abecc9f6ebe1000ccb45e472b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39468.exe

Filesize
468KB

MD5
b6dae4a2e320ea61d48fe9896c49f292

SHA1
1820c48aa900a2c123b278dd6817dfb192ebacc8

SHA256
de4f30495323846586c3c21b40cad7074a9673e0b15dd8b93310681b37761c26

SHA512
26681a1e4dd550397610ca4c29b6ec9289fea365b37e18173800fb991354f2db79c25c37ef69b3d6b5271b624f078406525ea3807bde78ce7733534b2522107c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48303.exe

Filesize
468KB

MD5
e3b2a1e03f5f6d79b929cc58eba2146a

SHA1
b88b8efeb02c71d3c91bd7ce148af4fdabd32937

SHA256
578a8c63ad6fc73811ad44642e706a25dfb61703e30eaccbeb712013b2ad4b91

SHA512
ab7bf29f44f647d52d240aec67c5c00734bf64ddb8ffed3be3c8e6fedf1eaa06c49161ece85bc178ac144d63e9ef83dbcf652fd9f141db126e049043b43aaf3d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51427.exe

Filesize
468KB

MD5
bd869c40826196461e642c039c6ec8f3

SHA1
f8646fb9401d749e9a0e23febe822c61bb8084cd

SHA256
9d1d09f2491a1be5b23fa96339dcb67ba44a6e3956116a6bf65a85271999c1bb

SHA512
9eccc4bd039b8a68cf6674c9d3b136a6f05092b271cb276a10f35b9455e86f6468361b1e3ef6ff8a4dc5e2e777b6f3a2cdaeb3e2d579b12b6623ade0cbe3cc94

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56777.exe

Filesize
468KB

MD5
8668e32e58cfc118f302637640ce1b94

SHA1
aadbe0d792a4bcb5e61c7447377ab44f0074e6d0

SHA256
514b5ff8312749c38b2403e9e3e0d3806bb6b768a6196f83ed4802522e8a330e

SHA512
12fa57fef313b0d99f5ba5e49afd57eb238072d4c5e36b9d73bf9582f9bd2d9b265fba0c058f3a20569d1a8a0e9acc3bc5f5234541646f734a1a2004bf300031

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58509.exe

Filesize
468KB

MD5
0d06e25a9f8d46c9e266b229416db953

SHA1
94ae9829c7ad2ab63a3de379c504b82a59170839

SHA256
4cb115bf7a8b1bce9a27497a83a988994c1259be2d89e56aef33f3f8fa59d798

SHA512
3e4c48aafe0365ae3251e76fc606fe0849144e0487cad4c97f333b2892e385aad87ee6e64df0a02ece5f0cc91f124a23b3034d8ebdaf1ca572ac3d592e35e018

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7542.exe

Filesize
468KB

MD5
209cbc20db2f24da5b652cae32ba8c9f

SHA1
802fab617bee9edfe4b835a03dadef4c49cdf274

SHA256
2c34fdbdd2836223d7a1e30370b4c8644e3a4360d4bcd0b6eff283eb6f97b09a

SHA512
352f77634577265eeb1b5c6f32abaca853b33caa8e93737d4fca8345bfc496dbaff026510c2ffa610a0cec1a499f6a7e56ceae6b0b0c27a2bc767547a731c857

Download Submit