6fcc8b7b29fae2c8ba90990ac6ac5c01519a8a829e7a46068c6159218cb81169

Analysis

max time kernel
119s
max time network
117s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
02-10-2024 10:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6fcc8b7b29fae2c8ba90990ac6ac5c01519a8a829e7a46068c6159218cb81169N.exe
Size

468KB
MD5

a579d2c65d4e64e59930f651c642d7a0
SHA1

1fbbb6dd19f4e540a73e92d71607f1ec9952524c
SHA256

6fcc8b7b29fae2c8ba90990ac6ac5c01519a8a829e7a46068c6159218cb81169
SHA512

cbf5c2dbb979cccc6fa0dff71c9cf939c396998a0cf59f2eb28ada357c95f486129c44f337aeaece370ffeba10319ab5551726e42c08c076d4ba5aa36e249394
SSDEEP

3072:1bA0ogIdj05U4AYJP0bjff8/ECYFtIpCnmHexVpI0Av3upQVRwlI:1b3or8U4fPyjffh0oe0APCQVR

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1816	Unicorn-61251.exe
2180	Unicorn-25694.exe
2388	Unicorn-50753.exe
2808	Unicorn-18569.exe
2660	Unicorn-5247.exe
2664	Unicorn-64654.exe
2728	Unicorn-55003.exe
2548	Unicorn-18735.exe
2224	Unicorn-39709.exe
2360	Unicorn-43239.exe
2880	Unicorn-11874.exe
2008	Unicorn-5744.exe
1392	Unicorn-24681.exe
2764	Unicorn-44547.exe
2428	Unicorn-44282.exe
2924	Unicorn-52798.exe
2384	Unicorn-8236.exe
2980	Unicorn-45974.exe
1776	Unicorn-39652.exe
2960	Unicorn-41506.exe
600	Unicorn-12155.exe
1324	Unicorn-21086.exe
1960	Unicorn-4557.exe
2392	Unicorn-4557.exe
1732	Unicorn-50229.exe
2504	Unicorn-51712.exe
624	Unicorn-37976.exe
1564	Unicorn-29062.exe
2968	Unicorn-19825.exe
552	Unicorn-58397.exe
3044	Unicorn-7307.exe
984	Unicorn-47209.exe
1668	Unicorn-8214.exe
2440	Unicorn-43679.exe
1604	Unicorn-2092.exe
2472	Unicorn-31235.exe
2720	Unicorn-14152.exe
1304	Unicorn-45683.exe
2868	Unicorn-58200.exe
2292	Unicorn-1386.exe
2668	Unicorn-18874.exe
2204	Unicorn-43378.exe
2904	Unicorn-43378.exe
1032	Unicorn-1791.exe
1928	Unicorn-63244.exe
2280	Unicorn-30380.exe
1288	Unicorn-18682.exe
976	Unicorn-42632.exe
832	Unicorn-56922.exe
1636	Unicorn-65090.exe
960	Unicorn-54619.exe
780	Unicorn-54884.exe
1644	Unicorn-34272.exe
2524	Unicorn-3445.exe
2888	Unicorn-34080.exe
2892	Unicorn-25149.exe
2192	Unicorn-34080.exe
2184	Unicorn-24950.exe
2348	Unicorn-30550.exe
380	Unicorn-52170.exe
1764	Unicorn-63867.exe
2164	Unicorn-64422.exe
1716	Unicorn-14474.exe
1544	Unicorn-18293.exe

Loads dropped DLL 64 IoCs

pid	Process
1976	6fcc8b7b29fae2c8ba90990ac6ac5c01519a8a829e7a46068c6159218cb81169N.exe
1976	6fcc8b7b29fae2c8ba90990ac6ac5c01519a8a829e7a46068c6159218cb81169N.exe
1816	Unicorn-61251.exe
1816	Unicorn-61251.exe
1976	6fcc8b7b29fae2c8ba90990ac6ac5c01519a8a829e7a46068c6159218cb81169N.exe
1976	6fcc8b7b29fae2c8ba90990ac6ac5c01519a8a829e7a46068c6159218cb81169N.exe
2388	Unicorn-50753.exe
2388	Unicorn-50753.exe
2180	Unicorn-25694.exe
1976	6fcc8b7b29fae2c8ba90990ac6ac5c01519a8a829e7a46068c6159218cb81169N.exe
2180	Unicorn-25694.exe
1976	6fcc8b7b29fae2c8ba90990ac6ac5c01519a8a829e7a46068c6159218cb81169N.exe
1816	Unicorn-61251.exe
1816	Unicorn-61251.exe
2660	Unicorn-5247.exe
2660	Unicorn-5247.exe
2180	Unicorn-25694.exe
2180	Unicorn-25694.exe
2728	Unicorn-55003.exe
2728	Unicorn-55003.exe
2664	Unicorn-64654.exe
2664	Unicorn-64654.exe
1816	Unicorn-61251.exe
1816	Unicorn-61251.exe
2388	Unicorn-50753.exe
1976	6fcc8b7b29fae2c8ba90990ac6ac5c01519a8a829e7a46068c6159218cb81169N.exe
2808	Unicorn-18569.exe
2388	Unicorn-50753.exe
2808	Unicorn-18569.exe
1976	6fcc8b7b29fae2c8ba90990ac6ac5c01519a8a829e7a46068c6159218cb81169N.exe
2548	Unicorn-18735.exe
2660	Unicorn-5247.exe
2548	Unicorn-18735.exe
2660	Unicorn-5247.exe
2224	Unicorn-39709.exe
2224	Unicorn-39709.exe
2180	Unicorn-25694.exe
2180	Unicorn-25694.exe
2428	Unicorn-44282.exe
2428	Unicorn-44282.exe
1976	6fcc8b7b29fae2c8ba90990ac6ac5c01519a8a829e7a46068c6159218cb81169N.exe
1976	6fcc8b7b29fae2c8ba90990ac6ac5c01519a8a829e7a46068c6159218cb81169N.exe
2764	Unicorn-44547.exe
2764	Unicorn-44547.exe
2880	Unicorn-11874.exe
1392	Unicorn-24681.exe
1392	Unicorn-24681.exe
2880	Unicorn-11874.exe
2808	Unicorn-18569.exe
2808	Unicorn-18569.exe
2388	Unicorn-50753.exe
2664	Unicorn-64654.exe
2388	Unicorn-50753.exe
2664	Unicorn-64654.exe
2360	Unicorn-43239.exe
2360	Unicorn-43239.exe
2008	Unicorn-5744.exe
2008	Unicorn-5744.exe
2728	Unicorn-55003.exe
2728	Unicorn-55003.exe
1816	Unicorn-61251.exe
1816	Unicorn-61251.exe
2924	Unicorn-52798.exe
2924	Unicorn-52798.exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29240.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9589.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4518.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44306.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65090.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60611.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27770.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34080.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3666.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44575.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25239.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53520.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52094.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25149.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31640.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57019.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-924.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4518.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13183.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42733.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48924.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44836.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48924.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28304.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4557.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28813.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50891.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38634.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45282.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25130.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39652.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60611.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27770.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50753.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10976.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52634.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8831.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5048.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43545.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61871.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64882.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4518.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5048.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44306.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55678.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56122.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56817.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21800.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8478.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13183.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44306.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8811.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31244.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62370.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34840.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8831.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54749.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37976.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1386.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56122.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1934.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33796.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51398.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38369.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1976	6fcc8b7b29fae2c8ba90990ac6ac5c01519a8a829e7a46068c6159218cb81169N.exe
1816	Unicorn-61251.exe
2180	Unicorn-25694.exe
2388	Unicorn-50753.exe
2660	Unicorn-5247.exe
2808	Unicorn-18569.exe
2664	Unicorn-64654.exe
2728	Unicorn-55003.exe
2548	Unicorn-18735.exe
2224	Unicorn-39709.exe
2360	Unicorn-43239.exe
2764	Unicorn-44547.exe
2880	Unicorn-11874.exe
1392	Unicorn-24681.exe
2428	Unicorn-44282.exe
2008	Unicorn-5744.exe
2384	Unicorn-8236.exe
2924	Unicorn-52798.exe
2980	Unicorn-45974.exe
1776	Unicorn-39652.exe
2960	Unicorn-41506.exe
600	Unicorn-12155.exe
1732	Unicorn-50229.exe
2392	Unicorn-4557.exe
1960	Unicorn-4557.exe
1324	Unicorn-21086.exe
624	Unicorn-37976.exe
2504	Unicorn-51712.exe
1564	Unicorn-29062.exe
2968	Unicorn-19825.exe
552	Unicorn-58397.exe
3044	Unicorn-7307.exe
984	Unicorn-47209.exe
1668	Unicorn-8214.exe
2440	Unicorn-43679.exe
1604	Unicorn-2092.exe
2472	Unicorn-31235.exe
2720	Unicorn-14152.exe
1304	Unicorn-45683.exe
2868	Unicorn-58200.exe
2292	Unicorn-1386.exe
2668	Unicorn-18874.exe
1032	Unicorn-1791.exe
2204	Unicorn-43378.exe
1928	Unicorn-63244.exe
2904	Unicorn-43378.exe
832	Unicorn-56922.exe
2280	Unicorn-30380.exe
1288	Unicorn-18682.exe
976	Unicorn-42632.exe
1636	Unicorn-65090.exe
960	Unicorn-54619.exe
780	Unicorn-54884.exe
1644	Unicorn-34272.exe
2892	Unicorn-25149.exe
2524	Unicorn-3445.exe
2888	Unicorn-34080.exe
2192	Unicorn-34080.exe
2184	Unicorn-24950.exe
2348	Unicorn-30550.exe
380	Unicorn-52170.exe
1764	Unicorn-63867.exe
1716	Unicorn-14474.exe
2164	Unicorn-64422.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1976 wrote to memory of 1816	1976	6fcc8b7b29fae2c8ba90990ac6ac5c01519a8a829e7a46068c6159218cb81169N.exe	31
PID 1976 wrote to memory of 1816	1976	6fcc8b7b29fae2c8ba90990ac6ac5c01519a8a829e7a46068c6159218cb81169N.exe	31
PID 1976 wrote to memory of 1816	1976	6fcc8b7b29fae2c8ba90990ac6ac5c01519a8a829e7a46068c6159218cb81169N.exe	31
PID 1976 wrote to memory of 1816	1976	6fcc8b7b29fae2c8ba90990ac6ac5c01519a8a829e7a46068c6159218cb81169N.exe	31
PID 1816 wrote to memory of 2180	1816	Unicorn-61251.exe	32
PID 1816 wrote to memory of 2180	1816	Unicorn-61251.exe	32
PID 1816 wrote to memory of 2180	1816	Unicorn-61251.exe	32
PID 1816 wrote to memory of 2180	1816	Unicorn-61251.exe	32
PID 1976 wrote to memory of 2388	1976	6fcc8b7b29fae2c8ba90990ac6ac5c01519a8a829e7a46068c6159218cb81169N.exe	33
PID 1976 wrote to memory of 2388	1976	6fcc8b7b29fae2c8ba90990ac6ac5c01519a8a829e7a46068c6159218cb81169N.exe	33
PID 1976 wrote to memory of 2388	1976	6fcc8b7b29fae2c8ba90990ac6ac5c01519a8a829e7a46068c6159218cb81169N.exe	33
PID 1976 wrote to memory of 2388	1976	6fcc8b7b29fae2c8ba90990ac6ac5c01519a8a829e7a46068c6159218cb81169N.exe	33
PID 2388 wrote to memory of 2808	2388	Unicorn-50753.exe	34
PID 2388 wrote to memory of 2808	2388	Unicorn-50753.exe	34
PID 2388 wrote to memory of 2808	2388	Unicorn-50753.exe	34
PID 2388 wrote to memory of 2808	2388	Unicorn-50753.exe	34
PID 2180 wrote to memory of 2660	2180	Unicorn-25694.exe	35
PID 2180 wrote to memory of 2660	2180	Unicorn-25694.exe	35
PID 2180 wrote to memory of 2660	2180	Unicorn-25694.exe	35
PID 2180 wrote to memory of 2660	2180	Unicorn-25694.exe	35
PID 1976 wrote to memory of 2664	1976	6fcc8b7b29fae2c8ba90990ac6ac5c01519a8a829e7a46068c6159218cb81169N.exe	36
PID 1976 wrote to memory of 2664	1976	6fcc8b7b29fae2c8ba90990ac6ac5c01519a8a829e7a46068c6159218cb81169N.exe	36
PID 1976 wrote to memory of 2664	1976	6fcc8b7b29fae2c8ba90990ac6ac5c01519a8a829e7a46068c6159218cb81169N.exe	36
PID 1976 wrote to memory of 2664	1976	6fcc8b7b29fae2c8ba90990ac6ac5c01519a8a829e7a46068c6159218cb81169N.exe	36
PID 1816 wrote to memory of 2728	1816	Unicorn-61251.exe	37
PID 1816 wrote to memory of 2728	1816	Unicorn-61251.exe	37
PID 1816 wrote to memory of 2728	1816	Unicorn-61251.exe	37
PID 1816 wrote to memory of 2728	1816	Unicorn-61251.exe	37
PID 2660 wrote to memory of 2548	2660	Unicorn-5247.exe	38
PID 2660 wrote to memory of 2548	2660	Unicorn-5247.exe	38
PID 2660 wrote to memory of 2548	2660	Unicorn-5247.exe	38
PID 2660 wrote to memory of 2548	2660	Unicorn-5247.exe	38
PID 2180 wrote to memory of 2224	2180	Unicorn-25694.exe	39
PID 2180 wrote to memory of 2224	2180	Unicorn-25694.exe	39
PID 2180 wrote to memory of 2224	2180	Unicorn-25694.exe	39
PID 2180 wrote to memory of 2224	2180	Unicorn-25694.exe	39
PID 2728 wrote to memory of 2360	2728	Unicorn-55003.exe	40
PID 2728 wrote to memory of 2360	2728	Unicorn-55003.exe	40
PID 2728 wrote to memory of 2360	2728	Unicorn-55003.exe	40
PID 2728 wrote to memory of 2360	2728	Unicorn-55003.exe	40
PID 2664 wrote to memory of 2880	2664	Unicorn-64654.exe	41
PID 2664 wrote to memory of 2880	2664	Unicorn-64654.exe	41
PID 2664 wrote to memory of 2880	2664	Unicorn-64654.exe	41
PID 2664 wrote to memory of 2880	2664	Unicorn-64654.exe	41
PID 1816 wrote to memory of 2008	1816	Unicorn-61251.exe	42
PID 1816 wrote to memory of 2008	1816	Unicorn-61251.exe	42
PID 1816 wrote to memory of 2008	1816	Unicorn-61251.exe	42
PID 1816 wrote to memory of 2008	1816	Unicorn-61251.exe	42
PID 2388 wrote to memory of 1392	2388	Unicorn-50753.exe	43
PID 2388 wrote to memory of 1392	2388	Unicorn-50753.exe	43
PID 2388 wrote to memory of 1392	2388	Unicorn-50753.exe	43
PID 2388 wrote to memory of 1392	2388	Unicorn-50753.exe	43
PID 2808 wrote to memory of 2764	2808	Unicorn-18569.exe	45
PID 2808 wrote to memory of 2764	2808	Unicorn-18569.exe	45
PID 2808 wrote to memory of 2764	2808	Unicorn-18569.exe	45
PID 2808 wrote to memory of 2764	2808	Unicorn-18569.exe	45
PID 1976 wrote to memory of 2428	1976	6fcc8b7b29fae2c8ba90990ac6ac5c01519a8a829e7a46068c6159218cb81169N.exe	44
PID 1976 wrote to memory of 2428	1976	6fcc8b7b29fae2c8ba90990ac6ac5c01519a8a829e7a46068c6159218cb81169N.exe	44
PID 1976 wrote to memory of 2428	1976	6fcc8b7b29fae2c8ba90990ac6ac5c01519a8a829e7a46068c6159218cb81169N.exe	44
PID 1976 wrote to memory of 2428	1976	6fcc8b7b29fae2c8ba90990ac6ac5c01519a8a829e7a46068c6159218cb81169N.exe	44
PID 2548 wrote to memory of 2924	2548	Unicorn-18735.exe	46
PID 2548 wrote to memory of 2924	2548	Unicorn-18735.exe	46
PID 2548 wrote to memory of 2924	2548	Unicorn-18735.exe	46
PID 2548 wrote to memory of 2924	2548	Unicorn-18735.exe	46

C:\Users\Admin\AppData\Local\Temp\6fcc8b7b29fae2c8ba90990ac6ac5c01519a8a829e7a46068c6159218cb81169N.exe
"C:\Users\Admin\AppData\Local\Temp\6fcc8b7b29fae2c8ba90990ac6ac5c01519a8a829e7a46068c6159218cb81169N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1976
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61251.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61251.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25694.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25694.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5247.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18735.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52798.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47209.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63867.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19942.exe
        9⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45282.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27813.exe
        9⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52094.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7284.exe
        8⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10568.exe
        8⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25428.exe
        8⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28304.exe
        8⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44836.exe
        8⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64422.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17363.exe
        8⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14892.exe
        8⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9490.exe
        8⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43545.exe
        8⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44836.exe
        8⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44782.exe
        7⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38577.exe
        7⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45776.exe
        7⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53520.exe
        7⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44836.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43679.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22643.exe
        7⤵
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8968.exe
        8⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26491.exe
        9⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18976.exe
        9⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9490.exe
        9⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4518.exe
        9⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34637.exe
        8⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10568.exe
        8⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8831.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4518.exe
        8⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50891.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36195.exe
        8⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62370.exe
        8⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44575.exe
        8⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13183.exe
        8⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44306.exe
        8⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-215.exe
        7⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16433.exe
        7⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49926.exe
        7⤵
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45370.exe
        7⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23305.exe
        7⤵
        
        PID:6228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32656.exe
        6⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34934.exe
        7⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62370.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9589.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48924.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27770.exe
        7⤵
        
        PID:6220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38369.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7768.exe
        6⤵
        
        PID:3760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1454.exe
        6⤵
        
        PID:640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48343.exe
        6⤵
        
        PID:5956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17970.exe
        6⤵
        
        PID:6196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8236.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52170.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1934.exe
        7⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44025.exe
        7⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33796.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44306.exe
        7⤵
        
        PID:6212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21019.exe
        6⤵
        
        PID:1700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16433.exe
        6⤵
        
        PID:3252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58303.exe
        6⤵
        
        PID:4524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53520.exe
        6⤵
        
        PID:5240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8214.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14474.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28813.exe
        7⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21800.exe
        8⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36023.exe
        8⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33796.exe
        8⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44306.exe
        8⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45982.exe
        7⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5131.exe
        7⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33298.exe
        7⤵
        
        PID:5452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32145.exe
        6⤵
        
        PID:1696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51597.exe
        6⤵
        
        PID:3468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45776.exe
        6⤵
        
        PID:4208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53520.exe
        6⤵
        
        PID:4588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18293.exe
        5⤵
        Executes dropped EXE
        
        PID:1544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47103.exe
        6⤵
        
        PID:2092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62370.exe
        6⤵
        
        PID:3636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57019.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60081.exe
        6⤵
        
        PID:6132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27770.exe
        6⤵
        
        PID:5812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13751.exe
        5⤵
        
        PID:2992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56770.exe
        5⤵
        
        PID:3244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-696.exe
        5⤵
        
        PID:5052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4130.exe
        5⤵
        
        PID:5480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63087.exe
        5⤵
        
        PID:6432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39709.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39709.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45974.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2092.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46955.exe
        7⤵
        
        PID:292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19065.exe
        8⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45282.exe
        8⤵
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27813.exe
        8⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52971.exe
        8⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56568.exe
        7⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65161.exe
        7⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50440.exe
        7⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4518.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51572.exe
        6⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51571.exe
        7⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62370.exe
        7⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7050.exe
        7⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60081.exe
        7⤵
        
        PID:6124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59282.exe
        6⤵
        
        PID:844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7768.exe
        6⤵
        
        PID:3696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37683.exe
        6⤵
        
        PID:4300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25661.exe
        6⤵
        
        PID:4464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23305.exe
        6⤵
        
        PID:5892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31235.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48107.exe
        6⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34934.exe
        7⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61384.exe
        7⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44025.exe
        7⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13183.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26936.exe
        6⤵
        
        PID:1296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10568.exe
        6⤵
        
        PID:3004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62884.exe
        6⤵
        
        PID:4196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43545.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44836.exe
        6⤵
        
        PID:6496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37701.exe
        5⤵
        
        PID:2084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56122.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62370.exe
        6⤵
        
        PID:3644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57019.exe
        6⤵
        
        PID:1496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13183.exe
        6⤵
        
        PID:4884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44306.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56817.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3684.exe
        5⤵
        
        PID:4048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49167.exe
        5⤵
        
        PID:5068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5048.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39652.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39652.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14152.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42871.exe
        6⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64181.exe
        7⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22645.exe
        7⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44575.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13183.exe
        7⤵
        
        PID:5280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20880.exe
        6⤵
        
        PID:1252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10568.exe
        6⤵
        
        PID:3908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1431.exe
        6⤵
        
        PID:4348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25130.exe
        6⤵
        
        PID:1652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7350.exe
        6⤵
        
        PID:6780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55678.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11197.exe
        6⤵
        
        PID:1820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59017.exe
        6⤵
        
        PID:3008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33679.exe
        6⤵
        
        PID:4116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23885.exe
        6⤵
        
        PID:6828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14195.exe
        5⤵
        
        PID:1548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56217.exe
        5⤵
        
        PID:4068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8478.exe
        5⤵
        
        PID:4916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57280.exe
        5⤵
        
        PID:5904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45683.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45683.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43639.exe
        5⤵
        
        PID:2688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24073.exe
        6⤵
        
        PID:2356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-933.exe
        6⤵
        
        PID:4120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27813.exe
        6⤵
        
        PID:4876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52971.exe
        6⤵
        
        PID:5760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45048.exe
        5⤵
        
        PID:2060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7268.exe
        5⤵
        
        PID:4336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60081.exe
        5⤵
        
        PID:3064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27770.exe
        5⤵
        
        PID:6204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8943.exe
      4⤵
      PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21800.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42733.exe
        5⤵
        
        PID:4576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3209.exe
        5⤵
        
        PID:6024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44306.exe
        5⤵
        
        PID:6244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61871.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61871.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54199.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54199.exe
      4⤵
      PID:4544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49054.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49054.exe
      4⤵
      PID:5520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17970.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17970.exe
      4⤵
      PID:6188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55003.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55003.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43239.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29062.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10561.exe
        6⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9962.exe
        7⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10568.exe
        7⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8831.exe
        7⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4518.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42940.exe
        6⤵
        
        PID:5932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43378.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55590.exe
        6⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34410.exe
        7⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3625.exe
        7⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13183.exe
        7⤵
        
        PID:5208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1934.exe
        6⤵
        
        PID:3388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35857.exe
        6⤵
        
        PID:4648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41964.exe
        6⤵
        
        PID:5444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5111.exe
        5⤵
        
        PID:1072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17917.exe
        6⤵
        
        PID:4584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65166.exe
        6⤵
        
        PID:6392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21534.exe
        5⤵
        
        PID:3292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53669.exe
        5⤵
        
        PID:4552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53520.exe
        5⤵
        
        PID:5136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44836.exe
        5⤵
        
        PID:6464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58397.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58397.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30380.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28813.exe
        6⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59162.exe
        7⤵
        
        PID:5796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55385.exe
        6⤵
        
        PID:3860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48576.exe
        6⤵
        
        PID:4264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60081.exe
        6⤵
        
        PID:6140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27770.exe
        6⤵
        
        PID:6148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41427.exe
        5⤵
        
        PID:2860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2945.exe
        6⤵
        
        PID:5864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65036.exe
        5⤵
        
        PID:3820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54441.exe
        5⤵
        
        PID:4240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4518.exe
        5⤵
        
        PID:5544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27770.exe
        5⤵
        
        PID:6156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65090.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11241.exe
        5⤵
        
        PID:1752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62599.exe
        6⤵
        
        PID:4656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46868.exe
        6⤵
        
        PID:5716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24003.exe
        5⤵
        
        PID:3976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-825.exe
        5⤵
        
        PID:5080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53520.exe
        5⤵
        
        PID:4752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44836.exe
        5⤵
        
        PID:6472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10976.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34758.exe
        5⤵
        
        PID:3672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34840.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3209.exe
        5⤵
        
        PID:6100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56917.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56917.exe
      4⤵
      PID:3300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37133.exe
      4⤵
      PID:4536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5048.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5048.exe
      4⤵
      PID:4376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2885.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2885.exe
      4⤵
      PID:6448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5744.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5744.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19825.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19825.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63244.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65403.exe
        6⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-310.exe
        7⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30289.exe
        7⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3209.exe
        7⤵
        
        PID:6084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1934.exe
        6⤵
        
        PID:3348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56469.exe
        6⤵
        
        PID:4452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46140.exe
        6⤵
        
        PID:5688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40192.exe
        5⤵
        
        PID:2588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21800.exe
        6⤵
        
        PID:3624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22121.exe
        6⤵
        
        PID:4716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7318.exe
        6⤵
        
        PID:5504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52971.exe
        6⤵
        
        PID:5780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15669.exe
        5⤵
        
        PID:3332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28401.exe
        5⤵
        
        PID:4700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4518.exe
        5⤵
        
        PID:5568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51398.exe
        5⤵
        
        PID:6408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18682.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18682.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16011.exe
        5⤵
        
        PID:2152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10268.exe
        6⤵
        
        PID:3952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9490.exe
        6⤵
        
        PID:5092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4518.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27770.exe
        6⤵
        
        PID:5764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52592.exe
        5⤵
        
        PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54441.exe
        5⤵
        
        PID:4248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25130.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7350.exe
        5⤵
        
        PID:6772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8811.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8811.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56122.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62370.exe
        5⤵
        
        PID:4084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2966.exe
        5⤵
        
        PID:5032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46140.exe
        5⤵
        
        PID:5696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31244.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31244.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-908.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-908.exe
      4⤵
      PID:4056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25239.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5048.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5048.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23305.exe
      4⤵
      PID:5692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7307.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7307.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54884.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54884.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28813.exe
        5⤵
        
        PID:2300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37835.exe
        6⤵
        
        PID:3768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54109.exe
        6⤵
        
        PID:5016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7318.exe
        6⤵
        
        PID:5512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32551.exe
        6⤵
        
        PID:6400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62318.exe
        5⤵
        
        PID:3704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56469.exe
        5⤵
        
        PID:4468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33796.exe
        5⤵
        
        PID:5192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44306.exe
        5⤵
        
        PID:6180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8947.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8947.exe
      4⤵
      PID:2436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-310.exe
        5⤵
        
        PID:3532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8800.exe
        5⤵
        
        PID:4624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3209.exe
        5⤵
        
        PID:6116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44306.exe
        5⤵
        
        PID:5816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59717.exe
      4⤵
      PID:3316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49890.exe
      4⤵
      PID:4776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4518.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4518.exe
      4⤵
      PID:5560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51398.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51398.exe
      4⤵
      PID:6560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25149.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25149.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28813.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28813.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16495.exe
        5⤵
        
        PID:5712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12950.exe
        5⤵
        
        PID:6804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42940.exe
      4⤵
      PID:3220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48576.exe
      4⤵
      PID:4284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13183.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13183.exe
      4⤵
      PID:5292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2396.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2396.exe
      4⤵
      PID:6720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48271.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48271.exe
    3⤵
    PID:2480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21800.exe
      4⤵
      PID:3604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42733.exe
      4⤵
      PID:4568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62676.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62676.exe
      4⤵
      PID:5740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57447.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57447.exe
    3⤵
    PID:3444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32668.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32668.exe
    3⤵
    PID:4508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6963.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6963.exe
    3⤵
    PID:5460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1750.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1750.exe
    3⤵
    PID:6712
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50753.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50753.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18569.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18569.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21086.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34080.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22918.exe
        7⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-310.exe
        8⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21244.exe
        8⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28122.exe
        8⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52971.exe
        8⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1934.exe
        7⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56469.exe
        7⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13183.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44306.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31640.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38634.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62370.exe
        7⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25013.exe
        7⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27770.exe
        7⤵
        
        PID:4008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42016.exe
        6⤵
        
        PID:2576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16433.exe
        6⤵
        
        PID:3640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25544.exe
        6⤵
        
        PID:5100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23305.exe
        6⤵
        
        PID:2640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30550.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11241.exe
        6⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20579.exe
        7⤵
        
        PID:5732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16433.exe
        6⤵
        
        PID:3832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54219.exe
        6⤵
        
        PID:4292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53520.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44836.exe
        6⤵
        
        PID:6524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55656.exe
        5⤵
        
        PID:752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55991.exe
        6⤵
        
        PID:5668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12950.exe
        6⤵
        
        PID:6764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21203.exe
        5⤵
        
        PID:3944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29240.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33829.exe
        5⤵
        
        PID:5496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50229.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50229.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34272.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16011.exe
        6⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43019.exe
        7⤵
        
        PID:748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-310.exe
        8⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30010.exe
        8⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48924.exe
        8⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51398.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45982.exe
        7⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34979.exe
        7⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50132.exe
        7⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22816.exe
        7⤵
        
        PID:5652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55826.exe
        6⤵
        
        PID:568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10568.exe
        6⤵
        
        PID:3588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1431.exe
        6⤵
        
        PID:4388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25130.exe
        6⤵
        
        PID:4904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7350.exe
        6⤵
        
        PID:6796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19580.exe
        5⤵
        
        PID:1916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58587.exe
        6⤵
        
        PID:2528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62370.exe
        6⤵
        
        PID:3808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34094.exe
        6⤵
        
        PID:4940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3807.exe
        6⤵
        
        PID:5964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27770.exe
        6⤵
        
        PID:6164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45633.exe
        5⤵
        
        PID:2592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16433.exe
        5⤵
        
        PID:3440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58303.exe
        5⤵
        
        PID:4408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60611.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3445.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6345.exe
        5⤵
        
        PID:2648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62370.exe
        5⤵
        
        PID:3764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9589.exe
        5⤵
        
        PID:4184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48924.exe
        5⤵
        
        PID:6036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27770.exe
        5⤵
        
        PID:5824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6080.exe
      4⤵
      PID:1984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7768.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7768.exe
      4⤵
      PID:3856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25239.exe
      4⤵
      PID:4812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5048.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5048.exe
      4⤵
      PID:4280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23305.exe
      4⤵
      PID:5636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24681.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24681.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4557.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10561.exe
        5⤵
        
        PID:1612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21800.exe
        6⤵
        
        PID:3556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42733.exe
        6⤵
        
        PID:4528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3209.exe
        6⤵
        
        PID:6092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44306.exe
        6⤵
        
        PID:5852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1559.exe
        5⤵
        
        PID:2124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64882.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25013.exe
        5⤵
        
        PID:4100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27770.exe
        5⤵
        
        PID:5792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43378.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31086.exe
        5⤵
        
        PID:1128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21800.exe
        6⤵
        
        PID:3540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56443.exe
        6⤵
        
        PID:4864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13183.exe
        6⤵
        
        PID:4128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44306.exe
        6⤵
        
        PID:5900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1934.exe
        5⤵
        
        PID:3364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56469.exe
        5⤵
        
        PID:4488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13183.exe
        5⤵
        
        PID:5116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44306.exe
        5⤵
        
        PID:5876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50804.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50804.exe
      4⤵
      PID:1480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43547.exe
        5⤵
        
        PID:5300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7605.exe
        5⤵
        
        PID:6836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45.exe
      4⤵
      PID:3456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19735.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19735.exe
      4⤵
      PID:4692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60611.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46932.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46932.exe
      4⤵
      PID:6752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51712.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51712.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42632.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11241.exe
        5⤵
        
        PID:1672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25807.exe
        6⤵
        
        PID:4708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37796.exe
        6⤵
        
        PID:1968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47106.exe
        6⤵
        
        PID:6260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1934.exe
        5⤵
        
        PID:3340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62308.exe
        5⤵
        
        PID:4848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4518.exe
        5⤵
        
        PID:5584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27770.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3666.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3666.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51597.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51597.exe
      4⤵
      PID:3520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45776.exe
      4⤵
      PID:4200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8595.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8595.exe
      4⤵
      PID:5248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44836.exe
      4⤵
      PID:6504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54619.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54619.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28813.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28813.exe
      4⤵
      PID:2176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21800.exe
        5⤵
        
        PID:3752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37004.exe
        5⤵
        
        PID:4948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62676.exe
        5⤵
        
        PID:5656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58234.exe
      4⤵
      PID:3648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56469.exe
      4⤵
      PID:4444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13183.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13183.exe
      4⤵
      PID:5428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19882.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19882.exe
    3⤵
    PID:2460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2360.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2360.exe
      4⤵
      PID:3844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34840.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34840.exe
      4⤵
      PID:4232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26835.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26835.exe
      4⤵
      PID:5188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52634.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52634.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54199.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54199.exe
    3⤵
    PID:4560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33745.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33745.exe
    3⤵
    PID:5972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45797.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45797.exe
    3⤵
    PID:6732
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64654.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64654.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11874.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11874.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4557.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10561.exe
        5⤵
        
        PID:1584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21800.exe
        6⤵
        
        PID:3548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56443.exe
        6⤵
        
        PID:4840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13183.exe
        6⤵
        
        PID:5388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8658.exe
        5⤵
        
        PID:2068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64882.exe
        5⤵
        
        PID:788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25013.exe
        5⤵
        
        PID:756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7350.exe
        5⤵
        
        PID:6788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18874.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2650.exe
        5⤵
        
        PID:2944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45732.exe
        5⤵
        
        PID:3616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54441.exe
        5⤵
        
        PID:4256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43545.exe
        5⤵
        
        PID:6044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2926.exe
        5⤵
        
        PID:6416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2213.exe
      4⤵
      PID:1428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35837.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35837.exe
      4⤵
      PID:3812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45776.exe
      4⤵
      PID:912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53520.exe
      4⤵
      PID:4672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37976.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37976.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1791.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1791.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18410.exe
        5⤵
        
        PID:2336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16433.exe
        5⤵
        
        PID:3480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58303.exe
        5⤵
        
        PID:4432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53520.exe
        5⤵
        
        PID:5304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2926.exe
        5⤵
        
        PID:6440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61848.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61848.exe
      4⤵
      PID:2804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21541.exe
        5⤵
        
        PID:4760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40344.exe
        5⤵
        
        PID:5804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26685.exe
        5⤵
        
        PID:6740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16433.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16433.exe
      4⤵
      PID:3596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58303.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58303.exe
      4⤵
      PID:4428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53520.exe
      4⤵
      PID:5312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24415.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24415.exe
      4⤵
      PID:6480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56922.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56922.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43639.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43639.exe
      4⤵
      PID:2792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36195.exe
        5⤵
        
        PID:1504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62370.exe
        5⤵
        
        PID:3288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61103.exe
        5⤵
        
        PID:4416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60081.exe
        5⤵
        
        PID:5340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51398.exe
        5⤵
        
        PID:6604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52017.exe
      4⤵
      PID:2536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10568.exe
      4⤵
      PID:3256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8831.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8831.exe
      4⤵
      PID:4988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4518.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4518.exe
      4⤵
      PID:5592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51398.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51398.exe
      4⤵
      PID:6572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63794.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63794.exe
    3⤵
    PID:2812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16433.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16433.exe
      4⤵
      PID:3464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58303.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58303.exe
      4⤵
      PID:4516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53520.exe
      4⤵
      PID:5360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18603.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18603.exe
    3⤵
    PID:1620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56770.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56770.exe
    3⤵
    PID:3748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54749.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54749.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33745.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33745.exe
    3⤵
    PID:5948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22170.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22170.exe
    3⤵
    PID:6276
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44282.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44282.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41506.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41506.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58200.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58200.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10473.exe
        5⤵
        
        PID:2492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-310.exe
        6⤵
        
        PID:3484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8800.exe
        6⤵
        
        PID:4640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3209.exe
        6⤵
        
        PID:5980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45982.exe
        5⤵
        
        PID:3228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21344.exe
        5⤵
        
        PID:4936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32388.exe
        5⤵
        
        PID:6072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2926.exe
        5⤵
        
        PID:6424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56913.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56913.exe
      4⤵
      PID:2500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-310.exe
        5⤵
        
        PID:3508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8800.exe
        5⤵
        
        PID:4632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3209.exe
        5⤵
        
        PID:6104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15669.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15669.exe
      4⤵
      PID:3324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53643.exe
      4⤵
      PID:4832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53520.exe
      4⤵
      PID:5152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44836.exe
      4⤵
      PID:6456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1386.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1386.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34511.exe
      4⤵
      PID:2268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63522.exe
        5⤵
        
        PID:1052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62370.exe
        5⤵
        
        PID:3780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25013.exe
        5⤵
        
        PID:524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27770.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18768.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18768.exe
      4⤵
      PID:2952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10568.exe
      4⤵
      PID:3880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-924.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-924.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28304.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28304.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44836.exe
      4⤵
      PID:6540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9304.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9304.exe
    3⤵
    PID:1972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2837.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2837.exe
      4⤵
      PID:1008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21800.exe
        5⤵
        
        PID:3524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42733.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7318.exe
        5⤵
        
        PID:5488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52971.exe
        5⤵
        
        PID:5952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1934.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1934.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56469.exe
      4⤵
      PID:4496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13183.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13183.exe
      4⤵
      PID:4680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44306.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44306.exe
      4⤵
      PID:5772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18799.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18799.exe
    3⤵
    PID:1836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56217.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56217.exe
    3⤵
    PID:4108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8478.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8478.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23346.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23346.exe
    3⤵
    PID:5628
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12155.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12155.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34080.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34080.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33665.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33665.exe
      4⤵
      PID:1640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11197.exe
        5⤵
        
        PID:396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62370.exe
        5⤵
        
        PID:3736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57019.exe
        5⤵
        
        PID:4188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33796.exe
        5⤵
        
        PID:5224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44306.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27704.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27704.exe
      4⤵
      PID:2676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10568.exe
      4⤵
      PID:4088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8831.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8831.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4518.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4518.exe
      4⤵
      PID:5536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51398.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51398.exe
      4⤵
      PID:6596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13799.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13799.exe
    3⤵
    PID:1592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36662.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36662.exe
      4⤵
      PID:2424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62370.exe
      4⤵
      PID:3268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44575.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44575.exe
      4⤵
      PID:4620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13183.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13183.exe
      4⤵
      PID:4900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37247.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37247.exe
    3⤵
    PID:3060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64882.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64882.exe
    3⤵
    PID:476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25013.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25013.exe
    3⤵
    PID:4164
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24950.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24950.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51763.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51763.exe
    3⤵
    PID:1264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62370.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62370.exe
    3⤵
    PID:3208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30010.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30010.exe
    3⤵
    PID:4920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48924.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48924.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51398.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51398.exe
    3⤵
    PID:6588
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10306.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10306.exe
  2⤵
  PID:2948
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52304.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52304.exe
  2⤵
  PID:3904
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15439.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15439.exe
  2⤵
  PID:4728
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47919.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47919.exe
  2⤵
  PID:5472
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59779.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59779.exe
  2⤵
  PID:6876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11874.exe

Filesize
468KB

MD5
66ed12bf2b54d4bd361ecf4f234ad6d3

SHA1
e558ef4e341b88c7f1f44b87880b9b7d050c8aac

SHA256
c44ff97d5d8a0ca27e12ad44756beb1a71865ec3bb9382ebaf09f67c9e7dde18

SHA512
4dafa077cb96ac4bdb6aaf74710071399f993c3d160057064fe5d3e72ffcfa9bb8c0a31b96242bed9fc2561da28f469c816213632e7d382b13b07d3031676441

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12869.exe

Filesize
1B

MD5
93b885adfe0da089cdf634904fd59f71

SHA1
5ba93c9db0cff93f52b521d7420e43f6eda2784f

SHA256
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

SHA512
b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe

Filesize
468KB

MD5
8a8b778b16d75f5aac3a787ef46a4873

SHA1
db2774e8d0174735fdcb15c65145bcb95b4e4c5b

SHA256
921cfd598021b4a0945c1a0a99bff1698537d1c659c0b32554bcd77e72ab2eec

SHA512
db379ae4bf5dbd8c0101b67f023e459c2795263ed51c634872820488f494654873c758c235f987c53991ec7910b3f98ebc899ad7f9a42cf72c21484ce38d3e14

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18569.exe

Filesize
468KB

MD5
b6441b5313342f840fdc331bddfa804d

SHA1
3696f59754d37b6f6fc7ed65645c6ec771769989

SHA256
4e7d378c7d10b6e3b2b782f3c36454456990b30eaa4888774bf0c012e543273b

SHA512
de8380fa0741353089beb5d83bae2dace3d2e831965a691a081be26ed6a5f46c005d7b96db9f56017b2a3d492eb9e87ba9d56a9965042ee2375d10c2eba2091b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18735.exe

Filesize
468KB

MD5
c18c84f7a0d47c032c5ece935cbf0fe8

SHA1
23648fef69867cdd0d254cc7f2f74f4569bec503

SHA256
c70143888f6ade3e13dba6244d673bb91ae6e34d4a44ee565b4ed20f5c4173e7

SHA512
c5e8d16ae6132b139de431951080c00891fbba7bdbdc0a8d0cef33c37f628aac8ae3efe0f7bd21e1bbe33b57a2cfdd1b3f7e27d11f8fa90331ab3498ff3158c5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24681.exe

Filesize
468KB

MD5
705606c9d1a323525345c4ba507a5ca1

SHA1
862f4efa3cb2363577cf515aa0723c484328ac10

SHA256
9cd9f991335eae76ddc7b094ea5aee488b9ae3c767ce49fe6144451cc05a13c6

SHA512
a74e427e1ac6498ae8ff395c216de46aca377481ebcfd3c2bd7f763156a88139a2b92727b810a2918f64cc67b6d3cc9b681ed4232554adc07e10564741647d68

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25694.exe

Filesize
468KB

MD5
60f7cae5d8789872dd84f04d4873472b

SHA1
bc091d60826318049194e3abe5199a5603e421ac

SHA256
2c0ce8757746337e8957c0ee0966d0ae833bafd4c6e55fb85995bb3b458aefc3

SHA512
448771f349f7d865bff7941fc8462fad64436b231cf6c5db0ec359cb0468b1189da8c82f8ddf8925996a180f14099c9067bc7fcb7e84ed888290dbc4a603e25e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39652.exe

Filesize
468KB

MD5
bc969b1ca6f65d7251bd7eaa5cd6370d

SHA1
54b4acf34d09b3cfde87eb2bd6f8b38abd783d6d

SHA256
421d8a67279c8ede3bfb5796096ddefe60e53517bacc9e786cddd5c668ec7118

SHA512
53247176b24611e43673ddf94ada1de65903410a3b1d250486e8e8bb6791c0ea715adcc21b86c638cd21286d25d274bc3de31277229e3db36186bdfa91e62abb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39709.exe

Filesize
468KB

MD5
faa06164c0e881f7df5abcfd8d670e31

SHA1
98153e6ae28723918236454ef4d983a757eb49e2

SHA256
8e3bb94a793b435044718fe8c213b9ad46e34c9472f49fddc4a5d2a88ab97aec

SHA512
b6981b18fc7c324c190751dadedef1270720bb20924ac1a46b821568c73fe3dcfbac090b3b28b3cd6763920c689a62ed15adc2e806d17e03acac6341017d7cba

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43239.exe

Filesize
468KB

MD5
26ea16fe0a27e8fff337248aabfcfbdc

SHA1
ef329ccec73a03304f5626a10ca7fb0f5ebc3dbf

SHA256
567b7d6cb9bc382d8a993c25dfa60aabdb075ed234e205b752521da8b29f8ff1

SHA512
cf7b9351ef87053256f546e3b6481ca91209757dac2fae3d0eeeb092c0f87e948f0c280f40bb9a63e2da4425ebfe1de5b9660ff4beaf19ad3e7849662752396c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44282.exe

Filesize
468KB

MD5
40e138454a541440345346c0fdb26297

SHA1
e9cccc61fb43daebc0d109e91a929e28e5738b04

SHA256
6d98ffc191355a62e9e15e13146a4588a7d629d944767b11093e59969676d36d

SHA512
41b9e9c3dcdd2b4e51d5429f6fe8ebfa48f27f2e6760d62829f33620a9615ed1fd567f6d9d408cacc6fdca6f8345d8e7869c2260ccf69f02a3a8d8dfbd563a56

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45974.exe

Filesize
468KB

MD5
6cdf36f21bb95a2e6573259221e99ecb

SHA1
fa11e1c6deef9996f838cd47d2eb42a11c2a7a6f

SHA256
eb89266466e594435868f2f9e655c75c3bba049ff8db32aab19684708ff8c8bb

SHA512
27ecbc3ee09a44dad52c962341de2759ff5575373212edf15d041bff76ba8e6ebc2b7f81508b9322d9dd132e91bcaf7870da8f114261775136d9f1f958154a8b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50753.exe

Filesize
468KB

MD5
194518b396e917aaf20d10077bc2eff1

SHA1
6d9337f99d3dcd65099e2e7b04da57e56dad7ff6

SHA256
a3b8cb065569048a956242cf4e0228e75fcaf0025552d482c1c726b5ef2ee8ee

SHA512
6a3f7fe51cc774161de78c783a3455ccaf8c7305fd0d0b28d968396e5ffabea9e0667e73dbf21469f07e5c559796fb1cd323c89102c0b12e12c13c13ba80a997

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5247.exe

Filesize
468KB

MD5
924529a9f9c81735e396f03f5e8291d8

SHA1
dd328d9281c793879db9c82b626a974ca791a767

SHA256
6378e8063234fdd922c7654bfa14b66ea39068efb261cf362423e54b24b43fa6

SHA512
18c49edcce036a2743d905ba2d88f353a9f96ae90a78b9fcc3f0327ff1090e2ee11f4e3c9ac3143bfb5cc6edcdf9ca027b32b314f4960955978fa6635422b1cd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52798.exe

Filesize
468KB

MD5
bb895d7adbe2d368273ebd293ac26902

SHA1
482ecf95d22b08f65d21064e12a3b4378f7abf6b

SHA256
a57e7db9b3dd0c43a96a0a65b958e12208e0be875aa88746925fa9ca790c30f4

SHA512
ef0d9943d55d6ec60dd2a7d0431921365dfe6178968a90a96cc8c9b4f797413a3aa774a0214efd546a01aec44c803c4a6d8805508937506c900e9dec684bfa84

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55003.exe

Filesize
468KB

MD5
f819a0110587aacd2486452f0c4852d4

SHA1
075c155a217a9aad935abe608c21c6c12d18b36d

SHA256
1ff35e41692e0e1b0aacb2829c22f21d7f91aadc7a60c8be528287c195d72e95

SHA512
f27f7844d21d142388625c69249bf5d7bd1b6b35c92b113191f7df4f5495840e9de605cd248cc14e15db4487474a31e7c48e4d9ae3428f8f59c5b5014fc9521e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5744.exe

Filesize
468KB

MD5
475d22256dca60a7c807b5433e2f48fc

SHA1
40ba0c7cdffa6ae9fc8e97cf964c6169f7393fca

SHA256
95c6f4f0b0ff4225fe7ca6496b2772d1a1243933849e622f972e5a9feac24411

SHA512
670aaddae6e66f171f793682c96866a41b7385eb5d67e4251dc7c96d5d8dffd631234365e25d2d6bc4442e6e3f8a75fb03977e2b4629a283b3975ef22019f493

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61251.exe

Filesize
468KB

MD5
4f9f904fb3d6b38ab6eb7d07c8877663

SHA1
fd1eb034e98f3345fe5945b1813349c3faa529ed

SHA256
9fa86cabf2ca24a2555e94f5156ad2325f215b856a8b7ef2e755017f8049481b

SHA512
8d0295c72ec99df704eccb5ef07b93d9de358e0ef39061d98bc299624e7ec401c357906a60e0bd97ee8675fea7b098479b2984edd5828196ff378f8adeb71067

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64654.exe

Filesize
468KB

MD5
d910e2bb6e9beb41801f0bf87c441595

SHA1
7ae3ec2a6c20133c5edc06ac6b9d70e127465f0c

SHA256
ff948b53c4d750838d9d2ebe033a23d7c15074f6ea3b271b233fbedc6e10da5e

SHA512
2ba2eaeeb2b96711d6c9c37f93a005dc814a5786dc3b8379aa159aad0d311c94a86204d5e7098ff95876e33ed34996df7788f84dcffe75a46f2758ceef1846fe

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8236.exe

Filesize
468KB

MD5
f3e9c789f7d0e0dbc14794dbbc89bd20

SHA1
d04bd5abcc751d9e1c19b66a58f8cddec98f0372

SHA256
ce808ae99f27a4b587fd72f5982ddaf1fd8d01752df0f2ccae4b8167ec412229

SHA512
fd3cb285a8d199388f8d14f6d6fb67d337a1ef49cd40586687720e387a3453b9280e66bbf8b1e7d083a5fa90d4ae642282656924e41d7c00bbf5b86b1d3cda42

Download Submit