6e2f268de5b8c8e8f71a4effdd905b19428b9bdbfdfabfe24728fca23adeeaa0

Analysis

max time kernel
118s
max time network
21s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04/10/2024, 02:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6e2f268de5b8c8e8f71a4effdd905b19428b9bdbfdfabfe24728fca23adeeaa0N.exe
Size

468KB
MD5

f777458687600ab2835c549391722850
SHA1

0f16944edf19ac515fc83d65a4215ee8b42304ff
SHA256

6e2f268de5b8c8e8f71a4effdd905b19428b9bdbfdfabfe24728fca23adeeaa0
SHA512

b3099be6a231f6c0b28e6935ae284667b38bfaac15fe4e0a0cc7a4fbe904df7ec70b4ec041be77f372cac1ae548fa1021a8f4ec6ec207db1be46de64f30f28bf
SSDEEP

3072:PbO3ogpdIW5dtbfjPhzjff8wgYbMPIpCnmHexVhWiY5Ln8N6l8lG:PbuohSdt3P5jffq0oAiYV8N6l

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2696	Unicorn-36805.exe
2688	Unicorn-41433.exe
2796	Unicorn-45840.exe
2044	Unicorn-56079.exe
3032	Unicorn-40070.exe
2556	Unicorn-33939.exe
2976	Unicorn-20204.exe
2264	Unicorn-8900.exe
2360	Unicorn-33466.exe
2164	Unicorn-36403.exe
356	Unicorn-42533.exe
2276	Unicorn-9476.exe
2612	Unicorn-7364.exe
1664	Unicorn-7099.exe
2868	Unicorn-53036.exe
2920	Unicorn-34433.exe
2392	Unicorn-52424.exe
1004	Unicorn-39809.exe
1408	Unicorn-31374.exe
1976	Unicorn-22430.exe
1824	Unicorn-3462.exe
1604	Unicorn-62869.exe
1764	Unicorn-29249.exe
1388	Unicorn-46846.exe
1132	Unicorn-18564.exe
620	Unicorn-28263.exe
1732	Unicorn-8397.exe
2444	Unicorn-27998.exe
2256	Unicorn-61319.exe
2884	Unicorn-58117.exe
1012	Unicorn-25636.exe
2072	Unicorn-55567.exe
2100	Unicorn-58893.exe
2196	Unicorn-57871.exe
2816	Unicorn-55837.exe
2764	Unicorn-43485.exe
2824	Unicorn-2147.exe
2384	Unicorn-43834.exe
2588	Unicorn-38280.exe
2684	Unicorn-58115.exe
2564	Unicorn-47649.exe
1448	Unicorn-36713.exe
2548	Unicorn-56579.exe
2252	Unicorn-27689.exe
328	Unicorn-32672.exe
1500	Unicorn-32672.exe
1536	Unicorn-40454.exe
2348	Unicorn-33143.exe
1736	Unicorn-53009.exe
264	Unicorn-46879.exe
2532	Unicorn-53009.exe
2732	Unicorn-2687.exe
1936	Unicorn-62094.exe
2524	Unicorn-48551.exe
552	Unicorn-37943.exe
2228	Unicorn-57809.exe
2296	Unicorn-55313.exe
1112	Unicorn-40549.exe
964	Unicorn-8260.exe
1616	Unicorn-627.exe
1344	Unicorn-35883.exe
564	Unicorn-4684.exe
696	Unicorn-4684.exe
1852	Unicorn-4684.exe

Loads dropped DLL 64 IoCs

pid	Process
3052	6e2f268de5b8c8e8f71a4effdd905b19428b9bdbfdfabfe24728fca23adeeaa0N.exe
3052	6e2f268de5b8c8e8f71a4effdd905b19428b9bdbfdfabfe24728fca23adeeaa0N.exe
3052	6e2f268de5b8c8e8f71a4effdd905b19428b9bdbfdfabfe24728fca23adeeaa0N.exe
2696	Unicorn-36805.exe
3052	6e2f268de5b8c8e8f71a4effdd905b19428b9bdbfdfabfe24728fca23adeeaa0N.exe
2696	Unicorn-36805.exe
2688	Unicorn-41433.exe
2688	Unicorn-41433.exe
3052	6e2f268de5b8c8e8f71a4effdd905b19428b9bdbfdfabfe24728fca23adeeaa0N.exe
3052	6e2f268de5b8c8e8f71a4effdd905b19428b9bdbfdfabfe24728fca23adeeaa0N.exe
2796	Unicorn-45840.exe
2696	Unicorn-36805.exe
2796	Unicorn-45840.exe
2696	Unicorn-36805.exe
3032	Unicorn-40070.exe
3032	Unicorn-40070.exe
2796	Unicorn-45840.exe
2796	Unicorn-45840.exe
2696	Unicorn-36805.exe
2696	Unicorn-36805.exe
2044	Unicorn-56079.exe
2976	Unicorn-20204.exe
2044	Unicorn-56079.exe
2976	Unicorn-20204.exe
2556	Unicorn-33939.exe
2556	Unicorn-33939.exe
2688	Unicorn-41433.exe
3052	6e2f268de5b8c8e8f71a4effdd905b19428b9bdbfdfabfe24728fca23adeeaa0N.exe
3052	6e2f268de5b8c8e8f71a4effdd905b19428b9bdbfdfabfe24728fca23adeeaa0N.exe
2688	Unicorn-41433.exe
2264	Unicorn-8900.exe
2264	Unicorn-8900.exe
3032	Unicorn-40070.exe
3032	Unicorn-40070.exe
2360	Unicorn-33466.exe
2360	Unicorn-33466.exe
2796	Unicorn-45840.exe
2796	Unicorn-45840.exe
2868	Unicorn-53036.exe
2868	Unicorn-53036.exe
2688	Unicorn-41433.exe
2688	Unicorn-41433.exe
1664	Unicorn-7099.exe
1664	Unicorn-7099.exe
2164	Unicorn-36403.exe
2164	Unicorn-36403.exe
356	Unicorn-42533.exe
356	Unicorn-42533.exe
3052	6e2f268de5b8c8e8f71a4effdd905b19428b9bdbfdfabfe24728fca23adeeaa0N.exe
3052	6e2f268de5b8c8e8f71a4effdd905b19428b9bdbfdfabfe24728fca23adeeaa0N.exe
2696	Unicorn-36805.exe
2044	Unicorn-56079.exe
2612	Unicorn-7364.exe
2612	Unicorn-7364.exe
2696	Unicorn-36805.exe
2044	Unicorn-56079.exe
2276	Unicorn-9476.exe
2276	Unicorn-9476.exe
2556	Unicorn-33939.exe
2556	Unicorn-33939.exe
2976	Unicorn-20204.exe
2976	Unicorn-20204.exe
2920	Unicorn-34433.exe
2920	Unicorn-34433.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1236	1536	WerFault.exe	77

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2147.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23353.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33628.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17613.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7567.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52911.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58991.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57422.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62600.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35374.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24485.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50303.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29302.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24427.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19995.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62929.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60065.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55862.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28263.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32672.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9648.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60065.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26816.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56440.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51665.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58968.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17630.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58968.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42533.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24427.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33730.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39861.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33730.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12724.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35194.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61409.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6e2f268de5b8c8e8f71a4effdd905b19428b9bdbfdfabfe24728fca23adeeaa0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33466.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4684.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64498.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38221.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65400.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9648.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33998.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28937.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54170.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56440.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33857.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40306.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64156.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50303.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38221.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12262.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29302.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61141.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50303.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58968.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41433.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43485.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58187.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5728.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23440.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59021.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53064.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3052	6e2f268de5b8c8e8f71a4effdd905b19428b9bdbfdfabfe24728fca23adeeaa0N.exe
2696	Unicorn-36805.exe
2688	Unicorn-41433.exe
2796	Unicorn-45840.exe
2044	Unicorn-56079.exe
3032	Unicorn-40070.exe
2976	Unicorn-20204.exe
2556	Unicorn-33939.exe
2264	Unicorn-8900.exe
2360	Unicorn-33466.exe
2164	Unicorn-36403.exe
2276	Unicorn-9476.exe
2868	Unicorn-53036.exe
2612	Unicorn-7364.exe
356	Unicorn-42533.exe
1664	Unicorn-7099.exe
2920	Unicorn-34433.exe
2392	Unicorn-52424.exe
1004	Unicorn-39809.exe
1408	Unicorn-31374.exe
1824	Unicorn-3462.exe
1132	Unicorn-18564.exe
1976	Unicorn-22430.exe
1604	Unicorn-62869.exe
1764	Unicorn-29249.exe
1388	Unicorn-46846.exe
1732	Unicorn-8397.exe
620	Unicorn-28263.exe
2444	Unicorn-27998.exe
2256	Unicorn-61319.exe
2884	Unicorn-58117.exe
1012	Unicorn-25636.exe
2072	Unicorn-55567.exe
2100	Unicorn-58893.exe
2196	Unicorn-57871.exe
2816	Unicorn-55837.exe
2764	Unicorn-43485.exe
2824	Unicorn-2147.exe
2384	Unicorn-43834.exe
2588	Unicorn-38280.exe
2684	Unicorn-58115.exe
2252	Unicorn-27689.exe
1448	Unicorn-36713.exe
2548	Unicorn-56579.exe
328	Unicorn-32672.exe
1500	Unicorn-32672.exe
2564	Unicorn-47649.exe
1536	Unicorn-40454.exe
2532	Unicorn-53009.exe
1736	Unicorn-53009.exe
264	Unicorn-46879.exe
2348	Unicorn-33143.exe
2732	Unicorn-2687.exe
1936	Unicorn-62094.exe
2524	Unicorn-48551.exe
552	Unicorn-37943.exe
2228	Unicorn-57809.exe
2296	Unicorn-55313.exe
964	Unicorn-8260.exe
1112	Unicorn-40549.exe
1616	Unicorn-627.exe
2180	Unicorn-56486.exe
340	Unicorn-10814.exe
1924	Unicorn-10814.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3052 wrote to memory of 2696	3052	6e2f268de5b8c8e8f71a4effdd905b19428b9bdbfdfabfe24728fca23adeeaa0N.exe	31
PID 3052 wrote to memory of 2696	3052	6e2f268de5b8c8e8f71a4effdd905b19428b9bdbfdfabfe24728fca23adeeaa0N.exe	31
PID 3052 wrote to memory of 2696	3052	6e2f268de5b8c8e8f71a4effdd905b19428b9bdbfdfabfe24728fca23adeeaa0N.exe	31
PID 3052 wrote to memory of 2696	3052	6e2f268de5b8c8e8f71a4effdd905b19428b9bdbfdfabfe24728fca23adeeaa0N.exe	31
PID 2696 wrote to memory of 2796	2696	Unicorn-36805.exe	33
PID 2696 wrote to memory of 2796	2696	Unicorn-36805.exe	33
PID 2696 wrote to memory of 2796	2696	Unicorn-36805.exe	33
PID 2696 wrote to memory of 2796	2696	Unicorn-36805.exe	33
PID 3052 wrote to memory of 2688	3052	6e2f268de5b8c8e8f71a4effdd905b19428b9bdbfdfabfe24728fca23adeeaa0N.exe	32
PID 3052 wrote to memory of 2688	3052	6e2f268de5b8c8e8f71a4effdd905b19428b9bdbfdfabfe24728fca23adeeaa0N.exe	32
PID 3052 wrote to memory of 2688	3052	6e2f268de5b8c8e8f71a4effdd905b19428b9bdbfdfabfe24728fca23adeeaa0N.exe	32
PID 3052 wrote to memory of 2688	3052	6e2f268de5b8c8e8f71a4effdd905b19428b9bdbfdfabfe24728fca23adeeaa0N.exe	32
PID 2688 wrote to memory of 2044	2688	Unicorn-41433.exe	34
PID 2688 wrote to memory of 2044	2688	Unicorn-41433.exe	34
PID 2688 wrote to memory of 2044	2688	Unicorn-41433.exe	34
PID 2688 wrote to memory of 2044	2688	Unicorn-41433.exe	34
PID 3052 wrote to memory of 2556	3052	6e2f268de5b8c8e8f71a4effdd905b19428b9bdbfdfabfe24728fca23adeeaa0N.exe	35
PID 3052 wrote to memory of 2556	3052	6e2f268de5b8c8e8f71a4effdd905b19428b9bdbfdfabfe24728fca23adeeaa0N.exe	35
PID 3052 wrote to memory of 2556	3052	6e2f268de5b8c8e8f71a4effdd905b19428b9bdbfdfabfe24728fca23adeeaa0N.exe	35
PID 3052 wrote to memory of 2556	3052	6e2f268de5b8c8e8f71a4effdd905b19428b9bdbfdfabfe24728fca23adeeaa0N.exe	35
PID 2796 wrote to memory of 3032	2796	Unicorn-45840.exe	36
PID 2796 wrote to memory of 3032	2796	Unicorn-45840.exe	36
PID 2796 wrote to memory of 3032	2796	Unicorn-45840.exe	36
PID 2796 wrote to memory of 3032	2796	Unicorn-45840.exe	36
PID 2696 wrote to memory of 2976	2696	Unicorn-36805.exe	37
PID 2696 wrote to memory of 2976	2696	Unicorn-36805.exe	37
PID 2696 wrote to memory of 2976	2696	Unicorn-36805.exe	37
PID 2696 wrote to memory of 2976	2696	Unicorn-36805.exe	37
PID 3032 wrote to memory of 2264	3032	Unicorn-40070.exe	38
PID 3032 wrote to memory of 2264	3032	Unicorn-40070.exe	38
PID 3032 wrote to memory of 2264	3032	Unicorn-40070.exe	38
PID 3032 wrote to memory of 2264	3032	Unicorn-40070.exe	38
PID 2796 wrote to memory of 2360	2796	Unicorn-45840.exe	39
PID 2796 wrote to memory of 2360	2796	Unicorn-45840.exe	39
PID 2796 wrote to memory of 2360	2796	Unicorn-45840.exe	39
PID 2796 wrote to memory of 2360	2796	Unicorn-45840.exe	39
PID 2696 wrote to memory of 2164	2696	Unicorn-36805.exe	40
PID 2696 wrote to memory of 2164	2696	Unicorn-36805.exe	40
PID 2696 wrote to memory of 2164	2696	Unicorn-36805.exe	40
PID 2696 wrote to memory of 2164	2696	Unicorn-36805.exe	40
PID 2044 wrote to memory of 356	2044	Unicorn-56079.exe	41
PID 2044 wrote to memory of 356	2044	Unicorn-56079.exe	41
PID 2044 wrote to memory of 356	2044	Unicorn-56079.exe	41
PID 2044 wrote to memory of 356	2044	Unicorn-56079.exe	41
PID 2976 wrote to memory of 2276	2976	Unicorn-20204.exe	42
PID 2976 wrote to memory of 2276	2976	Unicorn-20204.exe	42
PID 2976 wrote to memory of 2276	2976	Unicorn-20204.exe	42
PID 2976 wrote to memory of 2276	2976	Unicorn-20204.exe	42
PID 2556 wrote to memory of 2612	2556	Unicorn-33939.exe	43
PID 2556 wrote to memory of 2612	2556	Unicorn-33939.exe	43
PID 2556 wrote to memory of 2612	2556	Unicorn-33939.exe	43
PID 2556 wrote to memory of 2612	2556	Unicorn-33939.exe	43
PID 3052 wrote to memory of 1664	3052	6e2f268de5b8c8e8f71a4effdd905b19428b9bdbfdfabfe24728fca23adeeaa0N.exe	45
PID 3052 wrote to memory of 1664	3052	6e2f268de5b8c8e8f71a4effdd905b19428b9bdbfdfabfe24728fca23adeeaa0N.exe	45
PID 3052 wrote to memory of 1664	3052	6e2f268de5b8c8e8f71a4effdd905b19428b9bdbfdfabfe24728fca23adeeaa0N.exe	45
PID 3052 wrote to memory of 1664	3052	6e2f268de5b8c8e8f71a4effdd905b19428b9bdbfdfabfe24728fca23adeeaa0N.exe	45
PID 2688 wrote to memory of 2868	2688	Unicorn-41433.exe	44
PID 2688 wrote to memory of 2868	2688	Unicorn-41433.exe	44
PID 2688 wrote to memory of 2868	2688	Unicorn-41433.exe	44
PID 2688 wrote to memory of 2868	2688	Unicorn-41433.exe	44
PID 2264 wrote to memory of 2920	2264	Unicorn-8900.exe	46
PID 2264 wrote to memory of 2920	2264	Unicorn-8900.exe	46
PID 2264 wrote to memory of 2920	2264	Unicorn-8900.exe	46
PID 2264 wrote to memory of 2920	2264	Unicorn-8900.exe	46

C:\Users\Admin\AppData\Local\Temp\6e2f268de5b8c8e8f71a4effdd905b19428b9bdbfdfabfe24728fca23adeeaa0N.exe
"C:\Users\Admin\AppData\Local\Temp\6e2f268de5b8c8e8f71a4effdd905b19428b9bdbfdfabfe24728fca23adeeaa0N.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3052
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36805.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36805.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45840.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45840.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40070.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40070.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8900.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34433.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55567.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-627.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57483.exe
        9⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19891.exe
        10⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51956.exe
        10⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21390.exe
        10⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4269.exe
        10⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32313.exe
        9⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-154.exe
        9⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10402.exe
        9⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57422.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65400.exe
        8⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23277.exe
        8⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50303.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49160.exe
        8⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35883.exe
        7⤵
        Executes dropped EXE
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62570.exe
        8⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51665.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53156.exe
        8⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58968.exe
        8⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22321.exe
        8⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56440.exe
        7⤵
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5728.exe
        7⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50164.exe
        7⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18308.exe
        7⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52260.exe
        7⤵
        
        PID:5852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58893.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10814.exe
        7⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9505.exe
        8⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19995.exe
        8⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12724.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50303.exe
        8⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6554.exe
        8⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30475.exe
        7⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39861.exe
        8⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49850.exe
        8⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20583.exe
        8⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26816.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33730.exe
        7⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12262.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5846.exe
        7⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47701.exe
        7⤵
        
        PID:6408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4684.exe
        6⤵
        Executes dropped EXE
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36001.exe
        7⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51665.exe
        7⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53156.exe
        7⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58968.exe
        7⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5108.exe
        7⤵
        
        PID:5716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40038.exe
        6⤵
        
        PID:2248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62600.exe
        6⤵
        
        PID:3540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33820.exe
        6⤵
        
        PID:4824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50833.exe
        6⤵
        
        PID:2284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49644.exe
        6⤵
        
        PID:5936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52424.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57871.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10814.exe
        7⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62570.exe
        8⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25710.exe
        8⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17613.exe
        8⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62929.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35119.exe
        8⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52730.exe
        7⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5728.exe
        7⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8411.exe
        7⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35374.exe
        7⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63594.exe
        7⤵
        
        PID:5488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56486.exe
        6⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62570.exe
        7⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39861.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52164.exe
        9⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9648.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48430.exe
        9⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24485.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53103.exe
        8⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4269.exe
        8⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19995.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38221.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11028.exe
        7⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12407.exe
        7⤵
        
        PID:6180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56440.exe
        6⤵
        
        PID:1728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5728.exe
        6⤵
        
        PID:4064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8411.exe
        6⤵
        
        PID:4520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18160.exe
        6⤵
        
        PID:5508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29336.exe
        6⤵
        
        PID:6480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43485.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10814.exe
        6⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62570.exe
        7⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51665.exe
        7⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23820.exe
        7⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17630.exe
        7⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61409.exe
        7⤵
        
        PID:6252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42704.exe
        6⤵
        
        PID:2580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65400.exe
        6⤵
        
        PID:4012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59021.exe
        6⤵
        
        PID:4620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50303.exe
        6⤵
        
        PID:4152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35194.exe
        6⤵
        
        PID:6116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10549.exe
        5⤵
        
        PID:1784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5844.exe
        6⤵
        
        PID:3888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9218.exe
        6⤵
        
        PID:4476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52911.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60395.exe
        6⤵
        
        PID:5904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31372.exe
        5⤵
        
        PID:3080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23440.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53484.exe
        5⤵
        
        PID:4656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36593.exe
        5⤵
        
        PID:5948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29519.exe
        5⤵
        
        PID:6844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33466.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33466.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39809.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55837.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10814.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62570.exe
        8⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44086.exe
        8⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50303.exe
        8⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60065.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42704.exe
        7⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31576.exe
        7⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49756.exe
        7⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63594.exe
        7⤵
        
        PID:5244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56486.exe
        6⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38994.exe
        7⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65400.exe
        7⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59021.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50303.exe
        7⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44605.exe
        7⤵
        
        PID:6008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40955.exe
        6⤵
        
        PID:2988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5728.exe
        6⤵
        
        PID:3880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8411.exe
        6⤵
        
        PID:4512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50833.exe
        6⤵
        
        PID:4200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15413.exe
        6⤵
        
        PID:6452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2147.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10814.exe
        6⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43219.exe
        7⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4723.exe
        8⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51994.exe
        8⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54455.exe
        8⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51665.exe
        7⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17411.exe
        7⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10402.exe
        7⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55862.exe
        7⤵
        
        PID:6968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42704.exe
        6⤵
        
        PID:2740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65400.exe
        6⤵
        
        PID:3772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59021.exe
        6⤵
        
        PID:4596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50303.exe
        6⤵
        
        PID:5028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24167.exe
        6⤵
        
        PID:7108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4684.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48203.exe
        6⤵
        
        PID:2176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38438.exe
        6⤵
        
        PID:4080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38221.exe
        6⤵
        
        PID:4412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10402.exe
        6⤵
        
        PID:5724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5784.exe
        6⤵
        
        PID:7056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42954.exe
        5⤵
        
        PID:324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62600.exe
        5⤵
        
        PID:3992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33820.exe
        5⤵
        
        PID:4696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50641.exe
        5⤵
        
        PID:1552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30729.exe
        5⤵
        
        PID:6004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31374.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55313.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10465.exe
        6⤵
        
        PID:2056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18459.exe
        6⤵
        
        PID:3916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12724.exe
        6⤵
        
        PID:4440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50303.exe
        6⤵
        
        PID:5192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63659.exe
        6⤵
        
        PID:6296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23353.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65400.exe
        5⤵
        
        PID:3568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59021.exe
        5⤵
        
        PID:4604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17630.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61409.exe
        5⤵
        
        PID:6212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8260.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8260.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25610.exe
        5⤵
        
        PID:2432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56459.exe
        6⤵
        
        PID:2312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40306.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38221.exe
        6⤵
        
        PID:4376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58968.exe
        6⤵
        
        PID:5236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46593.exe
        6⤵
        
        PID:6288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42704.exe
        5⤵
        
        PID:2568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65400.exe
        5⤵
        
        PID:3560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59021.exe
        5⤵
        
        PID:4804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50303.exe
        5⤵
        
        PID:5160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49160.exe
        5⤵
        
        PID:7160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21176.exe
      4⤵
      PID:2924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11365.exe
        5⤵
        
        PID:4908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39367.exe
        5⤵
        
        PID:5272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13863.exe
        5⤵
        
        PID:5636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64498.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64498.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38900.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38900.exe
      4⤵
      PID:940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53484.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53484.exe
      4⤵
      PID:4644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36593.exe
      4⤵
      PID:5868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29519.exe
      4⤵
      PID:6804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20204.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20204.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9476.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61319.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53009.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50543.exe
        7⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33730.exe
        7⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4059.exe
        7⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18308.exe
        7⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22851.exe
        7⤵
        
        PID:5544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38933.exe
        6⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2175.exe
        7⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9648.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21232.exe
        7⤵
        
        PID:6368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33730.exe
        6⤵
        
        PID:3824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44086.exe
        6⤵
        
        PID:4304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2363.exe
        6⤵
        
        PID:5404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61409.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48551.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25802.exe
        6⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34698.exe
        7⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51665.exe
        7⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17411.exe
        7⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10402.exe
        7⤵
        
        PID:5700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12720.exe
        6⤵
        
        PID:1532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65400.exe
        6⤵
        
        PID:4048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59021.exe
        6⤵
        
        PID:4612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53064.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27008.exe
        6⤵
        
        PID:6308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23976.exe
        5⤵
        
        PID:2908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58187.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19995.exe
        6⤵
        
        PID:3648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38221.exe
        6⤵
        
        PID:4392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10402.exe
        6⤵
        
        PID:5692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55862.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47938.exe
        5⤵
        
        PID:1808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18185.exe
        5⤵
        
        PID:3748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18885.exe
        5⤵
        
        PID:4172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35374.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30729.exe
        5⤵
        
        PID:5548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25636.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53009.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2837.exe
        6⤵
        
        PID:3328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31576.exe
        6⤵
        
        PID:1064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56039.exe
        6⤵
        
        PID:4472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39114.exe
        6⤵
        
        PID:5432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42704.exe
        5⤵
        
        PID:1816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65400.exe
        5⤵
        
        PID:3784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58829.exe
        5⤵
        
        PID:4576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50111.exe
        5⤵
        
        PID:4504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35194.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62094.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62094.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2837.exe
        5⤵
        
        PID:3312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47035.exe
        5⤵
        
        PID:1628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8948.exe
        5⤵
        
        PID:4752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46393.exe
        5⤵
        
        PID:5928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52185.exe
        5⤵
        
        PID:6820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42954.exe
      4⤵
      PID:896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62600.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62600.exe
      4⤵
      PID:4056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25477.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25477.exe
      4⤵
      PID:4492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29302.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39844.exe
      4⤵
      PID:6528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36403.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36403.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29249.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27689.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10814.exe
        5⤵
        
        PID:2456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25388.exe
        6⤵
        
        PID:3944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24485.exe
        6⤵
        
        PID:4296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19067.exe
        6⤵
        
        PID:5612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6860.exe
        6⤵
        
        PID:7000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2837.exe
        5⤵
        
        PID:3320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64632.exe
        5⤵
        
        PID:1640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56039.exe
        5⤵
        
        PID:4484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53193.exe
        5⤵
        
        PID:5668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4684.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4684.exe
      4⤵
      PID:1752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27116.exe
        5⤵
        
        PID:3848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24485.exe
        5⤵
        
        PID:4288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20430.exe
        5⤵
        
        PID:5528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21072.exe
        5⤵
        
        PID:6152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40038.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40038.exe
      4⤵
      PID:3068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6375.exe
      4⤵
      PID:1920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9478.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9478.exe
      4⤵
      PID:4632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41928.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41928.exe
      4⤵
      PID:5920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25319.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25319.exe
      4⤵
      PID:6812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27998.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27998.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58115.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58115.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10814.exe
        5⤵
        
        PID:2932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39861.exe
        6⤵
        
        PID:3788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6859.exe
        6⤵
        
        PID:4244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10402.exe
        6⤵
        
        PID:5676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55862.exe
        6⤵
        
        PID:6992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20437.exe
        5⤵
        
        PID:2028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31576.exe
        5⤵
        
        PID:3548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56039.exe
        5⤵
        
        PID:4716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34529.exe
        5⤵
        
        PID:5672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28947.exe
        5⤵
        
        PID:6488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56486.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56486.exe
      4⤵
      PID:1700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62570.exe
        5⤵
        
        PID:1492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51665.exe
        5⤵
        
        PID:3840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53156.exe
        5⤵
        
        PID:4720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58968.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11063.exe
        5⤵
        
        PID:5900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37089.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37089.exe
      4⤵
      PID:1776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5728.exe
      4⤵
      PID:3932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14611.exe
      4⤵
      PID:4996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1287.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1287.exe
      4⤵
      PID:5388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12937.exe
      4⤵
      PID:6188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47649.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47649.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43219.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43219.exe
      4⤵
      PID:1944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51665.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51665.exe
      4⤵
      PID:3976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17411.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17411.exe
      4⤵
      PID:4976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10402.exe
      4⤵
      PID:5720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55862.exe
      4⤵
      PID:6976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17753.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17753.exe
    3⤵
    PID:2800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63130.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63130.exe
    3⤵
    PID:4092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59147.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59147.exe
    3⤵
    PID:4928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41564.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41564.exe
    3⤵
    PID:5368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55808.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55808.exe
    3⤵
    PID:5828
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41433.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41433.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56079.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56079.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42533.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46846.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56486.exe
        6⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62570.exe
        7⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44086.exe
        7⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50303.exe
        7⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44605.exe
        7⤵
        
        PID:5380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56440.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5728.exe
        6⤵
        
        PID:3476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50356.exe
        6⤵
        
        PID:4884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33767.exe
        6⤵
        
        PID:5124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23619.exe
        6⤵
        
        PID:5384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4684.exe
        5⤵
        Executes dropped EXE
        
        PID:696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32586.exe
        6⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43674.exe
        7⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39098.exe
        7⤵
        
        PID:5864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51665.exe
        6⤵
        
        PID:3832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53156.exe
        6⤵
        
        PID:4736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58968.exe
        6⤵
        
        PID:5104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19057.exe
        6⤵
        
        PID:5452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26971.exe
        5⤵
        
        PID:2316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62600.exe
        5⤵
        
        PID:3592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33628.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39479.exe
        5⤵
        
        PID:5564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15117.exe
        5⤵
        
        PID:6912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8397.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8397.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43834.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10814.exe
        6⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62570.exe
        7⤵
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51665.exe
        7⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17411.exe
        7⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26296.exe
        7⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12407.exe
        7⤵
        
        PID:6164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42704.exe
        6⤵
        
        PID:1772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31576.exe
        6⤵
        
        PID:3420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15642.exe
        6⤵
        
        PID:4136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46393.exe
        6⤵
        
        PID:5892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52185.exe
        6⤵
        
        PID:6828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56486.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62570.exe
        6⤵
        
        PID:2144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44086.exe
        6⤵
        
        PID:4328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50303.exe
        6⤵
        
        PID:5216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60065.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56440.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5728.exe
        5⤵
        
        PID:3812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50356.exe
        5⤵
        
        PID:4744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58136.exe
        6⤵
        
        PID:6220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20942.exe
        5⤵
        
        PID:5440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1319.exe
        5⤵
        
        PID:7028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38280.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38280.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10814.exe
        5⤵
        
        PID:1560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41768.exe
        6⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3431.exe
        7⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51994.exe
        7⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54455.exe
        7⤵
        
        PID:6784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19995.exe
        6⤵
        
        PID:3664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38221.exe
        6⤵
        
        PID:4368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58968.exe
        6⤵
        
        PID:5176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61141.exe
        6⤵
        
        PID:5504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3345.exe
        5⤵
        
        PID:1072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33730.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44086.exe
        5⤵
        
        PID:4336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50303.exe
        5⤵
        
        PID:1592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54110.exe
        5⤵
        
        PID:5840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9283.exe
      4⤵
      PID:2700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62570.exe
        5⤵
        
        PID:2160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51665.exe
        5⤵
        
        PID:4040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17411.exe
        5⤵
        
        PID:4960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10402.exe
        5⤵
        
        PID:5776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25191.exe
      4⤵
      PID:2788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46064.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46064.exe
      4⤵
      PID:3896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50886.exe
      4⤵
      PID:4772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29302.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34805.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34805.exe
      4⤵
      PID:5468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53036.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53036.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22430.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2687.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43219.exe
        6⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8967.exe
        7⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45032.exe
        7⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11748.exe
        7⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6057.exe
        7⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51655.exe
        7⤵
        
        PID:6860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4561.exe
        6⤵
        
        PID:3336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17550.exe
        6⤵
        
        PID:3008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17613.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62929.exe
        6⤵
        
        PID:5964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35119.exe
        6⤵
        
        PID:6852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42704.exe
        5⤵
        
        PID:2664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65400.exe
        5⤵
        
        PID:3760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59021.exe
        5⤵
        
        PID:4668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50303.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49160.exe
        5⤵
        
        PID:7140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37943.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53309.exe
        5⤵
        
        PID:2812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65400.exe
        5⤵
        
        PID:3856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59021.exe
        5⤵
        
        PID:4676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50303.exe
        5⤵
        
        PID:3076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2522.exe
        5⤵
        
        PID:5304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35638.exe
      4⤵
      PID:2188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39596.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39596.exe
      4⤵
      PID:3612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35420.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35420.exe
      4⤵
      PID:4252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33767.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33767.exe
      4⤵
      PID:5108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23619.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23619.exe
      4⤵
      PID:5140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62869.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62869.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57809.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57809.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24427.exe
        5⤵
        
        PID:3368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27434.exe
        5⤵
        
        PID:1928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15702.exe
        5⤵
        
        PID:4784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33998.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50434.exe
        5⤵
        
        PID:6420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42704.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42704.exe
      4⤵
      PID:2540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65400.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65400.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59021.exe
      4⤵
      PID:4764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17630.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17630.exe
      4⤵
      PID:5356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61409.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61409.exe
      4⤵
      PID:6012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40549.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40549.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24427.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4007.exe
      4⤵
      PID:3520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15702.exe
      4⤵
      PID:4792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33998.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33998.exe
      4⤵
      PID:5804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33412.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33412.exe
      4⤵
      PID:6492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25191.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25191.exe
    3⤵
    PID:1692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46064.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46064.exe
    3⤵
    PID:4072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50886.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50886.exe
    3⤵
    PID:4708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29302.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29302.exe
    3⤵
    PID:4572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61523.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61523.exe
    3⤵
    PID:5472
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33939.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33939.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7364.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7364.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28263.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28263.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32672.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41768.exe
        6⤵
        
        PID:2660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19995.exe
        6⤵
        
        PID:3624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38221.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10402.exe
        6⤵
        
        PID:5708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36593.exe
        5⤵
        
        PID:2408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33730.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44086.exe
        5⤵
        
        PID:4312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50303.exe
        5⤵
        
        PID:3780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5786.exe
        5⤵
        
        PID:5656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33143.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33143.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47085.exe
        5⤵
        
        PID:2592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51665.exe
        5⤵
        
        PID:4004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33612.exe
        5⤵
        
        PID:4496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50303.exe
        5⤵
        
        PID:4972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35194.exe
        5⤵
        
        PID:6140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56440.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56440.exe
      4⤵
      PID:1036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5728.exe
      4⤵
      PID:4024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14611.exe
      4⤵
      PID:5004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51365.exe
      4⤵
      PID:5416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12937.exe
      4⤵
      PID:6172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58117.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58117.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32672.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42797.exe
        5⤵
        
        PID:2584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20061.exe
        6⤵
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19995.exe
        6⤵
        
        PID:3632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12724.exe
        6⤵
        
        PID:4268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50303.exe
        6⤵
        
        PID:4904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50543.exe
        5⤵
        
        PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33730.exe
        5⤵
        
        PID:3696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7567.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12998.exe
        5⤵
        
        PID:5600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40633.exe
        5⤵
        
        PID:6380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38416.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38416.exe
      4⤵
      PID:2212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43219.exe
        5⤵
        
        PID:2156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51665.exe
        5⤵
        
        PID:3940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17411.exe
        5⤵
        
        PID:4988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13981.exe
        5⤵
        
        PID:5784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3165.exe
        5⤵
        
        PID:6400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56440.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56440.exe
      4⤵
      PID:2508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5728.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4065.exe
        5⤵
        
        PID:5808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32219.exe
        5⤵
        
        PID:7080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50356.exe
      4⤵
      PID:4892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33767.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33767.exe
      4⤵
      PID:4128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27629.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27629.exe
      4⤵
      PID:5376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46879.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46879.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24427.exe
      4⤵
      PID:3376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36487.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36487.exe
      4⤵
      PID:3532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15702.exe
      4⤵
      PID:4508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43579.exe
      4⤵
      PID:5492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62305.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62305.exe
    3⤵
    PID:2000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35951.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35951.exe
    3⤵
    PID:4180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29110.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29110.exe
    3⤵
    PID:4212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25394.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25394.exe
    3⤵
    PID:5992
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7099.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7099.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3462.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3462.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56486.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56486.exe
      4⤵
      PID:2940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62570.exe
        5⤵
        
        PID:1872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51665.exe
        5⤵
        
        PID:3968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53156.exe
        5⤵
        
        PID:4756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28937.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56440.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56440.exe
      4⤵
      PID:2652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5728.exe
      4⤵
      PID:3492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64156.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50833.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50833.exe
      4⤵
      PID:3528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2089.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2089.exe
      4⤵
      PID:5996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36713.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36713.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10814.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10814.exe
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58991.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27116.exe
        6⤵
        
        PID:3816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6859.exe
        6⤵
        
        PID:4220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58968.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46593.exe
        6⤵
        
        PID:6280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19995.exe
        5⤵
        
        PID:3680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38221.exe
        5⤵
        
        PID:4352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58968.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19057.exe
        5⤵
        
        PID:5988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51835.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51835.exe
      4⤵
      PID:2452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55171.exe
        5⤵
        
        PID:6128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33730.exe
      4⤵
      PID:3724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44086.exe
      4⤵
      PID:4344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50303.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50303.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44605.exe
      4⤵
      PID:5456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29484.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29484.exe
    3⤵
    PID:2656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62570.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62570.exe
      4⤵
      PID:2060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51665.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51665.exe
      4⤵
      PID:3576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53156.exe
      4⤵
      PID:4864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58968.exe
      4⤵
      PID:5296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61141.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61141.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33857.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33857.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62600.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62600.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63613.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63613.exe
    3⤵
    PID:4940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2893.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2893.exe
    3⤵
    PID:5520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56943.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56943.exe
    3⤵
    PID:5448
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18564.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18564.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56579.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56579.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58799.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58799.exe
      4⤵
      PID:448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24427.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4801.exe
        5⤵
        
        PID:952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60290.exe
        5⤵
        
        PID:4844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6057.exe
        5⤵
        
        PID:5972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33730.exe
      4⤵
      PID:3720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44086.exe
      4⤵
      PID:4428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17630.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17630.exe
      4⤵
      PID:5340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61409.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61409.exe
      4⤵
      PID:6196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56391.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56391.exe
    3⤵
    PID:2424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33730.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33730.exe
    3⤵
    PID:3736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44086.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44086.exe
    3⤵
    PID:4420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17630.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17630.exe
    3⤵
    PID:5332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61409.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61409.exe
    3⤵
    PID:6244
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40454.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40454.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1536
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 188
    3⤵
    - Program crash
    PID:1236
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54170.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54170.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2332
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41599.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41599.exe
  2⤵
  PID:3904
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24020.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24020.exe
  2⤵
  PID:4684
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28167.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28167.exe
  2⤵
  PID:4104
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34723.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34723.exe
  2⤵
  PID:5316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-34433.exe

Filesize
468KB

MD5
0f8c710bec0ee3e661ee2e577b7f5d6d

SHA1
490daf45628cbda0aa05ac1e36ebeb5e356ef73d

SHA256
a47682901eaa558d53f1c894dfcc97478dcb9cc4e5ee72f0a433748895e0364b

SHA512
e6755a78b9732301beee681aed3fb6ccf446c79ac2233cbaf5fca15aa255bcef85d262a0e03cb60b2a2d2629b84d30c846d0c71523cf67b88d4e41f9a0b832de

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39809.exe

Filesize
468KB

MD5
f8f623f5f969d17f5700a3bd99c9bf0c

SHA1
05f3f11fd88748a3793d1b625ffce9379e44ceaf

SHA256
ae61fc6acf31bdb94e3dea5bcc475ab29e6a4b3a2c094e5a0b6762b450df9078

SHA512
75c3393973275c8cc24865b033d191e389ae86adf78fcf078c6d7c8faadc35258fda65cbed41d0239497613fd1ecb5833abc1be2af4bdbe5fc279d878df319d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45840.exe

Filesize
468KB

MD5
d2b15e4b08c3703b5c95fd18e2d7f83e

SHA1
c01d593c54af5a62b0489894dcf91199642d0afd

SHA256
459fedb9d00e96a6eb9fa4255483551b5a43b5400d6ddaaaeed30a49a26d2caf

SHA512
9a475c3bcabcf70ac6eb9cc2b775b404426c35f607ce693d22204610190b564821b4f79cef8dadcaf45bf392b649cd7d707808f629d026a6aa48f6cd5e336201

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5844.exe

Filesize
468KB

MD5
bb946431017872b34d0278aba30458e1

SHA1
8ec141246cedf0d77d939d3c9bec1b8a04d2bb64

SHA256
a5589cb53aca7ecdf55e8b0356fec1d128278402dae9bd833a6841e9483489c0

SHA512
2098abad82fac7ea2b082b78989ef353eee9ef2053ecf962def2a7a540ef74a802d21e1375c3bd193386383c8af3b2294ab43e204ac21e8d22ed7e80c713df26

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8900.exe

Filesize
468KB

MD5
482234196111e16ab0e74a43e9984d7c

SHA1
240d7e5bc2b9b507beb7f63fa4605ee244981858

SHA256
82f91f7fe6c74af163e0344e51dcd9b25000a8c9358507de0cb91a463db06810

SHA512
45bf97969eb12c78333985d123770f328a18b719308042cba38073fc449a5cc2faf4458104395ce5c2952a653db975675aafacad61589a260794b71d45c57b00

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20204.exe

Filesize
468KB

MD5
78c1a17ee70390742d07c326fb13bf9a

SHA1
9018edab61f796c96ebd65fae70c652e990b071e

SHA256
17e9a3f49dc63f9ee7da18b7ff76c3d54733b607b079c69bc742fb55251f3fe5

SHA512
3327a36fefdc65a56e3beaa5c904bcea5cd185fe5c46b243a810740cad0a5a74d0204e3c3d4963d2b254bee51b3860c56aa5fe41c291d91ee897f62940b42aa0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31374.exe

Filesize
468KB

MD5
86c1a4e0044ca16c0e6dd78f24cd7727

SHA1
592a6c175b4d531f51baee5ae1fba7b29712dba0

SHA256
210e081e7c374cffd70bd15e7b771d887817b9f5ecd23e841acb877a140ad00d

SHA512
5379f6dee042ce354ec323472a67aafbabf40942e24f67028aa976b80fb73d3697d4411679ae6cd51b83b1e2e0102806ce952ef8bdc182a2900bddde2743a0cb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33466.exe

Filesize
468KB

MD5
9f971bf955b728665c7b87c443e1f526

SHA1
98c711a8fe8d3355b850eb3d20b7914673015654

SHA256
fc5d6aacde77bfc363ab5c776aa6877ba856fc805c9c6ebf1dd4ae2ddb6c2b3a

SHA512
97f0c2a97586d4a4c16bb00ab07ed7ce383be8d30df876709d24464ed4372236bf93691502a954900f2edf7643d9d4777e7ed36d0bab07e87b6bf73d3f94bcdf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33939.exe

Filesize
468KB

MD5
31ffdacb92214085846c23d55e70018f

SHA1
35c291bf0ab41ce09befe0179c8236ef31a041c2

SHA256
c7eb2ba7d22ec448e7d59ea258c37c4fe8e70ef7115cc22426557ca927c94a23

SHA512
6486366892908553c7d889ac4b7043d415365ee0ebd781d488ffff6ca1f5246c5882010643c26a9a8750ad3e9ce5981b3d56aabb251353bb53a8a3325a9af135

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36403.exe

Filesize
468KB

MD5
bb05223977eb6ef171842adca51ec35a

SHA1
913a8009e155c5358594c7e56b3f1c302700c9e7

SHA256
2504f8e301baa9b476f33b4eb193b9dde3bc6173f2d9d4f8dbade1100044e77c

SHA512
99a42eabd47264d29544eb151d475d76a6bfed226a885d364c9fcc7fdb5bcc7dd0ee1f8c134ba43e8add64370ec5fa710b321b37ec1f14c1fceb8cb4a605bb70

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36805.exe

Filesize
468KB

MD5
19f3c76289ed977a6ba296d9bbcd9766

SHA1
3f96c4692118e9873ef678ccf3e6ed01e6feef1f

SHA256
f44d219c1c54a4da5d951303b895c16d1d827901b0d55f07bdf53737d41e7b32

SHA512
96997cd1f581ed78f7f4a526ba633ca17f9e828743886fff929b55914f2fe87c342d45e765ed176e15a6c9a49a634a54c8812602230cac6b24a95c5fd92b4446

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40070.exe

Filesize
468KB

MD5
0fae0cc68028812bfba55cac88026ff9

SHA1
3e1f22f342009ef1284cef113faafacb82989fa0

SHA256
18bfb827e0b03d76f5ece4324b445b57dd68eb3026708b0fad6abce1e2246206

SHA512
a3eb8df01671adc8e71ea99ec76eaa2e7ad630eca87566d48cfe0ff76a70edc18e07d0ca1d12275d3b596965a9ccadaa0502ef147a6ad1cfe4fe0edf0b514364

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41433.exe

Filesize
468KB

MD5
5c2b3c5b675c7ab2fa43d245c8a054ef

SHA1
7355d1b11adf4cf37e3bc7147baad63e0dc1de5a

SHA256
4b3543f884daccef9cf87afb663ffa3007fd0acf89517c7c538a83151b08cf36

SHA512
ce924f6c6dd8eaa2435e3faa0c7a7e6288f6581c71a7e46bad5a07f5158697e4d8bc5951b654a333270f889c0fc377dd53d8d7e42e667e61137416d5f2276538

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42533.exe

Filesize
468KB

MD5
85e0db94b70e75fa7fc3b644d6904a93

SHA1
6b4d8add7452e3ae268784e085139f7903f00f27

SHA256
83f611de1c220a981b33ff227ab812529daffef9325856a26715cd15cd56cc84

SHA512
fbda19c8739480fe087b791cea3dc21ca34cd53be6a8971100b2af79ab77de16a2179a2f3d7c8a82cf04d3b7487d7c8b7c3b114c483695f7a12c60881e5285dd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52424.exe

Filesize
468KB

MD5
0f7436b057e957ce5a59537438a46dde

SHA1
b1c411dfd2dcaddad5c5d507e094edce3212d9c2

SHA256
5999c64895d157aba0e30e65e6c71e338104031e6c7ae97352b71566a54f752a

SHA512
d608186ca95cd5e4c118d0676d2295b0056a123deb3cb9c98eb322696e39df09b6c6dafc11a141f7e09e70526379058f00d5eb8b636906cba911413e03b34d2e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53036.exe

Filesize
468KB

MD5
015e7ce47367ff8ce85b09ed9e906457

SHA1
e1d604f5f2d760aa696ec586d0dcd0cc252bf41c

SHA256
90ba493ef4a0c3cab09bb23f6456494e948854bc80e66941ef3f960f7d52ebcf

SHA512
373b14bffc15df7da18433e9247be5270e303b3687b5206e89254f6fee109e6eac8f157667a3bf2b20046fa523f7fefb99b2c0de48314ccf2e7409572ad646ad

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56079.exe

Filesize
468KB

MD5
f823120e3ff9ecd81f7d1f10b90d6ea7

SHA1
5f20cb892b9d1e760bfe98e32c43a9bc175af8ba

SHA256
8fc8781fd5011ad0a2f5501e0e69408f969ba32f91ad24b3efe3d3345a4ab842

SHA512
53fcc867d0d9ca6cb52ddaa793bcac8f6de7a8da680f4c856e6f13b9fde8d199e57fa01261175f34de7779154379362b0b9afb38ea4c61e4f05e8c3578f3ec5b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7099.exe

Filesize
468KB

MD5
5024fc769d5f1e1ab9c69405b3655a02

SHA1
c8d324a22a528a3088bcad8f68dca44ad17f1977

SHA256
c9b8235f1d622a0a71ea39134645514f735bc627a214ee191e674d9a0457c7ca

SHA512
805ed1493e4bdc084589482778ab849f57978d690270a64c53b4c8ba537b1fc82ce686dabee7face549985896eb76d268c189b3b96e9a86654e1ad7e922c7ff9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7364.exe

Filesize
468KB

MD5
87b73d0946500ab71d82d5243e3ee66d

SHA1
bc6d398dbbd9e634e5f9ab53aa121545d5eac4f6

SHA256
faac96bd7cd4af05f2a736d3008fefe045f504c266abea840f43b93282d156d6

SHA512
9cb01ef95231246b58c671a198db78e412c6046432515538720bab4b640717336c93421d4634734f9a3582eb819636cc39de14c75c0a88072477a0b528508765

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9476.exe

Filesize
468KB

MD5
710924418c0dd57a0917ac7c5d0ca42b

SHA1
53ffc596f332c442d5ad66fd1c3cee657518f4ed

SHA256
2b35e52bdeefc1de9634230e9f4670298d78760e1fa1bbc6decae1638446c319

SHA512
e34fe564ee3564446902aa94f92b0799f4c994c15ff341fcce4a6628eb9bb4863c2fd6955b7349be984814132e8019e7900d74e61e6562d13c858fd4d80e47f5

Download Submit