1251c746eb1a767193d509291a90f039d138c54bb240e92c066b222435539c8f

Analysis

max time kernel
113s
max time network
17s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02-10-2024 01:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1251c746eb1a767193d509291a90f039d138c54bb240e92c066b222435539c8fN.exe
Size

468KB
MD5

5590c649050eb24df4908a60ceaae260
SHA1

de01aa8d904187770eb08aa824c050a86e414d18
SHA256

1251c746eb1a767193d509291a90f039d138c54bb240e92c066b222435539c8f
SHA512

b67e0e15e8133835096699ea07b6d281d37d8502a78f9a00959f0f976656f95c315906879544b142082e23eb646d889a0835a3adcf0042aa69aa67b78d91ac4d
SSDEEP

3072:WqOhogLdjY8U2bYvPzlWff5EChjW0p6MmHevVp8JrH37f+Np+lt:Wq8oo1U2cPpWffsYDUJrXz+Np

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2804	Unicorn-22433.exe
2680	Unicorn-12993.exe
2296	Unicorn-8971.exe
2544	Unicorn-45983.exe
3012	Unicorn-8354.exe
912	Unicorn-43679.exe
348	Unicorn-21897.exe
1220	Unicorn-35073.exe
2724	Unicorn-35841.exe
2164	Unicorn-516.exe
3000	Unicorn-54127.exe
2616	Unicorn-5602.exe
1696	Unicorn-5602.exe
1964	Unicorn-3609.exe
1292	Unicorn-49546.exe
2184	Unicorn-20040.exe
2264	Unicorn-16017.exe
964	Unicorn-35883.exe
876	Unicorn-27845.exe
1700	Unicorn-27845.exe
2064	Unicorn-21714.exe
1040	Unicorn-7979.exe
1956	Unicorn-16536.exe
372	Unicorn-15457.exe
1760	Unicorn-28840.exe
1004	Unicorn-48514.exe
1804	Unicorn-7103.exe
1816	Unicorn-16034.exe
3052	Unicorn-14554.exe
1528	Unicorn-28289.exe
2832	Unicorn-19213.exe
2712	Unicorn-57510.exe
632	Unicorn-1179.exe
2900	Unicorn-47619.exe
2288	Unicorn-1947.exe
892	Unicorn-16857.exe
440	Unicorn-29663.exe
2596	Unicorn-29663.exe
1824	Unicorn-26774.exe
2372	Unicorn-26774.exe
2748	Unicorn-9592.exe
2532	Unicorn-12392.exe
1684	Unicorn-22097.exe
2340	Unicorn-2497.exe
2316	Unicorn-22363.exe
2396	Unicorn-8055.exe
1408	Unicorn-8055.exe
2212	Unicorn-61090.exe
1740	Unicorn-48137.exe
2000	Unicorn-43166.exe
1788	Unicorn-30936.exe
780	Unicorn-9922.exe
1200	Unicorn-16053.exe
1036	Unicorn-31346.exe
1436	Unicorn-11480.exe
860	Unicorn-31346.exe
2448	Unicorn-12061.exe
2768	Unicorn-44999.exe
2820	Unicorn-38869.exe
2648	Unicorn-46841.exe
1828	Unicorn-20900.exe
2444	Unicorn-49000.exe
2524	Unicorn-19172.exe
2352	Unicorn-1806.exe

Loads dropped DLL 64 IoCs

pid	Process
2640	1251c746eb1a767193d509291a90f039d138c54bb240e92c066b222435539c8fN.exe
2640	1251c746eb1a767193d509291a90f039d138c54bb240e92c066b222435539c8fN.exe
2804	Unicorn-22433.exe
2804	Unicorn-22433.exe
2640	1251c746eb1a767193d509291a90f039d138c54bb240e92c066b222435539c8fN.exe
2640	1251c746eb1a767193d509291a90f039d138c54bb240e92c066b222435539c8fN.exe
2680	Unicorn-12993.exe
2680	Unicorn-12993.exe
2804	Unicorn-22433.exe
2804	Unicorn-22433.exe
2296	Unicorn-8971.exe
2296	Unicorn-8971.exe
2640	1251c746eb1a767193d509291a90f039d138c54bb240e92c066b222435539c8fN.exe
2640	1251c746eb1a767193d509291a90f039d138c54bb240e92c066b222435539c8fN.exe
2544	Unicorn-45983.exe
2544	Unicorn-45983.exe
2680	Unicorn-12993.exe
3012	Unicorn-8354.exe
3012	Unicorn-8354.exe
2680	Unicorn-12993.exe
2804	Unicorn-22433.exe
2804	Unicorn-22433.exe
912	Unicorn-43679.exe
348	Unicorn-21897.exe
912	Unicorn-43679.exe
348	Unicorn-21897.exe
2640	1251c746eb1a767193d509291a90f039d138c54bb240e92c066b222435539c8fN.exe
2296	Unicorn-8971.exe
2640	1251c746eb1a767193d509291a90f039d138c54bb240e92c066b222435539c8fN.exe
2296	Unicorn-8971.exe
1220	Unicorn-35073.exe
1220	Unicorn-35073.exe
2544	Unicorn-45983.exe
2544	Unicorn-45983.exe
2724	Unicorn-35841.exe
2724	Unicorn-35841.exe
2164	Unicorn-516.exe
3000	Unicorn-54127.exe
3012	Unicorn-8354.exe
2680	Unicorn-12993.exe
2164	Unicorn-516.exe
3000	Unicorn-54127.exe
3012	Unicorn-8354.exe
2680	Unicorn-12993.exe
2804	Unicorn-22433.exe
2804	Unicorn-22433.exe
2616	Unicorn-5602.exe
2616	Unicorn-5602.exe
912	Unicorn-43679.exe
912	Unicorn-43679.exe
1696	Unicorn-5602.exe
1696	Unicorn-5602.exe
2640	1251c746eb1a767193d509291a90f039d138c54bb240e92c066b222435539c8fN.exe
1292	Unicorn-49546.exe
2640	1251c746eb1a767193d509291a90f039d138c54bb240e92c066b222435539c8fN.exe
1292	Unicorn-49546.exe
348	Unicorn-21897.exe
2296	Unicorn-8971.exe
348	Unicorn-21897.exe
2296	Unicorn-8971.exe
2184	Unicorn-20040.exe
2184	Unicorn-20040.exe
1220	Unicorn-35073.exe
1220	Unicorn-35073.exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4196.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27021.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37030.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49940.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59185.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51115.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4196.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25153.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27971.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5443.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51395.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54127.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6186.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12723.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4406.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13071.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5602.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12556.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21400.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62546.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32999.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15590.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30874.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41707.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21738.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47140.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49940.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62378.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4918.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38865.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7857.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51910.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7014.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24116.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4196.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23760.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23760.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30199.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30012.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54369.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23908.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28375.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6101.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42301.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25420.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12556.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12556.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3134.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4406.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11552.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15131.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26458.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50482.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10078.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47140.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7225.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22762.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27845.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57510.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37885.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11951.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35136.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15346.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11418.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2640	1251c746eb1a767193d509291a90f039d138c54bb240e92c066b222435539c8fN.exe
2804	Unicorn-22433.exe
2680	Unicorn-12993.exe
2296	Unicorn-8971.exe
2544	Unicorn-45983.exe
3012	Unicorn-8354.exe
348	Unicorn-21897.exe
912	Unicorn-43679.exe
1220	Unicorn-35073.exe
2724	Unicorn-35841.exe
2164	Unicorn-516.exe
3000	Unicorn-54127.exe
2616	Unicorn-5602.exe
1696	Unicorn-5602.exe
1964	Unicorn-3609.exe
1292	Unicorn-49546.exe
2184	Unicorn-20040.exe
964	Unicorn-35883.exe
2264	Unicorn-16017.exe
876	Unicorn-27845.exe
1040	Unicorn-7979.exe
2064	Unicorn-21714.exe
1700	Unicorn-27845.exe
1956	Unicorn-16536.exe
372	Unicorn-15457.exe
1760	Unicorn-28840.exe
1004	Unicorn-48514.exe
1816	Unicorn-16034.exe
1528	Unicorn-28289.exe
3052	Unicorn-14554.exe
1804	Unicorn-7103.exe
2832	Unicorn-19213.exe
2712	Unicorn-57510.exe
632	Unicorn-1179.exe
2900	Unicorn-47619.exe
2288	Unicorn-1947.exe
440	Unicorn-29663.exe
892	Unicorn-16857.exe
2596	Unicorn-29663.exe
1824	Unicorn-26774.exe
2372	Unicorn-26774.exe
2396	Unicorn-8055.exe
2532	Unicorn-12392.exe
2340	Unicorn-2497.exe
1684	Unicorn-22097.exe
2748	Unicorn-9592.exe
2316	Unicorn-22363.exe
1408	Unicorn-8055.exe
2212	Unicorn-61090.exe
1740	Unicorn-48137.exe
2000	Unicorn-43166.exe
780	Unicorn-9922.exe
1788	Unicorn-30936.exe
1200	Unicorn-16053.exe
1436	Unicorn-11480.exe
1036	Unicorn-31346.exe
860	Unicorn-31346.exe
2448	Unicorn-12061.exe
2648	Unicorn-46841.exe
2768	Unicorn-44999.exe
2820	Unicorn-38869.exe
1828	Unicorn-20900.exe
2444	Unicorn-49000.exe
2524	Unicorn-19172.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2640 wrote to memory of 2804	2640	1251c746eb1a767193d509291a90f039d138c54bb240e92c066b222435539c8fN.exe	30
PID 2640 wrote to memory of 2804	2640	1251c746eb1a767193d509291a90f039d138c54bb240e92c066b222435539c8fN.exe	30
PID 2640 wrote to memory of 2804	2640	1251c746eb1a767193d509291a90f039d138c54bb240e92c066b222435539c8fN.exe	30
PID 2640 wrote to memory of 2804	2640	1251c746eb1a767193d509291a90f039d138c54bb240e92c066b222435539c8fN.exe	30
PID 2804 wrote to memory of 2680	2804	Unicorn-22433.exe	31
PID 2804 wrote to memory of 2680	2804	Unicorn-22433.exe	31
PID 2804 wrote to memory of 2680	2804	Unicorn-22433.exe	31
PID 2804 wrote to memory of 2680	2804	Unicorn-22433.exe	31
PID 2640 wrote to memory of 2296	2640	1251c746eb1a767193d509291a90f039d138c54bb240e92c066b222435539c8fN.exe	32
PID 2640 wrote to memory of 2296	2640	1251c746eb1a767193d509291a90f039d138c54bb240e92c066b222435539c8fN.exe	32
PID 2640 wrote to memory of 2296	2640	1251c746eb1a767193d509291a90f039d138c54bb240e92c066b222435539c8fN.exe	32
PID 2640 wrote to memory of 2296	2640	1251c746eb1a767193d509291a90f039d138c54bb240e92c066b222435539c8fN.exe	32
PID 2680 wrote to memory of 2544	2680	Unicorn-12993.exe	33
PID 2680 wrote to memory of 2544	2680	Unicorn-12993.exe	33
PID 2680 wrote to memory of 2544	2680	Unicorn-12993.exe	33
PID 2680 wrote to memory of 2544	2680	Unicorn-12993.exe	33
PID 2804 wrote to memory of 3012	2804	Unicorn-22433.exe	34
PID 2804 wrote to memory of 3012	2804	Unicorn-22433.exe	34
PID 2804 wrote to memory of 3012	2804	Unicorn-22433.exe	34
PID 2804 wrote to memory of 3012	2804	Unicorn-22433.exe	34
PID 2296 wrote to memory of 912	2296	Unicorn-8971.exe	35
PID 2296 wrote to memory of 912	2296	Unicorn-8971.exe	35
PID 2296 wrote to memory of 912	2296	Unicorn-8971.exe	35
PID 2296 wrote to memory of 912	2296	Unicorn-8971.exe	35
PID 2640 wrote to memory of 348	2640	1251c746eb1a767193d509291a90f039d138c54bb240e92c066b222435539c8fN.exe	36
PID 2640 wrote to memory of 348	2640	1251c746eb1a767193d509291a90f039d138c54bb240e92c066b222435539c8fN.exe	36
PID 2640 wrote to memory of 348	2640	1251c746eb1a767193d509291a90f039d138c54bb240e92c066b222435539c8fN.exe	36
PID 2640 wrote to memory of 348	2640	1251c746eb1a767193d509291a90f039d138c54bb240e92c066b222435539c8fN.exe	36
PID 2544 wrote to memory of 1220	2544	Unicorn-45983.exe	37
PID 2544 wrote to memory of 1220	2544	Unicorn-45983.exe	37
PID 2544 wrote to memory of 1220	2544	Unicorn-45983.exe	37
PID 2544 wrote to memory of 1220	2544	Unicorn-45983.exe	37
PID 3012 wrote to memory of 2724	3012	Unicorn-8354.exe	39
PID 3012 wrote to memory of 2724	3012	Unicorn-8354.exe	39
PID 3012 wrote to memory of 2724	3012	Unicorn-8354.exe	39
PID 3012 wrote to memory of 2724	3012	Unicorn-8354.exe	39
PID 2680 wrote to memory of 2164	2680	Unicorn-12993.exe	38
PID 2680 wrote to memory of 2164	2680	Unicorn-12993.exe	38
PID 2680 wrote to memory of 2164	2680	Unicorn-12993.exe	38
PID 2680 wrote to memory of 2164	2680	Unicorn-12993.exe	38
PID 2804 wrote to memory of 3000	2804	Unicorn-22433.exe	40
PID 2804 wrote to memory of 3000	2804	Unicorn-22433.exe	40
PID 2804 wrote to memory of 3000	2804	Unicorn-22433.exe	40
PID 2804 wrote to memory of 3000	2804	Unicorn-22433.exe	40
PID 912 wrote to memory of 2616	912	Unicorn-43679.exe	41
PID 912 wrote to memory of 2616	912	Unicorn-43679.exe	41
PID 912 wrote to memory of 2616	912	Unicorn-43679.exe	41
PID 912 wrote to memory of 2616	912	Unicorn-43679.exe	41
PID 348 wrote to memory of 1696	348	Unicorn-21897.exe	42
PID 348 wrote to memory of 1696	348	Unicorn-21897.exe	42
PID 348 wrote to memory of 1696	348	Unicorn-21897.exe	42
PID 348 wrote to memory of 1696	348	Unicorn-21897.exe	42
PID 2640 wrote to memory of 1964	2640	1251c746eb1a767193d509291a90f039d138c54bb240e92c066b222435539c8fN.exe	43
PID 2640 wrote to memory of 1964	2640	1251c746eb1a767193d509291a90f039d138c54bb240e92c066b222435539c8fN.exe	43
PID 2640 wrote to memory of 1964	2640	1251c746eb1a767193d509291a90f039d138c54bb240e92c066b222435539c8fN.exe	43
PID 2640 wrote to memory of 1964	2640	1251c746eb1a767193d509291a90f039d138c54bb240e92c066b222435539c8fN.exe	43
PID 2296 wrote to memory of 1292	2296	Unicorn-8971.exe	44
PID 2296 wrote to memory of 1292	2296	Unicorn-8971.exe	44
PID 2296 wrote to memory of 1292	2296	Unicorn-8971.exe	44
PID 2296 wrote to memory of 1292	2296	Unicorn-8971.exe	44
PID 1220 wrote to memory of 2184	1220	Unicorn-35073.exe	45
PID 1220 wrote to memory of 2184	1220	Unicorn-35073.exe	45
PID 1220 wrote to memory of 2184	1220	Unicorn-35073.exe	45
PID 1220 wrote to memory of 2184	1220	Unicorn-35073.exe	45

C:\Users\Admin\AppData\Local\Temp\1251c746eb1a767193d509291a90f039d138c54bb240e92c066b222435539c8fN.exe
"C:\Users\Admin\AppData\Local\Temp\1251c746eb1a767193d509291a90f039d138c54bb240e92c066b222435539c8fN.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2640
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22433.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22433.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12993.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12993.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45983.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35073.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20040.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19213.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20900.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22051.exe
        9⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39471.exe
        9⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49940.exe
        9⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13071.exe
        9⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27971.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29081.exe
        8⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35878.exe
        8⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4406.exe
        8⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49000.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40193.exe
        8⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4196.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39831.exe
        8⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35867.exe
        8⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15920.exe
        7⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5239.exe
        7⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37030.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11441.exe
        7⤵
        
        PID:5340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57510.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19172.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16509.exe
        8⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19264.exe
        8⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49940.exe
        8⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13071.exe
        8⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36876.exe
        7⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32999.exe
        7⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3397.exe
        7⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19332.exe
        7⤵
        
        PID:5296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1806.exe
        6⤵
        Executes dropped EXE
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3633.exe
        7⤵
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4196.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42923.exe
        7⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23760.exe
        7⤵
        
        PID:6492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49694.exe
        6⤵
        
        PID:2072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15131.exe
        6⤵
        
        PID:3604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20495.exe
        6⤵
        
        PID:4844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13239.exe
        6⤵
        
        PID:4576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16017.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30936.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2097.exe
        7⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4196.exe
        7⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41559.exe
        7⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13071.exe
        7⤵
        
        PID:5708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18357.exe
        6⤵
        
        PID:2772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38865.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27404.exe
        6⤵
        
        PID:4756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-974.exe
        6⤵
        
        PID:6052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9922.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59185.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41266.exe
        7⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61880.exe
        7⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46348.exe
        7⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22762.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21400.exe
        6⤵
        
        PID:3084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10078.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53859.exe
        6⤵
        
        PID:5148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19332.exe
        6⤵
        
        PID:5876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58920.exe
        5⤵
        
        PID:904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13175.exe
        6⤵
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15590.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63069.exe
        6⤵
        
        PID:5444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21374.exe
        6⤵
        
        PID:5864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34805.exe
        5⤵
        
        PID:2872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9990.exe
        5⤵
        
        PID:4472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45724.exe
        5⤵
        
        PID:4776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57245.exe
        5⤵
        
        PID:5492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-516.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-516.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27845.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27811.exe
        6⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24838.exe
        7⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6659.exe
        7⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33058.exe
        7⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23760.exe
        7⤵
        
        PID:6420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56406.exe
        6⤵
        
        PID:2848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38865.exe
        6⤵
        
        PID:3992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47140.exe
        6⤵
        
        PID:5024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53216.exe
        6⤵
        
        PID:5304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43166.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63567.exe
        6⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43736.exe
        7⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15590.exe
        7⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49940.exe
        7⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13071.exe
        7⤵
        
        PID:6004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60818.exe
        6⤵
        
        PID:3348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40121.exe
        6⤵
        
        PID:5104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27212.exe
        6⤵
        
        PID:1836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36398.exe
        6⤵
        
        PID:6160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62455.exe
        5⤵
        
        PID:2664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50482.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15590.exe
        6⤵
        
        PID:4500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3134.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22413.exe
        6⤵
        
        PID:6176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50113.exe
        5⤵
        
        PID:1552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30199.exe
        5⤵
        
        PID:3988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56827.exe
        5⤵
        
        PID:5580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25009.exe
        5⤵
        
        PID:6288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21714.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21714.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22363.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31418.exe
        6⤵
        
        PID:1072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19264.exe
        6⤵
        
        PID:4208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14553.exe
        6⤵
        
        PID:4824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49691.exe
        6⤵
        
        PID:6556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48833.exe
        5⤵
        
        PID:2704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-300.exe
        6⤵
        
        PID:3036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19264.exe
        6⤵
        
        PID:4216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30204.exe
        6⤵
        
        PID:4784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26175.exe
        6⤵
        
        PID:6060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25420.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38865.exe
        5⤵
        
        PID:3784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39761.exe
        5⤵
        
        PID:5536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24290.exe
        5⤵
        
        PID:6344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22097.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22097.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59185.exe
        5⤵
        
        PID:2516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24707.exe
        6⤵
        
        PID:3880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49789.exe
        6⤵
        
        PID:4608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30012.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21374.exe
        6⤵
        
        PID:5896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21400.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25153.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29812.exe
        5⤵
        
        PID:5932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39828.exe
        5⤵
        
        PID:6616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50255.exe
      4⤵
      PID:2248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54369.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49789.exe
        5⤵
        
        PID:4616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33058.exe
        5⤵
        
        PID:5816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23760.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15800.exe
      4⤵
      PID:3092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7808.exe
      4⤵
      PID:4900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39268.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39268.exe
      4⤵
      PID:5428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51910.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8354.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8354.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35841.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35883.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1179.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41569.exe
        7⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56742.exe
        8⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19264.exe
        8⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49940.exe
        8⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13071.exe
        8⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36876.exe
        7⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34471.exe
        8⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32999.exe
        7⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56297.exe
        7⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7225.exe
        7⤵
        
        PID:6412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62378.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3161.exe
        7⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19264.exe
        7⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14553.exe
        7⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21374.exe
        7⤵
        
        PID:5872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63336.exe
        6⤵
        
        PID:2744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38865.exe
        6⤵
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39761.exe
        6⤵
        
        PID:5528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24290.exe
        6⤵
        
        PID:6484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47619.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54600.exe
        6⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24062.exe
        7⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26095.exe
        7⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7014.exe
        7⤵
        
        PID:2008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51395.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32999.exe
        6⤵
        
        PID:4152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3397.exe
        6⤵
        
        PID:5160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19332.exe
        6⤵
        
        PID:7128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2424.exe
        5⤵
        
        PID:1692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21505.exe
        6⤵
        
        PID:3576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49789.exe
        6⤵
        
        PID:4624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33058.exe
        6⤵
        
        PID:5840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22482.exe
        6⤵
        
        PID:6932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36595.exe
        5⤵
        
        PID:2408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30199.exe
        5⤵
        
        PID:3876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24923.exe
        5⤵
        
        PID:5692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2760.exe
        5⤵
        
        PID:6332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7979.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7979.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16857.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30874.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31392.exe
        7⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19264.exe
        7⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33058.exe
        7⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23760.exe
        7⤵
        
        PID:6428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11552.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32999.exe
        6⤵
        
        PID:4136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35878.exe
        6⤵
        
        PID:4420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4406.exe
        6⤵
        
        PID:6024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33888.exe
        5⤵
        
        PID:2100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4918.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32999.exe
        6⤵
        
        PID:4160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3397.exe
        6⤵
        
        PID:5268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19332.exe
        6⤵
        
        PID:7136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50612.exe
        5⤵
        
        PID:2312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11748.exe
        6⤵
        
        PID:6120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38865.exe
        5⤵
        
        PID:4104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47140.exe
        5⤵
        
        PID:4828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53216.exe
        5⤵
        
        PID:5356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12392.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49032.exe
        5⤵
        
        PID:2380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24062.exe
        6⤵
        
        PID:3868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12556.exe
        6⤵
        
        PID:4880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7206.exe
        6⤵
        
        PID:5184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7617.exe
        5⤵
        
        PID:956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27021.exe
        5⤵
        
        PID:4348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3397.exe
        5⤵
        
        PID:5276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19332.exe
        5⤵
        
        PID:5684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26318.exe
      4⤵
      PID:2844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28085.exe
        5⤵
        
        PID:928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15590.exe
        5⤵
        
        PID:4508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33058.exe
        5⤵
        
        PID:5856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23760.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18552.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18552.exe
      4⤵
      PID:1496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40550.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40550.exe
      4⤵
      PID:4376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47670.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47670.exe
      4⤵
      PID:5220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48750.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48750.exe
      4⤵
      PID:6128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54127.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54127.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27845.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27845.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1947.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42301.exe
        6⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4401.exe
        7⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24062.exe
        8⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12556.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7206.exe
        8⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4196.exe
        7⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37885.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47664.exe
        7⤵
        
        PID:6032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20327.exe
        6⤵
        
        PID:2300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17931.exe
        6⤵
        
        PID:3688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45696.exe
        6⤵
        
        PID:5080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4406.exe
        6⤵
        
        PID:5884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57988.exe
        5⤵
        
        PID:1448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22051.exe
        6⤵
        
        PID:2876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57017.exe
        6⤵
        
        PID:4080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49940.exe
        6⤵
        
        PID:5072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12879.exe
        6⤵
        
        PID:6020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41707.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34947.exe
        5⤵
        
        PID:4008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11753.exe
        5⤵
        
        PID:1652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61711.exe
        5⤵
        
        PID:5948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29663.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29663.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12316.exe
        5⤵
        
        PID:1868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56742.exe
        6⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23700.exe
        7⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19264.exe
        6⤵
        
        PID:4264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49940.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13071.exe
        6⤵
        
        PID:5740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18845.exe
        5⤵
        
        PID:2580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38865.exe
        5⤵
        
        PID:3924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45194.exe
        5⤵
        
        PID:5172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36398.exe
        5⤵
        
        PID:6212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49160.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49160.exe
      4⤵
      PID:1188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56742.exe
        5⤵
        
        PID:988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4918.exe
        5⤵
        
        PID:1812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32999.exe
        5⤵
        
        PID:4000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25378.exe
        5⤵
        
        PID:5644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7225.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56477.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56477.exe
      4⤵
      PID:576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30199.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30199.exe
      4⤵
      PID:3740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25347.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25347.exe
      4⤵
      PID:5940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12962.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12962.exe
      4⤵
      PID:6648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16536.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16536.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26774.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42301.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4401.exe
        6⤵
        
        PID:1572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4196.exe
        6⤵
        
        PID:3660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26291.exe
        6⤵
        
        PID:4944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13071.exe
        6⤵
        
        PID:5756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18357.exe
        5⤵
        
        PID:3032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38865.exe
        5⤵
        
        PID:4120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46878.exe
        5⤵
        
        PID:5908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18297.exe
        5⤵
        
        PID:6624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42502.exe
      4⤵
      PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54815.exe
        5⤵
        
        PID:2052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19264.exe
        5⤵
        
        PID:4200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30012.exe
        5⤵
        
        PID:4700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13071.exe
        5⤵
        
        PID:5512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28186.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28186.exe
      4⤵
      PID:1876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38865.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38865.exe
      4⤵
      PID:4004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47140.exe
      4⤵
      PID:4732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53216.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53216.exe
      4⤵
      PID:5376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9592.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9592.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12527.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12527.exe
      4⤵
      PID:2716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42649.exe
        5⤵
        
        PID:4860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31762.exe
        5⤵
        
        PID:5472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7014.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48811.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48811.exe
      4⤵
      PID:3516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63524.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63524.exe
      4⤵
      PID:4680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19976.exe
      4⤵
      PID:5628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7225.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7225.exe
      4⤵
      PID:6468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7970.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7970.exe
    3⤵
    PID:2972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63361.exe
      4⤵
      PID:3980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57014.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57014.exe
      4⤵
      PID:4708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7206.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7206.exe
      4⤵
      PID:5216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19020.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19020.exe
    3⤵
    PID:3936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39723.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39723.exe
    3⤵
    PID:4596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20804.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20804.exe
    3⤵
    PID:5228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47615.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47615.exe
    3⤵
    PID:5680
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8971.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8971.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43679.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43679.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5602.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5602.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15457.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26774.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48492.exe
        7⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21738.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19264.exe
        8⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49940.exe
        8⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13071.exe
        8⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12723.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3852.exe
        7⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47140.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53408.exe
        7⤵
        
        PID:6140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47760.exe
        6⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5443.exe
        7⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20520.exe
        7⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49940.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13071.exe
        7⤵
        
        PID:5980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26458.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38865.exe
        6⤵
        
        PID:4128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7857.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24290.exe
        6⤵
        
        PID:6388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2497.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48492.exe
        6⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11951.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5443.exe
        8⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9452.exe
        8⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64360.exe
        8⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5985.exe
        8⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51115.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34255.exe
        7⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3397.exe
        7⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19332.exe
        7⤵
        
        PID:7160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43892.exe
        6⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24062.exe
        7⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24149.exe
        7⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15509.exe
        7⤵
        
        PID:5404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48945.exe
        6⤵
        
        PID:3800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3852.exe
        6⤵
        
        PID:4648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23908.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61495.exe
        5⤵
        
        PID:2776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6289.exe
        6⤵
        
        PID:3232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11418.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28373.exe
        6⤵
        
        PID:6092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32324.exe
        5⤵
        
        PID:3004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30199.exe
        5⤵
        
        PID:3756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25347.exe
        5⤵
        
        PID:5916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27567.exe
        5⤵
        
        PID:7060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28840.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28840.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8055.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15784.exe
        6⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-67.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-67.exe
        7⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11418.exe
        7⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49940.exe
        7⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13071.exe
        7⤵
        
        PID:5960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7617.exe
        6⤵
        
        PID:704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27021.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35878.exe
        6⤵
        
        PID:2256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4406.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29166.exe
        5⤵
        
        PID:1676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50887.exe
        6⤵
        
        PID:3192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11418.exe
        6⤵
        
        PID:5000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33058.exe
        6⤵
        
        PID:5768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23760.exe
        6⤵
        
        PID:6460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21352.exe
        5⤵
        
        PID:2140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32887.exe
        5⤵
        
        PID:4364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47140.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53408.exe
        5⤵
        
        PID:5560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48137.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48137.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26965.exe
        5⤵
        
        PID:2036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65305.exe
        6⤵
        
        PID:5344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36208.exe
        6⤵
        
        PID:6528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4196.exe
        5⤵
        
        PID:3636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39831.exe
        5⤵
        
        PID:5044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13071.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39113.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39113.exe
      4⤵
      PID:1312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15131.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15131.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18549.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18549.exe
      4⤵
      PID:4372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13239.exe
      4⤵
      PID:5676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49546.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49546.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16034.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16034.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16053.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24734.exe
        6⤵
        
        PID:2384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4196.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41367.exe
        6⤵
        
        PID:4744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54701.exe
        6⤵
        
        PID:5720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5636.exe
        5⤵
        
        PID:2272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16587.exe
        5⤵
        
        PID:3956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43750.exe
        5⤵
        
        PID:4316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27976.exe
        5⤵
        
        PID:5420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11480.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30816.exe
        5⤵
        
        PID:1176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38396.exe
        6⤵
        
        PID:2348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19264.exe
        6⤵
        
        PID:4248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33058.exe
        6⤵
        
        PID:5832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23760.exe
        6⤵
        
        PID:6444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2687.exe
        5⤵
        
        PID:2028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32999.exe
        5⤵
        
        PID:4192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55805.exe
        5⤵
        
        PID:5308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4214.exe
        5⤵
        
        PID:2572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39979.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39979.exe
      4⤵
      PID:2644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38865.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38865.exe
      4⤵
      PID:4112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60269.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60269.exe
      4⤵
      PID:5648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53216.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53216.exe
      4⤵
      PID:5964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28289.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28289.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31346.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8554.exe
        5⤵
        
        PID:1204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24062.exe
        6⤵
        
        PID:3844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12556.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7206.exe
        6⤵
        
        PID:6108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17954.exe
        5⤵
        
        PID:924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32999.exe
        5⤵
        
        PID:4144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53859.exe
        5⤵
        
        PID:5196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19332.exe
        5⤵
        
        PID:7152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19057.exe
      4⤵
      PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13175.exe
        5⤵
        
        PID:2968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15590.exe
        5⤵
        
        PID:4492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14553.exe
        5⤵
        
        PID:1640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21352.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21352.exe
      4⤵
      PID:2624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32887.exe
      4⤵
      PID:4332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27212.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27212.exe
      4⤵
      PID:4280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36398.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36398.exe
      4⤵
      PID:6172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12061.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12061.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2610.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2610.exe
      4⤵
      PID:1420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31379.exe
        5⤵
        
        PID:3908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12556.exe
        5⤵
        
        PID:4936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7206.exe
        5⤵
        
        PID:5180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46507.exe
      4⤵
      PID:3328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5252.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5252.exe
      4⤵
      PID:5064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45439.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45439.exe
      4⤵
      PID:6072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40904.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40904.exe
    3⤵
    PID:324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24062.exe
      4⤵
      PID:3768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25874.exe
      4⤵
      PID:5336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32426.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32426.exe
      4⤵
      PID:6372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53320.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53320.exe
    3⤵
    PID:3712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61254.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61254.exe
    3⤵
    PID:4588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26139.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26139.exe
    3⤵
    PID:5188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43607.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43607.exe
    3⤵
    PID:5380
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21897.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21897.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5602.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5602.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48514.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48514.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44999.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26583.exe
        6⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32501.exe
        7⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15590.exe
        7⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30012.exe
        7⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6101.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10006.exe
        6⤵
        
        PID:4012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47424.exe
        6⤵
        
        PID:4772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19332.exe
        6⤵
        
        PID:7104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39319.exe
        5⤵
        
        PID:1976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41074.exe
        6⤵
        
        PID:824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61880.exe
        6⤵
        
        PID:4912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49940.exe
        6⤵
        
        PID:5036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13071.exe
        6⤵
        
        PID:5408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35136.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15943.exe
        5⤵
        
        PID:4868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27212.exe
        5⤵
        
        PID:5092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36398.exe
        5⤵
        
        PID:5332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46841.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26897.exe
        5⤵
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5443.exe
        6⤵
        
        PID:3472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36070.exe
        6⤵
        
        PID:4780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19332.exe
        6⤵
        
        PID:7120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45739.exe
        5⤵
        
        PID:3260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43160.exe
        5⤵
        
        PID:5060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55695.exe
        5⤵
        
        PID:5808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62749.exe
        5⤵
        
        PID:6188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5821.exe
      4⤵
      PID:1424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31040.exe
        5⤵
        
        PID:4408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53828.exe
        5⤵
        
        PID:5324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30776.exe
        5⤵
        
        PID:5348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5178.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5178.exe
      4⤵
      PID:3408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31455.exe
      4⤵
      PID:4284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43733.exe
      4⤵
      PID:5636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4744.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4744.exe
      4⤵
      PID:6064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14554.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14554.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31346.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2610.exe
        5⤵
        
        PID:2480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24707.exe
        6⤵
        
        PID:3848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49789.exe
        6⤵
        
        PID:4640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33058.exe
        6⤵
        
        PID:5784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23760.exe
        6⤵
        
        PID:6476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46507.exe
        5⤵
        
        PID:3320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5252.exe
        5⤵
        
        PID:5028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3397.exe
        5⤵
        
        PID:5236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12709.exe
        5⤵
        
        PID:5892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29968.exe
      4⤵
      PID:1548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41266.exe
        5⤵
        
        PID:3136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11418.exe
        5⤵
        
        PID:5008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49940.exe
        5⤵
        
        PID:4324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13071.exe
        5⤵
        
        PID:5504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62546.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62546.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3852.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3852.exe
      4⤵
      PID:4656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47140.exe
      4⤵
      PID:4812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53408.exe
      4⤵
      PID:5400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38869.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38869.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46109.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46109.exe
      4⤵
      PID:596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63524.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63524.exe
      4⤵
      PID:4580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35878.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35878.exe
      4⤵
      PID:4404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4406.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14131.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14131.exe
    3⤵
    PID:3048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30199.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30199.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30604.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30604.exe
    3⤵
    PID:5456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4744.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4744.exe
    3⤵
    PID:6084
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3609.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3609.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29663.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29663.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6717.exe
      4⤵
      PID:1148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36580.exe
        5⤵
        
        PID:3612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49789.exe
        5⤵
        
        PID:4632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33058.exe
        5⤵
        
        PID:5776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23760.exe
        5⤵
        
        PID:6436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21352.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21352.exe
      4⤵
      PID:960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32887.exe
      4⤵
      PID:4356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27212.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27212.exe
      4⤵
      PID:2460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36398.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36398.exe
      4⤵
      PID:6148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6186.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6186.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47837.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47837.exe
      4⤵
      PID:1712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15346.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14553.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14553.exe
      4⤵
      PID:4836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35867.exe
      4⤵
      PID:6228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47572.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47572.exe
    3⤵
    PID:1248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26281.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26281.exe
    3⤵
    PID:4076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60755.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60755.exe
    3⤵
    PID:1832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13239.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13239.exe
    3⤵
    PID:5664
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7103.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7103.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8055.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8055.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59185.exe
      4⤵
      PID:1944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24062.exe
        5⤵
        
        PID:3860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27823.exe
        5⤵
        
        PID:4804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20309.exe
        5⤵
        
        PID:6104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21400.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21400.exe
      4⤵
      PID:3100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10078.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10078.exe
      4⤵
      PID:4884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35878.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35878.exe
      4⤵
      PID:1624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12709.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12709.exe
      4⤵
      PID:5764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24052.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24052.exe
    3⤵
    PID:1732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24062.exe
      4⤵
      PID:3760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37058.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37058.exe
      4⤵
      PID:5388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32426.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32426.exe
      4⤵
      PID:6364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44757.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44757.exe
    3⤵
    PID:3176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31019.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31019.exe
    3⤵
    PID:4984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47140.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47140.exe
    3⤵
    PID:5040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53216.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53216.exe
    3⤵
    PID:6040
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61090.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61090.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5674.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5674.exe
    3⤵
    PID:1492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24062.exe
      4⤵
      PID:3836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12556.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12556.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14766.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14766.exe
      4⤵
      PID:6264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65105.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65105.exe
    3⤵
    PID:2112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32999.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32999.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3397.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3397.exe
    3⤵
    PID:5284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19332.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19332.exe
    3⤵
    PID:7144
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60507.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60507.exe
  2⤵
  PID:1392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5443.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5443.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9452.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9452.exe
    3⤵
    PID:4440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64360.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64360.exe
    3⤵
    PID:5800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13747.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13747.exe
    3⤵
    PID:6200
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24116.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24116.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1780
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3864.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3864.exe
  2⤵
  PID:3904
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38133.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38133.exe
  2⤵
  PID:5436
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28375.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28375.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-15457.exe

Filesize
468KB

MD5
594855714c4cba9dde8d859ee6f4e219

SHA1
ac594bdeb86989d79e44d2cf1711bab2a31f89c8

SHA256
42ded4f3cc86663aed8d6818f361f51d1a03e53a5d1d86848c45d1f6d26d59dd

SHA512
5eefdb56df5f1c9f42e0524e23c149e874862f9428f0f215fbec8155b1e410a4e730ad0843f7477e3405e3e92b5aa672d309d036611b22414b0dfbba37482c9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20040.exe

Filesize
468KB

MD5
75ff7a1fbd8009187f866639e0d189a7

SHA1
1bc2eb52479725cff91f00b9eb4ae1b3ffc876ed

SHA256
1d9a25b7c4fe29b4335d9e5f247d515a466e6f21d967c793b6aa6464a7df3038

SHA512
8241182e6b1f336f1cf256b8252f95df4b848c7f19423cd9619fbe451d6997bc7b320abfdde17212287f3f01526cc4f2aca0579ada26489ad95c7e524daebbb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35073.exe

Filesize
468KB

MD5
7afcd7f7b4a7492df0bd35d91a576ba0

SHA1
76dce3481eb4a7990c693f81921033a0eda85369

SHA256
8a4d69979dff99bb23947f194d4a8b335f739f607927ffb73781d00269b9b19e

SHA512
361008ca834f36382eb0af726ceb6963f322c6775ab04da564d1ad47938682f36353d4495d08de561339f8ef496b76028ebe646c63b79af253cbab25e297e84f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35841.exe

Filesize
468KB

MD5
7340350c96a9a4ffa16b7bf88ce02afb

SHA1
df6d84e225afcddd3c5ad1c7c18c47e83e8c8a27

SHA256
69e898d9dfe69219cbcd4df428b79e333df69d0c3827a6b9b5cad37b8ce2f521

SHA512
95c8966826c826715e73ab546523fcbb15d13a786c9ade5c5f6806d230758305b3b698cdc0a10fec34286f218ffa53f2210d347873d623ae961047dffe1d03d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35883.exe

Filesize
468KB

MD5
a4a57ef3dd47d93b2a17892f5a0e5e15

SHA1
2a19528474a65c41ffd730294524e7c8ffba2d69

SHA256
ac0d79c0e2227d8c26f30007dd72e40cd19da2a375d8195ee03dbd06ae60c473

SHA512
2a60c56bdb5d24792ab7c780feb56fcba1c3a2de33db744581860ea1d69d5a3234213e1544c6084cb8c05d5b7eb1e9e51d506cdb197925ca12da2d05a140245f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3609.exe

Filesize
468KB

MD5
7d04b3014ee04122a76bc460a93bc423

SHA1
25881b01531119a434b92a5efbae3dd949fde51b

SHA256
cf64c8d93e5ef7f81ad4224617d5565a194a6f8c597035bb9ee814ea1bd66088

SHA512
bbb23dcc25192f705e8bcaf7d795a941fa795e3902e6654efe517f36369e5f3b9ece46e52e4fa0300b997cecef7fd1aea711e9ceca710f53286b23e4f85ecde8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38396.exe

Filesize
468KB

MD5
2aab6f479785a2f4ad05aa05a1a140b3

SHA1
c8ad302f386e93393d6b2fdc23c4bead7593ad6d

SHA256
2d7282867baf89aa78060d5eba2f4f492427cb00abd0bb0c9998cae89ed981d4

SHA512
22a5f4958358d525e0c77a09a0262d91bf7cba422cf870fd849cef1ba1cdec5bd4e18bc6f13eca26acc865e178cbc49352d4336c567d66cb83a29527f6cda66a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43679.exe

Filesize
468KB

MD5
13d815b47e9a995a5ac7430680452123

SHA1
8f5aa35dc4f1125b396a39ad9460a529d71090c4

SHA256
10f2b5ed369b6ec193d4e0add3dd2d78b730e13dc013585f1a07173c28061331

SHA512
a7aafacd6e2855492a45792031e0f538cb129729f131b7f22084f7276de18ac71e80d5d2595c84e2d8e526bf8deff42a0743ca882bf90030b4273c065f5b491f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49546.exe

Filesize
468KB

MD5
7f3b54daa5d32992a2c3a958147b8105

SHA1
4be4d0d250a1f13f6965b457f6a308c1d6988595

SHA256
0185c1e6c939d8c306d8a02e41597a8248b91d2a44c531b78bd9e5b83ed2190c

SHA512
336902cc001ea48e3fadf0bfb05e771d27f0d7222c5452e5f857126cf9f9f9ac403ab8db2e477f25fa16f8f2c20cf2c16b5e53e7cf678c0fe5cf3592bf718171

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-516.exe

Filesize
468KB

MD5
2195d22310748e287fe857e1698b97af

SHA1
55a3bd77810087992f6378c8696417862f532ea5

SHA256
92561078ad74990e2aee405e59b45c476e21d887586f342f99344ba965ae1e50

SHA512
26f90a98e896683828b9d06c5fd6fcfd2e3f53f56d16150ef4174c7355c65e5ca3dcbedb2f04a790411239c428c7ca1ff0f7e60976322e7ffa6b12be6ca2a724

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5602.exe

Filesize
468KB

MD5
07b1d68947c76c5759f5c4e9e3b016ef

SHA1
96f1257e5187672763d9c038bec51deb9b627704

SHA256
7c3aac7676730913119b3b5d6071d13fea0a611d79061ee4b5892ece471351f5

SHA512
0f4a6892bfa64d7cc609264bad33f963889e962d361099d4cf7dd263d9c2498dd25b5c820d8e644048b1bf2a427f52498b2cb240f4162315895460ab8fb0b2a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5674.exe

Filesize
468KB

MD5
844c0d1dd7d0b912dcda4d0b6cb6e822

SHA1
b0a4dd8db65f742d35dcadef55af54dd6819821a

SHA256
6e99e64c1ee99d70ac5e3fe532254bd3aae7aba2c77d27c558255fc691d36bbd

SHA512
15106768d86cdaa1b0ef36e3c527ddcb5393d80c10fc3b7313812597c876554f7b03bfeea83103bdf45d8033d6a02758c0605e16d7139687315f5ac366edc3dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8354.exe

Filesize
468KB

MD5
00adb5f5088d5f36859551cf5eb496ed

SHA1
482bfe3cf1732395dc246cfd5f7e816e7ff0547f

SHA256
b00a7557af9f994a53bfde6ac21e06fabbf1407341263b19df554682d71c782e

SHA512
518b235c3a0cb789d15d0ebbc4cd8d72b4e138254b0993471aaaeed1db1c653c9c8bf5d5ec558667e3d4dc55787887bfa3492d3574941d549bd6e420c93f922d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12993.exe

Filesize
468KB

MD5
3c5a81d931fe41989cb9cb995d6476d4

SHA1
be0860fe92223fea237b12f87d4043e54a6dab4b

SHA256
efdd90c9322a4aae8c3b7891f2b246111396bf0ceff6f3acd781e5548043dc37

SHA512
f596b87ef2e0f1a93efa3443bd0a5bcd7dcda105942232ce4b3c2b6fede9d886c0cd31d25039a97711a5e204b7ca1c2280297fe942cae646f97da7456f72d33e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16017.exe

Filesize
468KB

MD5
9c5b974b42171bacd95cc8eebf27d58a

SHA1
c715ae2d9c67a61869c1e098bf8bde6a518deacc

SHA256
7572f96d076cbfd1ab6305eb3a3e28de54b718e792148cab17a87d6f49450964

SHA512
75d7c00c0b05c5c00a26ffceb2521bb1dca2751b3a92a995ac2075f245abf6801574c7c7875fe04436c084fc8173901c06f9759cf0ca855810826cc26afc1b19

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21897.exe

Filesize
468KB

MD5
db336ab8e781c4f304fc406681c5915f

SHA1
164a0d72e2a24928073c402d1641de4f24fac904

SHA256
e4b5db78c1f0463a69ffd909d42d13979f22fc39fd3b2e9acd2a13df17c78e12

SHA512
52239b69e3b7a852bf0dbe86c2a82507e916f166f1a62c9f007212f5d8a1a0bbd2e7b3ffc61c6297c702f720485332e487feabb2fc2c5dcfa52856a843659795

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22433.exe

Filesize
468KB

MD5
835cdbca4cfb4158ab3c571d8e2b692f

SHA1
cef01af5e8d46f16a7289a9f6781ddf9e66ec11d

SHA256
84592f1b15e922f1371612526615ca03ea74f493b55edbd29931950f941c9751

SHA512
444cab51dd1188d79d506764ca9d27614849eaf29760f003b95ee2e43df820fb574980f345d548b97f312ca56db9093df58e1829c55cea7b749c174b3ce3f928

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45983.exe

Filesize
468KB

MD5
7fe218c98fb97a68862348f271b2bca5

SHA1
89690092d7d7a9c91e66fd456e1397131f02c35f

SHA256
4ce1156f8cb7c96955c9ef8b6570d1721335e5ac7e1c1129ab23227e593d4e6c

SHA512
daec78b251a573e83af0df8162d0564707571e6b31cabfdb5224560cc3472f6df125bdf602b4eae141e826eb8a41e6d897166e5d4d03b292423466f261af9aec

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54127.exe

Filesize
468KB

MD5
995bec48e148f7f5fd548ee8c628ea54

SHA1
927250f02f792b822de4a6b9185ad08f09779630

SHA256
5a22ed426dfcd40d1ce3ffc9889c939a2c0208bd77b03a8a0ef91dfd5fce870a

SHA512
b43ce4bdc7d16270bea4bf2e279710d33937ad818b48cfbdc8338ea8e2d659133ecb79873769500b484fdc74a472b9ed5142dd376ca62b94e2993ee120c9cda9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8971.exe

Filesize
468KB

MD5
0d9a6bf42650d6b834a662037fa6829c

SHA1
4d1403b58cfd5ef9c1a3697a93d372336dbf553c

SHA256
ae0d5c1b2479b45b3b322d6c122bf57358ece1e910a4df50853c8f4e5f130a6c

SHA512
203ba979951a097695ebf86264e2e6492c7e69592e62573b5584154d424544b3af30f8dd4a8bb1d4a23ce04afd2a7ddc452e5c373969588c4645adc55bef31ec

Download Submit
memory/348-84-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/348-321-0x0000000002920000-0x0000000002995000-memory.dmp

Filesize
468KB

Download
memory/348-319-0x0000000002920000-0x0000000002995000-memory.dmp

Filesize
468KB

Download
memory/348-152-0x0000000003450000-0x00000000034C5000-memory.dmp

Filesize
468KB

Download
memory/348-148-0x0000000003450000-0x00000000034C5000-memory.dmp

Filesize
468KB

Download
memory/372-274-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/632-363-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/876-237-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/912-283-0x0000000002890000-0x0000000002905000-memory.dmp

Filesize
468KB

Download
memory/912-149-0x00000000033C0000-0x0000000003435000-memory.dmp

Filesize
468KB

Download
memory/912-281-0x0000000002890000-0x0000000002905000-memory.dmp

Filesize
468KB

Download
memory/912-76-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/912-150-0x00000000033C0000-0x0000000003435000-memory.dmp

Filesize
468KB

Download
memory/964-361-0x0000000003450000-0x00000000034C5000-memory.dmp

Filesize
468KB

Download
memory/1004-294-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1040-386-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1040-393-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1040-244-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1220-352-0x0000000002890000-0x0000000002905000-memory.dmp

Filesize
468KB

Download
memory/1220-101-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1220-193-0x0000000002890000-0x0000000002905000-memory.dmp

Filesize
468KB

Download
memory/1220-351-0x00000000033C0000-0x0000000003435000-memory.dmp

Filesize
468KB

Download
memory/1220-192-0x00000000033C0000-0x0000000003435000-memory.dmp

Filesize
468KB

Download
memory/1292-175-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1292-307-0x0000000002410000-0x0000000002485000-memory.dmp

Filesize
468KB

Download
memory/1292-298-0x0000000002410000-0x0000000002485000-memory.dmp

Filesize
468KB

Download
memory/1528-327-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1696-286-0x0000000002630000-0x00000000026A5000-memory.dmp

Filesize
468KB

Download
memory/1696-293-0x0000000002630000-0x00000000026A5000-memory.dmp

Filesize
468KB

Download
memory/1700-380-0x00000000025F0000-0x0000000002665000-memory.dmp

Filesize
468KB

Download
memory/1760-284-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1804-303-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1816-308-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1956-256-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1964-387-0x00000000024B0000-0x0000000002525000-memory.dmp

Filesize
468KB

Download
memory/1964-173-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2064-243-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2164-241-0x0000000001F60000-0x0000000001FD5000-memory.dmp

Filesize
468KB

Download
memory/2164-122-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2164-225-0x0000000001F60000-0x0000000001FD5000-memory.dmp

Filesize
468KB

Download
memory/2184-341-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2184-194-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2264-218-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2288-385-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2296-326-0x0000000001E40000-0x0000000001EB5000-memory.dmp

Filesize
468KB

Download
memory/2296-39-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2296-320-0x0000000001E40000-0x0000000001EB5000-memory.dmp

Filesize
468KB

Download
memory/2296-161-0x0000000001E40000-0x0000000001EB5000-memory.dmp

Filesize
468KB

Download
memory/2296-174-0x0000000001E40000-0x0000000001EB5000-memory.dmp

Filesize
468KB

Download
memory/2296-395-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2544-98-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2544-202-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2544-209-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2544-52-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2616-268-0x0000000002740000-0x00000000027B5000-memory.dmp

Filesize
468KB

Download
memory/2616-272-0x0000000002740000-0x00000000027B5000-memory.dmp

Filesize
468KB

Download
memory/2616-151-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2640-362-0x0000000002610000-0x0000000002685000-memory.dmp

Filesize
468KB

Download
memory/2640-38-0x0000000002610000-0x0000000002685000-memory.dmp

Filesize
468KB

Download
memory/2640-11-0x0000000002610000-0x0000000002685000-memory.dmp

Filesize
468KB

Download
memory/2640-302-0x0000000002610000-0x0000000002685000-memory.dmp

Filesize
468KB

Download
memory/2640-10-0x0000000002610000-0x0000000002685000-memory.dmp

Filesize
468KB

Download
memory/2640-171-0x0000000002610000-0x0000000002685000-memory.dmp

Filesize
468KB

Download
memory/2640-342-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2640-297-0x0000000002610000-0x0000000002685000-memory.dmp

Filesize
468KB

Download
memory/2640-160-0x0000000002610000-0x0000000002685000-memory.dmp

Filesize
468KB

Download
memory/2640-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2680-27-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2680-236-0x0000000001D30000-0x0000000001DA5000-memory.dmp

Filesize
468KB

Download
memory/2680-394-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2680-51-0x0000000001D30000-0x0000000001DA5000-memory.dmp

Filesize
468KB

Download
memory/2680-242-0x0000000001D30000-0x0000000001DA5000-memory.dmp

Filesize
468KB

Download
memory/2712-353-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2724-217-0x00000000028E0000-0x0000000002955000-memory.dmp

Filesize
468KB

Download
memory/2724-369-0x00000000028E0000-0x0000000002955000-memory.dmp

Filesize
468KB

Download
memory/2724-210-0x00000000028E0000-0x0000000002955000-memory.dmp

Filesize
468KB

Download
memory/2724-121-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2724-382-0x00000000028E0000-0x0000000002955000-memory.dmp

Filesize
468KB

Download
memory/2804-25-0x0000000001D60000-0x0000000001DD5000-memory.dmp

Filesize
468KB

Download
memory/2804-254-0x0000000001D60000-0x0000000001DD5000-memory.dmp

Filesize
468KB

Download
memory/2804-132-0x0000000001D60000-0x0000000001DD5000-memory.dmp

Filesize
468KB

Download
memory/2804-253-0x0000000001D60000-0x0000000001DD5000-memory.dmp

Filesize
468KB

Download
memory/2804-24-0x0000000001D60000-0x0000000001DD5000-memory.dmp

Filesize
468KB

Download
memory/2804-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2804-388-0x0000000001D60000-0x0000000001DD5000-memory.dmp

Filesize
468KB

Download
memory/2804-371-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2832-343-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2900-384-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3000-239-0x0000000002910000-0x0000000002985000-memory.dmp

Filesize
468KB

Download
memory/3000-389-0x0000000002910000-0x0000000002985000-memory.dmp

Filesize
468KB

Download
memory/3000-134-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3000-226-0x0000000002910000-0x0000000002985000-memory.dmp

Filesize
468KB

Download
memory/3012-65-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3012-238-0x0000000002670000-0x00000000026E5000-memory.dmp

Filesize
468KB

Download
memory/3012-228-0x0000000002670000-0x00000000026E5000-memory.dmp

Filesize
468KB

Download
memory/3052-322-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download