a874fa07ce89b972b31609d0a7343962a3d1225009693bbcb5450da26bb11094

Analysis

max time kernel
119s
max time network
18s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
03/10/2024, 18:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a874fa07ce89b972b31609d0a7343962a3d1225009693bbcb5450da26bb11094N.exe
Size

468KB
MD5

16b9c0daa29c83701c2284e05a683ce0
SHA1

9f2f45dbe370609a709b3165a3c06285fb3b9851
SHA256

a874fa07ce89b972b31609d0a7343962a3d1225009693bbcb5450da26bb11094
SHA512

7ac09c9f43ad57d2d05fd0bea97464a384d4a99b41bf468ebf379a14b12fb4a177bdf0b35ec0afb795964e17a5c6621cc0bd5fbcaaebe3c2d5a98aa90ecaa145
SSDEEP

3072:aby7og5+Pb8UwaYC7zojTf8/EChAZ4pfAdHeZVrs03WfyAIbkayz:abeohYUwK7UjTf/ETM03UPIbk

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2696	Unicorn-4661.exe
2180	Unicorn-63244.exe
716	Unicorn-22425.exe
2876	Unicorn-10831.exe
2944	Unicorn-48335.exe
2784	Unicorn-57986.exe
2940	Unicorn-28655.exe
1124	Unicorn-34253.exe
1964	Unicorn-54119.exe
1752	Unicorn-18331.exe
2096	Unicorn-9194.exe
2700	Unicorn-8929.exe
2124	Unicorn-9360.exe
2296	Unicorn-52623.exe
1672	Unicorn-37565.exe
2508	Unicorn-46480.exe
884	Unicorn-62261.exe
2340	Unicorn-61996.exe
3000	Unicorn-808.exe
1004	Unicorn-50009.exe
2868	Unicorn-21975.exe
944	Unicorn-41271.exe
2344	Unicorn-14835.exe
896	Unicorn-48255.exe
2132	Unicorn-34872.exe
2120	Unicorn-35759.exe
2064	Unicorn-59651.exe
2832	Unicorn-19365.exe
2972	Unicorn-39231.exe
2744	Unicorn-39231.exe
2968	Unicorn-10642.exe
2640	Unicorn-31041.exe
2676	Unicorn-42739.exe
2724	Unicorn-22873.exe
904	Unicorn-42739.exe
2140	Unicorn-8020.exe
2072	Unicorn-14150.exe
2116	Unicorn-44969.exe
2000	Unicorn-47015.exe
2712	Unicorn-25633.exe
900	Unicorn-17664.exe
2988	Unicorn-16263.exe
2284	Unicorn-56527.exe
1040	Unicorn-36661.exe
2256	Unicorn-42229.exe
1128	Unicorn-56719.exe
1908	Unicorn-16516.exe
360	Unicorn-3709.exe
928	Unicorn-21507.exe
2372	Unicorn-6647.exe
1276	Unicorn-60694.exe
1776	Unicorn-17284.exe
1096	Unicorn-37128.exe
2704	Unicorn-40658.exe
2304	Unicorn-40658.exe
2732	Unicorn-45489.exe
3048	Unicorn-65089.exe
2840	Unicorn-61270.exe
1204	Unicorn-24514.exe
2244	Unicorn-63500.exe
2596	Unicorn-4093.exe
2320	Unicorn-35680.exe
340	Unicorn-20321.exe
1812	Unicorn-44785.exe

Loads dropped DLL 64 IoCs

pid	Process
2528	a874fa07ce89b972b31609d0a7343962a3d1225009693bbcb5450da26bb11094N.exe
2528	a874fa07ce89b972b31609d0a7343962a3d1225009693bbcb5450da26bb11094N.exe
2528	a874fa07ce89b972b31609d0a7343962a3d1225009693bbcb5450da26bb11094N.exe
2696	Unicorn-4661.exe
2528	a874fa07ce89b972b31609d0a7343962a3d1225009693bbcb5450da26bb11094N.exe
2696	Unicorn-4661.exe
716	Unicorn-22425.exe
716	Unicorn-22425.exe
2696	Unicorn-4661.exe
2696	Unicorn-4661.exe
2528	a874fa07ce89b972b31609d0a7343962a3d1225009693bbcb5450da26bb11094N.exe
2528	a874fa07ce89b972b31609d0a7343962a3d1225009693bbcb5450da26bb11094N.exe
2872	WerFault.exe
2872	WerFault.exe
2872	WerFault.exe
2872	WerFault.exe
2872	WerFault.exe
2872	WerFault.exe
2872	WerFault.exe
2876	Unicorn-10831.exe
2876	Unicorn-10831.exe
1772	WerFault.exe
1772	WerFault.exe
1772	WerFault.exe
1772	WerFault.exe
1772	WerFault.exe
716	Unicorn-22425.exe
716	Unicorn-22425.exe
2944	Unicorn-48335.exe
2944	Unicorn-48335.exe
2696	Unicorn-4661.exe
2696	Unicorn-4661.exe
2784	Unicorn-57986.exe
2528	a874fa07ce89b972b31609d0a7343962a3d1225009693bbcb5450da26bb11094N.exe
2528	a874fa07ce89b972b31609d0a7343962a3d1225009693bbcb5450da26bb11094N.exe
2784	Unicorn-57986.exe
1124	Unicorn-34253.exe
1124	Unicorn-34253.exe
716	Unicorn-22425.exe
716	Unicorn-22425.exe
1964	Unicorn-54119.exe
1964	Unicorn-54119.exe
2944	Unicorn-48335.exe
2944	Unicorn-48335.exe
2696	Unicorn-4661.exe
2096	Unicorn-9194.exe
2696	Unicorn-4661.exe
2096	Unicorn-9194.exe
1752	Unicorn-18331.exe
1752	Unicorn-18331.exe
2700	Unicorn-8929.exe
2784	Unicorn-57986.exe
2784	Unicorn-57986.exe
2700	Unicorn-8929.exe
2528	a874fa07ce89b972b31609d0a7343962a3d1225009693bbcb5450da26bb11094N.exe
2528	a874fa07ce89b972b31609d0a7343962a3d1225009693bbcb5450da26bb11094N.exe
2124	Unicorn-9360.exe
2124	Unicorn-9360.exe
1124	Unicorn-34253.exe
1124	Unicorn-34253.exe
2296	Unicorn-52623.exe
2296	Unicorn-52623.exe
716	Unicorn-22425.exe
716	Unicorn-22425.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2872	2180	WerFault.exe	30
1772	2940	WerFault.exe	36

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54009.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65016.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23070.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10850.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2152.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41939.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16792.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22692.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18800.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32535.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63421.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9915.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39980.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40477.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a874fa07ce89b972b31609d0a7343962a3d1225009693bbcb5450da26bb11094N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24908.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18700.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15780.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12900.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45016.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2457.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53340.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47197.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43112.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21380.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22692.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65053.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29044.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39231.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55889.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61805.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48872.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10320.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13120.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39980.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8816.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7868.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10320.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17664.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60694.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22567.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41939.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45914.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18985.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13120.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10320.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47259.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15249.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61540.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50617.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13120.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4661.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29496.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55675.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27019.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17844.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36393.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18396.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31874.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44831.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14934.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41939.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5344.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61270.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2528	a874fa07ce89b972b31609d0a7343962a3d1225009693bbcb5450da26bb11094N.exe
2696	Unicorn-4661.exe
716	Unicorn-22425.exe
2180	Unicorn-63244.exe
2876	Unicorn-10831.exe
2944	Unicorn-48335.exe
2784	Unicorn-57986.exe
2940	Unicorn-28655.exe
1124	Unicorn-34253.exe
1964	Unicorn-54119.exe
2700	Unicorn-8929.exe
2096	Unicorn-9194.exe
1752	Unicorn-18331.exe
2124	Unicorn-9360.exe
2296	Unicorn-52623.exe
1672	Unicorn-37565.exe
2508	Unicorn-46480.exe
3000	Unicorn-808.exe
1004	Unicorn-50009.exe
2868	Unicorn-21975.exe
944	Unicorn-41271.exe
2340	Unicorn-61996.exe
884	Unicorn-62261.exe
2344	Unicorn-14835.exe
896	Unicorn-48255.exe
2132	Unicorn-34872.exe
2120	Unicorn-35759.exe
2064	Unicorn-59651.exe
2972	Unicorn-39231.exe
2832	Unicorn-19365.exe
2744	Unicorn-39231.exe
2640	Unicorn-31041.exe
2000	Unicorn-47015.exe
2072	Unicorn-14150.exe
2116	Unicorn-44969.exe
2140	Unicorn-8020.exe
2676	Unicorn-42739.exe
2712	Unicorn-25633.exe
900	Unicorn-17664.exe
2968	Unicorn-10642.exe
904	Unicorn-42739.exe
2724	Unicorn-22873.exe
2284	Unicorn-56527.exe
1040	Unicorn-36661.exe
2256	Unicorn-42229.exe
2988	Unicorn-16263.exe
1128	Unicorn-56719.exe
1908	Unicorn-16516.exe
360	Unicorn-3709.exe
928	Unicorn-21507.exe
2372	Unicorn-6647.exe
1276	Unicorn-60694.exe
1776	Unicorn-17284.exe
1096	Unicorn-37128.exe
2704	Unicorn-40658.exe
2304	Unicorn-40658.exe
2732	Unicorn-45489.exe
2840	Unicorn-61270.exe
3048	Unicorn-65089.exe
2244	Unicorn-63500.exe
1812	Unicorn-44785.exe
2320	Unicorn-35680.exe
2160	Unicorn-12079.exe
1996	Unicorn-4176.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2528 wrote to memory of 2696	2528	a874fa07ce89b972b31609d0a7343962a3d1225009693bbcb5450da26bb11094N.exe	29
PID 2528 wrote to memory of 2696	2528	a874fa07ce89b972b31609d0a7343962a3d1225009693bbcb5450da26bb11094N.exe	29
PID 2528 wrote to memory of 2696	2528	a874fa07ce89b972b31609d0a7343962a3d1225009693bbcb5450da26bb11094N.exe	29
PID 2528 wrote to memory of 2696	2528	a874fa07ce89b972b31609d0a7343962a3d1225009693bbcb5450da26bb11094N.exe	29
PID 2528 wrote to memory of 2180	2528	a874fa07ce89b972b31609d0a7343962a3d1225009693bbcb5450da26bb11094N.exe	30
PID 2528 wrote to memory of 2180	2528	a874fa07ce89b972b31609d0a7343962a3d1225009693bbcb5450da26bb11094N.exe	30
PID 2528 wrote to memory of 2180	2528	a874fa07ce89b972b31609d0a7343962a3d1225009693bbcb5450da26bb11094N.exe	30
PID 2528 wrote to memory of 2180	2528	a874fa07ce89b972b31609d0a7343962a3d1225009693bbcb5450da26bb11094N.exe	30
PID 2696 wrote to memory of 716	2696	Unicorn-4661.exe	31
PID 2696 wrote to memory of 716	2696	Unicorn-4661.exe	31
PID 2696 wrote to memory of 716	2696	Unicorn-4661.exe	31
PID 2696 wrote to memory of 716	2696	Unicorn-4661.exe	31
PID 716 wrote to memory of 2876	716	Unicorn-22425.exe	32
PID 716 wrote to memory of 2876	716	Unicorn-22425.exe	32
PID 716 wrote to memory of 2876	716	Unicorn-22425.exe	32
PID 716 wrote to memory of 2876	716	Unicorn-22425.exe	32
PID 2696 wrote to memory of 2944	2696	Unicorn-4661.exe	33
PID 2696 wrote to memory of 2944	2696	Unicorn-4661.exe	33
PID 2696 wrote to memory of 2944	2696	Unicorn-4661.exe	33
PID 2696 wrote to memory of 2944	2696	Unicorn-4661.exe	33
PID 2180 wrote to memory of 2872	2180	Unicorn-63244.exe	34
PID 2180 wrote to memory of 2872	2180	Unicorn-63244.exe	34
PID 2180 wrote to memory of 2872	2180	Unicorn-63244.exe	34
PID 2180 wrote to memory of 2872	2180	Unicorn-63244.exe	34
PID 2528 wrote to memory of 2784	2528	a874fa07ce89b972b31609d0a7343962a3d1225009693bbcb5450da26bb11094N.exe	35
PID 2528 wrote to memory of 2784	2528	a874fa07ce89b972b31609d0a7343962a3d1225009693bbcb5450da26bb11094N.exe	35
PID 2528 wrote to memory of 2784	2528	a874fa07ce89b972b31609d0a7343962a3d1225009693bbcb5450da26bb11094N.exe	35
PID 2528 wrote to memory of 2784	2528	a874fa07ce89b972b31609d0a7343962a3d1225009693bbcb5450da26bb11094N.exe	35
PID 2876 wrote to memory of 2940	2876	Unicorn-10831.exe	36
PID 2876 wrote to memory of 2940	2876	Unicorn-10831.exe	36
PID 2876 wrote to memory of 2940	2876	Unicorn-10831.exe	36
PID 2876 wrote to memory of 2940	2876	Unicorn-10831.exe	36
PID 2940 wrote to memory of 1772	2940	Unicorn-28655.exe	37
PID 2940 wrote to memory of 1772	2940	Unicorn-28655.exe	37
PID 2940 wrote to memory of 1772	2940	Unicorn-28655.exe	37
PID 2940 wrote to memory of 1772	2940	Unicorn-28655.exe	37
PID 716 wrote to memory of 1124	716	Unicorn-22425.exe	38
PID 716 wrote to memory of 1124	716	Unicorn-22425.exe	38
PID 716 wrote to memory of 1124	716	Unicorn-22425.exe	38
PID 716 wrote to memory of 1124	716	Unicorn-22425.exe	38
PID 2944 wrote to memory of 1964	2944	Unicorn-48335.exe	39
PID 2944 wrote to memory of 1964	2944	Unicorn-48335.exe	39
PID 2944 wrote to memory of 1964	2944	Unicorn-48335.exe	39
PID 2944 wrote to memory of 1964	2944	Unicorn-48335.exe	39
PID 2696 wrote to memory of 1752	2696	Unicorn-4661.exe	40
PID 2696 wrote to memory of 1752	2696	Unicorn-4661.exe	40
PID 2696 wrote to memory of 1752	2696	Unicorn-4661.exe	40
PID 2696 wrote to memory of 1752	2696	Unicorn-4661.exe	40
PID 2528 wrote to memory of 2700	2528	a874fa07ce89b972b31609d0a7343962a3d1225009693bbcb5450da26bb11094N.exe	42
PID 2528 wrote to memory of 2700	2528	a874fa07ce89b972b31609d0a7343962a3d1225009693bbcb5450da26bb11094N.exe	42
PID 2528 wrote to memory of 2700	2528	a874fa07ce89b972b31609d0a7343962a3d1225009693bbcb5450da26bb11094N.exe	42
PID 2528 wrote to memory of 2700	2528	a874fa07ce89b972b31609d0a7343962a3d1225009693bbcb5450da26bb11094N.exe	42
PID 2784 wrote to memory of 2096	2784	Unicorn-57986.exe	41
PID 2784 wrote to memory of 2096	2784	Unicorn-57986.exe	41
PID 2784 wrote to memory of 2096	2784	Unicorn-57986.exe	41
PID 2784 wrote to memory of 2096	2784	Unicorn-57986.exe	41
PID 1124 wrote to memory of 2124	1124	Unicorn-34253.exe	43
PID 1124 wrote to memory of 2124	1124	Unicorn-34253.exe	43
PID 1124 wrote to memory of 2124	1124	Unicorn-34253.exe	43
PID 1124 wrote to memory of 2124	1124	Unicorn-34253.exe	43
PID 716 wrote to memory of 2296	716	Unicorn-22425.exe	44
PID 716 wrote to memory of 2296	716	Unicorn-22425.exe	44
PID 716 wrote to memory of 2296	716	Unicorn-22425.exe	44
PID 716 wrote to memory of 2296	716	Unicorn-22425.exe	44

C:\Users\Admin\AppData\Local\Temp\a874fa07ce89b972b31609d0a7343962a3d1225009693bbcb5450da26bb11094N.exe
"C:\Users\Admin\AppData\Local\Temp\a874fa07ce89b972b31609d0a7343962a3d1225009693bbcb5450da26bb11094N.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2528
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4661.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4661.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22425.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22425.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10831.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10831.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28655.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2940
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 188
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:1772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17284.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21380.exe
        6⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1634.exe
        7⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16792.exe
        7⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-676.exe
        7⤵
        
        PID:2460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5889.exe
        6⤵
        
        PID:3828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42780.exe
        6⤵
        
        PID:5112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18985.exe
        6⤵
        
        PID:6348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15249.exe
        5⤵
        
        PID:876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5344.exe
        5⤵
        
        PID:3672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39980.exe
        5⤵
        
        PID:2464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59322.exe
        5⤵
        
        PID:6556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34253.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34253.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9360.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14835.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16263.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45593.exe
        8⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39050.exe
        9⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29044.exe
        9⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        9⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40273.exe
        8⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53999.exe
        8⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16932.exe
        8⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
        8⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22567.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21380.exe
        8⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43112.exe
        8⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30527.exe
        8⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18985.exe
        8⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2229.exe
        7⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62713.exe
        7⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27727.exe
        7⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46877.exe
        7⤵
        
        PID:5416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36661.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33149.exe
        7⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31821.exe
        8⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29133.exe
        9⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13284.exe
        9⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        9⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41939.exe
        8⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16857.exe
        8⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
        8⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61540.exe
        7⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57194.exe
        7⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14934.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47631.exe
        6⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34390.exe
        7⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16792.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        7⤵
        
        PID:6452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59874.exe
        6⤵
        
        PID:3712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43314.exe
        6⤵
        
        PID:4960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10850.exe
        6⤵
        
        PID:6204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48255.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56527.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40549.exe
        7⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21380.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43112.exe
        8⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46864.exe
        8⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18985.exe
        8⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1514.exe
        7⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65016.exe
        7⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48645.exe
        7⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53548.exe
        6⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21380.exe
        7⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43112.exe
        7⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12773.exe
        7⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22202.exe
        7⤵
        
        PID:7044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15249.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60129.exe
        7⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12900.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8844.exe
        7⤵
        
        PID:6048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5344.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39980.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55046.exe
        6⤵
        
        PID:6100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42229.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3792.exe
        6⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36481.exe
        7⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56848.exe
        7⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40477.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6044.exe
        7⤵
        
        PID:6132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11955.exe
        6⤵
        
        PID:2820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62713.exe
        6⤵
        
        PID:3796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27727.exe
        6⤵
        
        PID:5264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46877.exe
        6⤵
        
        PID:5492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24908.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23798.exe
        6⤵
        
        PID:2208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4965.exe
        6⤵
        
        PID:3380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42780.exe
        6⤵
        
        PID:3016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14709.exe
        6⤵
        
        PID:6136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64115.exe
        5⤵
        
        PID:756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64902.exe
        5⤵
        
        PID:3404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28258.exe
        5⤵
        
        PID:5276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50580.exe
        5⤵
        
        PID:6092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52623.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34872.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56719.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45593.exe
        7⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21380.exe
        8⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43112.exe
        8⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30527.exe
        8⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2457.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1514.exe
        7⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65016.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48645.exe
        7⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
        7⤵
        
        PID:6380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10315.exe
        6⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21380.exe
        7⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8192.exe
        7⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59322.exe
        7⤵
        
        PID:6572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52875.exe
        6⤵
        
        PID:3640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7684.exe
        6⤵
        
        PID:4916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10850.exe
        6⤵
        
        PID:6212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16516.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5676.exe
        6⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39475.exe
        7⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60129.exe
        8⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62869.exe
        8⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        8⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41939.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27019.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18985.exe
        7⤵
        
        PID:5508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19609.exe
        6⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60129.exe
        7⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50617.exe
        7⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        7⤵
        
        PID:6340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55675.exe
        6⤵
        
        PID:3500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32885.exe
        6⤵
        
        PID:4992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22202.exe
        6⤵
        
        PID:7052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7138.exe
        5⤵
        
        PID:2292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39475.exe
        6⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61970.exe
        7⤵
        
        PID:7148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41939.exe
        6⤵
        
        PID:3624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9915.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14901.exe
        6⤵
        
        PID:6736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31042.exe
        5⤵
        
        PID:1512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52875.exe
        5⤵
        
        PID:3616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65053.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10850.exe
        5⤵
        
        PID:6320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35759.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35759.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3709.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9651.exe
        6⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19184.exe
        7⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34611.exe
        7⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18985.exe
        7⤵
        
        PID:6436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60357.exe
        6⤵
        
        PID:4024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63319.exe
        6⤵
        
        PID:4336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16932.exe
        6⤵
        
        PID:5832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
        6⤵
        
        PID:6468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1353.exe
        5⤵
        
        PID:2088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60129.exe
        6⤵
        
        PID:4184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50617.exe
        6⤵
        
        PID:6012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47403.exe
        6⤵
        
        PID:6912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4087.exe
        5⤵
        
        PID:3312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49413.exe
        5⤵
        
        PID:5152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6647.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6647.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5100.exe
        5⤵
        
        PID:912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21380.exe
        6⤵
        
        PID:2424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23373.exe
        6⤵
        
        PID:4136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
        6⤵
        
        PID:6708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1514.exe
        5⤵
        
        PID:2996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53340.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36393.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
        5⤵
        
        PID:6396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37086.exe
      4⤵
      PID:1684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30175.exe
        5⤵
        
        PID:7080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51739.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51739.exe
      4⤵
      PID:3704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30198.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30198.exe
      4⤵
      PID:3368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51552.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51552.exe
      4⤵
      PID:5636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53721.exe
      4⤵
      PID:5868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48335.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48335.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54119.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54119.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37565.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39231.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13413.exe
        7⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29688.exe
        8⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60129.exe
        9⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50617.exe
        9⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38820.exe
        8⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53999.exe
        8⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21016.exe
        8⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
        8⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2614.exe
        7⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60129.exe
        8⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12900.exe
        8⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8844.exe
        8⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11715.exe
        7⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59864.exe
        7⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8267.exe
        7⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59322.exe
        7⤵
        
        PID:6356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45188.exe
        6⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21380.exe
        7⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47197.exe
        7⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30527.exe
        7⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23070.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15249.exe
        6⤵
        
        PID:1492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5344.exe
        6⤵
        
        PID:3352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27727.exe
        6⤵
        
        PID:5444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59322.exe
        6⤵
        
        PID:1552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31041.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24514.exe
        6⤵
        Executes dropped EXE
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61805.exe
        7⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61717.exe
        7⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        7⤵
        
        PID:6160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54031.exe
        6⤵
        
        PID:2720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56848.exe
        6⤵
        
        PID:3916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52729.exe
        6⤵
        
        PID:1476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
        6⤵
        
        PID:6612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35680.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21380.exe
        6⤵
        
        PID:504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22692.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42780.exe
        6⤵
        
        PID:5000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18985.exe
        6⤵
        
        PID:6404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41697.exe
        5⤵
        
        PID:3588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34663.exe
        5⤵
        
        PID:3284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62082.exe
        5⤵
        
        PID:5932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54856.exe
        5⤵
        
        PID:5892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46480.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42739.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45785.exe
        6⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39475.exe
        7⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60129.exe
        8⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62869.exe
        8⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        8⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41939.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27019.exe
        7⤵
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18985.exe
        7⤵
        
        PID:5596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11441.exe
        6⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39382.exe
        7⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32578.exe
        7⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        7⤵
        
        PID:6364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55675.exe
        6⤵
        
        PID:3584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15780.exe
        6⤵
        
        PID:5104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22202.exe
        6⤵
        
        PID:6992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41871.exe
        5⤵
        
        PID:1576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21380.exe
        6⤵
        
        PID:2220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43112.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50948.exe
        6⤵
        
        PID:1984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14709.exe
        6⤵
        
        PID:5184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35286.exe
        5⤵
        
        PID:3144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38401.exe
        5⤵
        
        PID:3804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39980.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59322.exe
        5⤵
        
        PID:6664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44969.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44969.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53185.exe
        5⤵
        
        PID:2068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21380.exe
        6⤵
        
        PID:1328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43112.exe
        6⤵
        
        PID:3976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30527.exe
        6⤵
        
        PID:5364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18985.exe
        6⤵
        
        PID:5500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34378.exe
        5⤵
        
        PID:3188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60129.exe
        6⤵
        
        PID:4320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62869.exe
        6⤵
        
        PID:5720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        6⤵
        
        PID:6680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36512.exe
        5⤵
        
        PID:4672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44280.exe
        5⤵
        
        PID:5620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12079.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12079.exe
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:2160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51919.exe
        5⤵
        
        PID:272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58619.exe
        6⤵
        
        PID:3880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57633.exe
        6⤵
        
        PID:5076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        6⤵
        
        PID:6524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41939.exe
        5⤵
        
        PID:3560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18851.exe
        5⤵
        
        PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14709.exe
        5⤵
        
        PID:5564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55900.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55900.exe
      4⤵
      PID:2280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21380.exe
        5⤵
        
        PID:2780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55960.exe
        6⤵
        
        PID:5208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51155.exe
        6⤵
        
        PID:6916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47197.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30527.exe
        5⤵
        
        PID:5356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18985.exe
        5⤵
        
        PID:5300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61451.exe
      4⤵
      PID:1928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51070.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51070.exe
      4⤵
      PID:4076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18979.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18979.exe
      4⤵
      PID:5140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49521.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49521.exe
      4⤵
      PID:6496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18331.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18331.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-808.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39231.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60694.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21219.exe
        7⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60129.exe
        8⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50617.exe
        8⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        8⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55889.exe
        7⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55883.exe
        7⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23070.exe
        7⤵
        
        PID:5808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35945.exe
        6⤵
        
        PID:1988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55675.exe
        6⤵
        
        PID:3516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47982.exe
        6⤵
        
        PID:5372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37128.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20560.exe
        6⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21380.exe
        7⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22692.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42780.exe
        7⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18985.exe
        7⤵
        
        PID:6428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61540.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24219.exe
        6⤵
        
        PID:4984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59322.exe
        6⤵
        
        PID:6088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56038.exe
        5⤵
        
        PID:320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21380.exe
        6⤵
        
        PID:2432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22692.exe
        6⤵
        
        PID:4000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42780.exe
        6⤵
        
        PID:1696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18985.exe
        6⤵
        
        PID:6540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21114.exe
        5⤵
        
        PID:2392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50540.exe
        5⤵
        
        PID:3996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27528.exe
        5⤵
        
        PID:4376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10850.exe
        5⤵
        
        PID:6444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21507.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5100.exe
        5⤵
        
        PID:1708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19609.exe
        5⤵
        
        PID:2176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55675.exe
        5⤵
        
        PID:3324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15780.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
        5⤵
        
        PID:6036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58395.exe
      4⤵
      PID:1644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13154.exe
        5⤵
        
        PID:3256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29044.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2861.exe
        5⤵
        
        PID:6984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47125.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47125.exe
      4⤵
      PID:3736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34663.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34663.exe
      4⤵
      PID:4100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8797.exe
      4⤵
      PID:5800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54856.exe
      4⤵
      PID:6488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61996.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61996.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47015.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47015.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-860.exe
        5⤵
        
        PID:1140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61805.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5116.exe
        6⤵
        
        PID:4432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4760.exe
        6⤵
        
        PID:5256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40273.exe
        5⤵
        
        PID:3728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53999.exe
        5⤵
        
        PID:3808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12848.exe
        5⤵
        
        PID:5820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
        5⤵
        
        PID:6644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15088.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15088.exe
      4⤵
      PID:2076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9952.exe
      4⤵
      PID:3288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56892.exe
      4⤵
      PID:4416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59322.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59322.exe
      4⤵
      PID:6068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17664.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17664.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4176.exe
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:1996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18396.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60129.exe
        6⤵
        
        PID:4140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50617.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        6⤵
        
        PID:6228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63517.exe
        5⤵
        
        PID:3956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53999.exe
        5⤵
        
        PID:3760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16932.exe
        5⤵
        
        PID:5776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51239.exe
      4⤵
      PID:2848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31266.exe
        5⤵
        
        PID:3152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20876.exe
        5⤵
        
        PID:5212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        5⤵
        
        PID:6276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-387.exe
      4⤵
      PID:4080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52179.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52179.exe
      4⤵
      PID:5024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
      4⤵
      PID:5512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60008.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60008.exe
    3⤵
    PID:1292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31883.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31883.exe
      4⤵
      PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60129.exe
        5⤵
        
        PID:4232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7868.exe
        5⤵
        
        PID:6140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5218.exe
        5⤵
        
        PID:6944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41939.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41939.exe
      4⤵
      PID:3556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18851.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18851.exe
      4⤵
      PID:5016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18985.exe
      4⤵
      PID:6532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31267.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31267.exe
    3⤵
    PID:1824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31874.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31874.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63421.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63421.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53721.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53721.exe
    3⤵
    PID:5860
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63244.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63244.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2180
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2872
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57986.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57986.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9194.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9194.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62261.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59651.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40658.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21380.exe
        7⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63319.exe
        7⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16932.exe
        7⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2152.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44497.exe
        6⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60129.exe
        7⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12900.exe
        7⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-676.exe
        7⤵
        
        PID:5404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59864.exe
        6⤵
        
        PID:3136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61552.exe
        6⤵
        
        PID:5912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59322.exe
        6⤵
        
        PID:1500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45489.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50627.exe
        6⤵
        
        PID:3572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40263.exe
        6⤵
        
        PID:4108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11067.exe
        6⤵
        
        PID:5696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18985.exe
        6⤵
        
        PID:6700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50362.exe
        5⤵
        
        PID:3600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51199.exe
        5⤵
        
        PID:4048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45016.exe
        5⤵
        
        PID:5940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10850.exe
        5⤵
        
        PID:6196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19365.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-668.exe
        5⤵
        
        PID:2668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14887.exe
        6⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60129.exe
        7⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62869.exe
        7⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        7⤵
        
        PID:6512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55675.exe
        6⤵
        
        PID:3488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15780.exe
        6⤵
        
        PID:5096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
        6⤵
        
        PID:5672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19609.exe
        5⤵
        
        PID:2440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60129.exe
        6⤵
        
        PID:4280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7868.exe
        6⤵
        
        PID:6120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5218.exe
        6⤵
        
        PID:6952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55675.exe
        5⤵
        
        PID:3532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24717.exe
        5⤵
        
        PID:4976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
        5⤵
        
        PID:6296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60267.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60267.exe
      4⤵
      PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29823.exe
        5⤵
        
        PID:3356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18054.exe
        6⤵
        
        PID:4092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33128.exe
        6⤵
        
        PID:4412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18800.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30527.exe
        5⤵
        
        PID:5304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23070.exe
        5⤵
        
        PID:5684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59874.exe
      4⤵
      PID:3720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51199.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51199.exe
      4⤵
      PID:3088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45016.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10850.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21975.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21975.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42739.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42739.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5100.exe
        5⤵
        
        PID:892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10886.exe
        6⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60129.exe
        7⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7868.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5218.exe
        7⤵
        
        PID:6936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41939.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27019.exe
        6⤵
        
        PID:4944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18985.exe
        6⤵
        
        PID:5324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20185.exe
        5⤵
        
        PID:1720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55675.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15780.exe
        5⤵
        
        PID:5088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
        5⤵
        
        PID:6604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22458.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22458.exe
      4⤵
      PID:1624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60129.exe
        5⤵
        
        PID:4192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50617.exe
        5⤵
        
        PID:6004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        5⤵
        
        PID:6260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54009.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54009.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59864.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59864.exe
      4⤵
      PID:3376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61552.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61552.exe
      4⤵
      PID:5896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59322.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59322.exe
      4⤵
      PID:6096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8020.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8020.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40658.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40658.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47259.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40373.exe
        6⤵
        
        PID:2532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4965.exe
        6⤵
        
        PID:3388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30527.exe
        6⤵
        
        PID:5428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18985.exe
        6⤵
        
        PID:5548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16615.exe
        5⤵
        
        PID:1488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18700.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36393.exe
        5⤵
        
        PID:5476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
        5⤵
        
        PID:5852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28545.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28545.exe
      4⤵
      PID:2628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40124.exe
        5⤵
        
        PID:3912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21919.exe
        5⤵
        
        PID:5396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        5⤵
        
        PID:6180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55675.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55675.exe
      4⤵
      PID:3548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47982.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47982.exe
      4⤵
      PID:1732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65089.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65089.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53336.exe
      4⤵
      PID:3968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60129.exe
        5⤵
        
        PID:4240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1416.exe
        5⤵
        
        PID:5660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40263.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40263.exe
      4⤵
      PID:3692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64352.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64352.exe
      4⤵
      PID:5904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18985.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12449.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12449.exe
    3⤵
    PID:1540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34004.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34004.exe
    3⤵
    PID:4008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32342.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32342.exe
    3⤵
    PID:5224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54856.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54856.exe
    3⤵
    PID:5984
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8929.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8929.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50009.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50009.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10642.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20321.exe
        5⤵
        Executes dropped EXE
        
        PID:340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18962.exe
        6⤵
        
        PID:3124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49657.exe
        6⤵
        
        PID:5568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        6⤵
        
        PID:6268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34378.exe
        5⤵
        
        PID:3196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32535.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7612.exe
        5⤵
        
        PID:1524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
        5⤵
        
        PID:5392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58016.exe
      4⤵
      PID:2420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21380.exe
        5⤵
        
        PID:2684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43112.exe
        5⤵
        
        PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30527.exe
        5⤵
        
        PID:5436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18985.exe
        5⤵
        
        PID:5340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15249.exe
      4⤵
      PID:2260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60129.exe
        5⤵
        
        PID:4216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62869.exe
        5⤵
        
        PID:5728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        5⤵
        
        PID:6596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5344.exe
      4⤵
      PID:3480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39980.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39980.exe
      4⤵
      PID:5128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59322.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59322.exe
      4⤵
      PID:6388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22873.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22873.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61270.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61270.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40373.exe
        5⤵
        
        PID:592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4965.exe
        5⤵
        
        PID:3328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60129.exe
        6⤵
        
        PID:4168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8816.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47403.exe
        6⤵
        
        PID:6976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53999.exe
        5⤵
        
        PID:4116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16932.exe
        5⤵
        
        PID:5744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
        5⤵
        
        PID:6412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45204.exe
      4⤵
      PID:700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18700.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18700.exe
      4⤵
      PID:3332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40477.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40477.exe
      4⤵
      PID:5176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63413.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63413.exe
      4⤵
      PID:1240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63500.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63500.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29496.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29496.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18208.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18208.exe
      4⤵
      PID:3856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53999.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53999.exe
      4⤵
      PID:3836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16932.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16932.exe
      4⤵
      PID:5768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
      4⤵
      PID:6504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41675.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41675.exe
    3⤵
    PID:1796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60129.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60129.exe
      4⤵
      PID:4256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46533.exe
      4⤵
      PID:6076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
      4⤵
      PID:6588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49756.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49756.exe
    3⤵
    PID:3900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34663.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34663.exe
    3⤵
    PID:3372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8797.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8797.exe
    3⤵
    PID:5784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54856.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54856.exe
    3⤵
    PID:6692
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41271.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41271.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14150.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14150.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25173.exe
      4⤵
      PID:2816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21219.exe
        5⤵
        
        PID:2084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31266.exe
        6⤵
        
        PID:3108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20876.exe
        6⤵
        
        PID:5156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8844.exe
        6⤵
        
        PID:5964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55889.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35572.exe
        5⤵
        
        PID:5284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18985.exe
        5⤵
        
        PID:5864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19609.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19609.exe
      4⤵
      PID:1072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60129.exe
        5⤵
        
        PID:4224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50617.exe
        5⤵
        
        PID:5924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47403.exe
        5⤵
        
        PID:6964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55675.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55675.exe
      4⤵
      PID:3504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12276.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12276.exe
      4⤵
      PID:5484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59322.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59322.exe
      4⤵
      PID:5172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30003.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30003.exe
    3⤵
    PID:2612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23139.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23139.exe
      4⤵
      PID:1748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60129.exe
        5⤵
        
        PID:4160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28288.exe
        5⤵
        
        PID:5888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5218.exe
        5⤵
        
        PID:6928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41939.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41939.exe
      4⤵
      PID:3636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9915.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9915.exe
      4⤵
      PID:4128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18985.exe
      4⤵
      PID:6332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16624.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16624.exe
    3⤵
    PID:2324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39382.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39382.exe
      4⤵
      PID:3104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44831.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44831.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
      4⤵
      PID:6636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61540.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61540.exe
    3⤵
    PID:3596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16051.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16051.exe
    3⤵
    PID:4952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55046.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55046.exe
    3⤵
    PID:6116
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25633.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25633.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4093.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4093.exe
    3⤵
    - Executes dropped EXE
    PID:2596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9418.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9418.exe
      4⤵
      PID:3848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29044.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29044.exe
      4⤵
      PID:4124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
      4⤵
      PID:6188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25634.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25634.exe
    3⤵
    PID:3116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48872.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48872.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40477.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40477.exe
    3⤵
    PID:5192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6044.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6044.exe
    3⤵
    PID:2488
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44785.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44785.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21380.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21380.exe
    3⤵
    PID:1792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60129.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60129.exe
      4⤵
      PID:4264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46533.exe
      4⤵
      PID:6028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
      4⤵
      PID:6620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45914.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45914.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16932.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16932.exe
    3⤵
    PID:5760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
    3⤵
    PID:6548
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56985.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56985.exe
  2⤵
  PID:572
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24204.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24204.exe
  2⤵
  PID:4020
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17844.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17844.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3068
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17818.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17818.exe
  2⤵
  PID:6768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11715.exe

Filesize
468KB

MD5
20bc985e1b90330037cf72475e911647

SHA1
18fb35d41e58000d22909d41c88777e185f60562

SHA256
755ca4d366ce17274b1e21a7f7132ec0b04c59806ee5b5b9634a7b19b43ccba4

SHA512
7156ff3256c81c3f383f154735fb3a2f1316669dd524199175c974ff58705b2a3ea8eaf886dd5b3a8fb3cc32c4a750a2e140c4a08c5a66384f5e24a541a2a127

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22425.exe

Filesize
468KB

MD5
a41d4c396b3dfc0c255dd61af8cad60b

SHA1
2ea81c6854aad97e4aaa5db1387d34503c6aefeb

SHA256
48e5695e0f606073b8ef3fbbb490971dc7e79c5c84051abe705ff80fd62d9c86

SHA512
ec972f66eb825e7976a982fb2338e589c3be6c724d433e57ce4d8f07ac4b93d2e54d9e2b1d1157228af4224485143e9b201fb35c14d5ce90528e2966039596f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37565.exe

Filesize
468KB

MD5
81038af4b793b981f1b55de3a8525db2

SHA1
0a2ecb642a5f1ee32523f2fb8ba8025aee785e76

SHA256
dd084c458f8291489ebc8b95bc60d553dd3e0758b7db170b77afab24183eddc4

SHA512
4546c3d0a872e86f446350e591a996cf47c0f553d118ac94e4446421e47a87017f8d1620421dd3735184c12812f4d175ce9958a82cb65b71d9f8f494b5b166db

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63244.exe

Filesize
468KB

MD5
3dc229166fa1e92defb757a9316a50ef

SHA1
31b9503fae8784a5917f85435f80f5bb71fae64c

SHA256
87f4bc894d4c8d91be8a9481ca2a12d6cedaae09306184762c1d729aa4e98176

SHA512
5d39ba6f481b8455f30205bb5268368705d98517f76ef91e74e79e75c59e61f604bcc4e11d0f4f24cf749c5fb89dad2d99c3045095621c765323d300acc5e465

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10831.exe

Filesize
468KB

MD5
d07fcc0f074e54c4428e3b64328ac61f

SHA1
53b80691e54d6a71964714b9d5e70d97a037eeb6

SHA256
9f26f722d85fbf8569d16591e69540f5a22d6aaf6658c098fddf17c4e9af1f9b

SHA512
8c5ee1ac4ff92be446992a2487115932b37c94dd30b9e34222eac67a643d8394f00335a0d6c22c42f3874df47a3eeab59ebe323823116f241854d9518cf311ef

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18331.exe

Filesize
468KB

MD5
9874129fc6d9cd023c3a9e99ed746eca

SHA1
ba7c20fa8ab9a8f0cc651b045a0cc856f0a1c840

SHA256
94a5932490505df1afeacb8d148f59ecf48c784fbb31d3a3252885e271f8639b

SHA512
aa5c04406ae389d94600c67efc8b7596d05d85a871ac8021152a72de5f96f2edb32d026327413ab39ed4cbe7f8b13b6be26ca4cd889b32d68c3a9b852504cec1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28655.exe

Filesize
468KB

MD5
da216e2c3410598bac4ab3ea631d2d55

SHA1
00279da97124bc37e17d1c84c51570daf7773f88

SHA256
778169eeabb394d7a9398a834eaab614e6e091fa177ed61006e49b87c0226148

SHA512
4213a43366bb746cbb73105e3f4e25c68360b0b89e5c9c51c726bae4856fd6a73f0c2add01985feaf789f5ce31ffdcfa4e7a7a7517aae866ca00541ec40e2010

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34253.exe

Filesize
468KB

MD5
6549e320a8d7c3ec169b7df104f71b42

SHA1
99949694bb8eb30b1e5a3e23a8ea3636920cb999

SHA256
8212c7be352b8597793e64e197ac42fbd67b598469531ab0dfea28bbe2b4cf78

SHA512
8a79d200d275b056c5461668006b5cd5a558fa97da3b0442317c91a7b61b1c3227aed952b20ec64ed0138de7df20bfc1b68a2f91ea5cee6c125fe9fd6053674d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4661.exe

Filesize
468KB

MD5
1f1cfcef6e98202c36d206510bbb50be

SHA1
4d954d64a823cf582c0849930adf57a43ae4653b

SHA256
633a549b2a5e64ac60e1f980c94ddd8d2351d6b1e87e5280ad7b6cd50ec0bc42

SHA512
e1e78b9b51d3808dc8a2489123bf25fab4bc335b37e70a7dadfdf1e67b04549a50ab5da8bcf9f3337c4ab08b6fff7881a04fd7abdd2870e0d7c42991a97bdb58

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48335.exe

Filesize
468KB

MD5
8a63d064839480370985d5e725e5002c

SHA1
9d3704696c3d3ef7ed99351d0d9102f0ff80c820

SHA256
6ca24d500bf354d8aabab3f5a908379d16dc6078747077938f637f901e085dd2

SHA512
4302e94760d4440b2d6dd1ab849630bc74c39de667ca000677b8135583062a5efb5d84714bd78be5445ebfe645722b46256f765182b93e5003e7da87a75a1178

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52623.exe

Filesize
468KB

MD5
31bd9eb9a5eff8bcea9e98270eb8f062

SHA1
084ec6da8e5bb53f879d6383c85e6ff953ce2e25

SHA256
865a9af1cf6ac03bc5d3ad2adf18dec13787a840a4ede77751ef9e4e8c763312

SHA512
fe8513982c65bceb504487db53ad073052fda1206ec4f996c5b00435342630d8b0fdab465956613ab56e4ea81169cc0d5d50090e817acf0e2fc46288630b1b7d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54119.exe

Filesize
468KB

MD5
661d3a53a5a641806bb2d2543914df41

SHA1
e53c08ec4eb721f2e28f8afb9833af3706c6fc33

SHA256
1d1da9b7b06299c1d32777def2bd07ddf0dba70b92bf3dee4510bfa650ed6fc9

SHA512
aa8efba2cfc8d9b59630ce936ce892e0bec46adb316a934c4f900f24ae2478901461161fe9715dbe418e1c22ab9b52706252c5889a043fdf811881a8b754a448

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57986.exe

Filesize
468KB

MD5
cffb59b9d6fd00bd26ec7ecd4ce3ed16

SHA1
292789352519c1f159a88d62fa2f06028c2334e6

SHA256
683e5c984a9aab9bdbdc9554dfec7020670165d5115da420f77f9eb1fe23c2b5

SHA512
9c9e29e6f3f5ccc71de51c0d82ffc41ca8bc51aab5bcf7428c7685c7bfbb7eb330e477d2a9eb1d1e4a7e5a28c1498de2ec5710e3cca57e42b3451a5b3f905988

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8929.exe

Filesize
468KB

MD5
cc08c9424075af9775ae34c35a8f1900

SHA1
4bd79cca39e8631fb300c2685b4d2265d7466656

SHA256
173259a16c706a4da1e0f425973f8d414f891e7762fbbefe2923d7f728c19152

SHA512
c8f7677abe2e8223651986f0b58f97bd2e54662e578806e0fe353f9934cc9ea3f8807c02c0e956576d8d21802a232a8eb441635a39245783fb45212912491d5c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9194.exe

Filesize
468KB

MD5
59657ac24afcefba669e20e03a79554a

SHA1
502f0e0bb74605dab66ca4cb445bf6d65936da95

SHA256
bc3d98f45eaa89b664916f91fe810b9c3af0177b0d2a1816aa63541846c49c32

SHA512
6c33d744ed307465c549f310ce261678bd25628c922aff5806074b51dcab1e1b8580c6aa21d7725080cb97eef1b62c0d9c92de6ac8eee11ccc498317ffd061cb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9360.exe

Filesize
468KB

MD5
934a0fd64e3304695dc2562605a22cc9

SHA1
378c5a1e864fe9c8ee11763155fafb865aac96ac

SHA256
94ecc2454923195ef0ba85ee9fa0eb7c25fd8dff69d5ed81301b996991866efc

SHA512
f717b2d30ea9f04a98480502caab111d09318822e1eb17289bee27e4d65c2053492779ca78e20e7fc0631bd7b9946ed8cfeefd3b04aa6253c44f40fead7916ca

Download Submit
memory/716-109-0x0000000001E40000-0x0000000001EB5000-memory.dmp

Filesize
468KB

Download
memory/716-305-0x0000000001E40000-0x0000000001EB5000-memory.dmp

Filesize
468KB

Download
memory/716-48-0x0000000001E40000-0x0000000001EB5000-memory.dmp

Filesize
468KB

Download
memory/716-306-0x0000000001E40000-0x0000000001EB5000-memory.dmp

Filesize
468KB

Download
memory/716-379-0x0000000001E40000-0x0000000001EB5000-memory.dmp

Filesize
468KB

Download
memory/716-181-0x0000000001E40000-0x0000000001EB5000-memory.dmp

Filesize
468KB

Download
memory/716-182-0x0000000001E40000-0x0000000001EB5000-memory.dmp

Filesize
468KB

Download
memory/716-39-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/716-367-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/884-316-0x0000000002950000-0x00000000029C5000-memory.dmp

Filesize
468KB

Download
memory/884-229-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/884-315-0x0000000002950000-0x00000000029C5000-memory.dmp

Filesize
468KB

Download
memory/896-288-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/944-261-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/944-384-0x0000000002910000-0x0000000002985000-memory.dmp

Filesize
468KB

Download
memory/1004-342-0x00000000031D0000-0x0000000003245000-memory.dmp

Filesize
468KB

Download
memory/1004-250-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1124-287-0x00000000033B0000-0x0000000003425000-memory.dmp

Filesize
468KB

Download
memory/1124-110-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1124-170-0x00000000033B0000-0x0000000003425000-memory.dmp

Filesize
468KB

Download
memory/1124-169-0x00000000033B0000-0x0000000003425000-memory.dmp

Filesize
468KB

Download
memory/1124-286-0x00000000033B0000-0x0000000003425000-memory.dmp

Filesize
468KB

Download
memory/1672-330-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1672-198-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1752-134-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1752-230-0x00000000026D0000-0x0000000002745000-memory.dmp

Filesize
468KB

Download
memory/1752-232-0x00000000026D0000-0x0000000002745000-memory.dmp

Filesize
468KB

Download
memory/1964-348-0x00000000025F0000-0x0000000002665000-memory.dmp

Filesize
468KB

Download
memory/1964-197-0x00000000025F0000-0x0000000002665000-memory.dmp

Filesize
468KB

Download
memory/1964-196-0x00000000025F0000-0x0000000002665000-memory.dmp

Filesize
468KB

Download
memory/1964-120-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1964-349-0x00000000025F0000-0x0000000002665000-memory.dmp

Filesize
468KB

Download
memory/2064-317-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2072-399-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2096-215-0x00000000024E0000-0x0000000002555000-memory.dmp

Filesize
468KB

Download
memory/2096-151-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2096-222-0x00000000024E0000-0x0000000002555000-memory.dmp

Filesize
468KB

Download
memory/2096-328-0x00000000024E0000-0x0000000002555000-memory.dmp

Filesize
468KB

Download
memory/2120-307-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2124-277-0x0000000003410000-0x0000000003485000-memory.dmp

Filesize
468KB

Download
memory/2132-297-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2140-382-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2180-37-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2180-320-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2296-295-0x00000000023B0000-0x0000000002425000-memory.dmp

Filesize
468KB

Download
memory/2296-296-0x00000000023B0000-0x0000000002425000-memory.dmp

Filesize
468KB

Download
memory/2296-184-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2340-231-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2344-280-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2508-210-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2528-329-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2528-148-0x0000000002700000-0x0000000002775000-memory.dmp

Filesize
468KB

Download
memory/2528-6-0x0000000002700000-0x0000000002775000-memory.dmp

Filesize
468KB

Download
memory/2528-257-0x0000000002700000-0x0000000002775000-memory.dmp

Filesize
468KB

Download
memory/2528-354-0x0000000002700000-0x0000000002775000-memory.dmp

Filesize
468KB

Download
memory/2528-412-0x0000000002700000-0x0000000002775000-memory.dmp

Filesize
468KB

Download
memory/2528-258-0x0000000002700000-0x0000000002775000-memory.dmp

Filesize
468KB

Download
memory/2528-31-0x0000000002700000-0x0000000002775000-memory.dmp

Filesize
468KB

Download
memory/2528-363-0x0000000002700000-0x0000000002775000-memory.dmp

Filesize
468KB

Download
memory/2528-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2528-401-0x0000000002700000-0x0000000002775000-memory.dmp

Filesize
468KB

Download
memory/2640-350-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2676-366-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2696-133-0x0000000002610000-0x0000000002685000-memory.dmp

Filesize
468KB

Download
memory/2696-223-0x0000000002610000-0x0000000002685000-memory.dmp

Filesize
468KB

Download
memory/2696-38-0x0000000002610000-0x0000000002685000-memory.dmp

Filesize
468KB

Download
memory/2696-214-0x0000000002610000-0x0000000002685000-memory.dmp

Filesize
468KB

Download
memory/2696-339-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2696-32-0x0000000002610000-0x0000000002685000-memory.dmp

Filesize
468KB

Download
memory/2700-153-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2700-238-0x0000000002410000-0x0000000002485000-memory.dmp

Filesize
468KB

Download
memory/2700-362-0x0000000002410000-0x0000000002485000-memory.dmp

Filesize
468KB

Download
memory/2700-249-0x0000000002410000-0x0000000002485000-memory.dmp

Filesize
468KB

Download
memory/2724-368-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2784-68-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2784-149-0x0000000001CC0000-0x0000000001D35000-memory.dmp

Filesize
468KB

Download
memory/2784-247-0x0000000001CC0000-0x0000000001D35000-memory.dmp

Filesize
468KB

Download
memory/2784-137-0x0000000001CC0000-0x0000000001D35000-memory.dmp

Filesize
468KB

Download
memory/2784-240-0x0000000001CC0000-0x0000000001D35000-memory.dmp

Filesize
468KB

Download
memory/2784-378-0x0000000001CC0000-0x0000000001D35000-memory.dmp

Filesize
468KB

Download
memory/2832-331-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2868-365-0x0000000002630000-0x00000000026A5000-memory.dmp

Filesize
468KB

Download
memory/2868-256-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2868-364-0x0000000002630000-0x00000000026A5000-memory.dmp

Filesize
468KB

Download
memory/2876-51-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2876-389-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2876-90-0x00000000023F0000-0x0000000002465000-memory.dmp

Filesize
468KB

Download
memory/2944-209-0x00000000026D0000-0x0000000002745000-memory.dmp

Filesize
468KB

Download
memory/2944-60-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2944-211-0x00000000026D0000-0x0000000002745000-memory.dmp

Filesize
468KB

Download
memory/2944-411-0x00000000026D0000-0x0000000002745000-memory.dmp

Filesize
468KB

Download
memory/2944-407-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2968-344-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2972-333-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3000-332-0x00000000028C0000-0x0000000002935000-memory.dmp

Filesize
468KB

Download
memory/3000-236-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download