c8bcc6dab2bef65058e5023644ec003f47de5cf772d197f4f8f66aff3649b874

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04/10/2024, 02:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c8bcc6dab2bef65058e5023644ec003f47de5cf772d197f4f8f66aff3649b874N.exe
Size

468KB
MD5

29631c360e78357e2bf3ef585458f4d0
SHA1

66f185c0a39126135dc74b0fccf9fd35c791a88e
SHA256

c8bcc6dab2bef65058e5023644ec003f47de5cf772d197f4f8f66aff3649b874
SHA512

567564f3fea9fb9a4e22916d546033b73d4b48f85b91f5fb7517c69cb0eee6ba6ba0e29074519d01c8f797c09ab4bac0aff958ea6722b775db0f0e7445d3521c
SSDEEP

3072:p8nCog5dIU57CbYoPzcjYf//sCh3TIagBRHQOV1M1UHLJO4yeAl4:p8Co5c7CjP4jYfj/bL1UrQ4ye

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2512	Unicorn-40262.exe
2924	Unicorn-52325.exe
2836	Unicorn-48988.exe
2740	Unicorn-59232.exe
2704	Unicorn-3709.exe
2844	Unicorn-26176.exe
2772	Unicorn-39174.exe
2568	Unicorn-5278.exe
3020	Unicorn-57037.exe
1848	Unicorn-4894.exe
1272	Unicorn-4894.exe
1900	Unicorn-39932.exe
1924	Unicorn-53668.exe
1540	Unicorn-9829.exe
1020	Unicorn-65221.exe
2616	Unicorn-49491.exe
2900	Unicorn-13114.exe
2868	Unicorn-35668.exe
1656	Unicorn-2611.exe
1096	Unicorn-20763.exe
696	Unicorn-12817.exe
2164	Unicorn-35284.exe
2388	Unicorn-31370.exe
1120	Unicorn-51236.exe
1700	Unicorn-51236.exe
864	Unicorn-47515.exe
1712	Unicorn-966.exe
1444	Unicorn-701.exe
1424	Unicorn-9249.exe
1652	Unicorn-10639.exe
336	Unicorn-39590.exe
2928	Unicorn-42736.exe
1240	Unicorn-9798.exe
2992	Unicorn-11106.exe
1492	Unicorn-22189.exe
2488	Unicorn-26675.exe
2132	Unicorn-22761.exe
1744	Unicorn-42435.exe
2728	Unicorn-32666.exe
2968	Unicorn-65411.exe
2676	Unicorn-48561.exe
2820	Unicorn-32547.exe
2764	Unicorn-51514.exe
2688	Unicorn-44778.exe
2604	Unicorn-18650.exe
2444	Unicorn-12519.exe
2624	Unicorn-18458.exe
3028	Unicorn-17616.exe
680	Unicorn-53818.exe
2440	Unicorn-28167.exe
1508	Unicorn-32691.exe
812	Unicorn-52557.exe
388	Unicorn-4233.exe
1564	Unicorn-14247.exe
2536	Unicorn-26515.exe
2636	Unicorn-2780.exe
1752	Unicorn-2780.exe
2856	Unicorn-64683.exe
2876	Unicorn-1555.exe
2128	Unicorn-6366.exe
2480	Unicorn-2453.exe
2532	Unicorn-54607.exe
836	Unicorn-34963.exe
3004	Unicorn-41094.exe

Loads dropped DLL 64 IoCs

pid	Process
584	c8bcc6dab2bef65058e5023644ec003f47de5cf772d197f4f8f66aff3649b874N.exe
584	c8bcc6dab2bef65058e5023644ec003f47de5cf772d197f4f8f66aff3649b874N.exe
2512	Unicorn-40262.exe
2512	Unicorn-40262.exe
584	c8bcc6dab2bef65058e5023644ec003f47de5cf772d197f4f8f66aff3649b874N.exe
584	c8bcc6dab2bef65058e5023644ec003f47de5cf772d197f4f8f66aff3649b874N.exe
2836	Unicorn-48988.exe
2836	Unicorn-48988.exe
584	c8bcc6dab2bef65058e5023644ec003f47de5cf772d197f4f8f66aff3649b874N.exe
584	c8bcc6dab2bef65058e5023644ec003f47de5cf772d197f4f8f66aff3649b874N.exe
2924	Unicorn-52325.exe
2924	Unicorn-52325.exe
2512	Unicorn-40262.exe
2512	Unicorn-40262.exe
2704	Unicorn-3709.exe
2704	Unicorn-3709.exe
584	c8bcc6dab2bef65058e5023644ec003f47de5cf772d197f4f8f66aff3649b874N.exe
584	c8bcc6dab2bef65058e5023644ec003f47de5cf772d197f4f8f66aff3649b874N.exe
2772	Unicorn-39174.exe
2844	Unicorn-26176.exe
2772	Unicorn-39174.exe
2844	Unicorn-26176.exe
2512	Unicorn-40262.exe
2836	Unicorn-48988.exe
2512	Unicorn-40262.exe
2836	Unicorn-48988.exe
2740	Unicorn-59232.exe
2740	Unicorn-59232.exe
2568	Unicorn-5278.exe
2568	Unicorn-5278.exe
2924	Unicorn-52325.exe
2924	Unicorn-52325.exe
2704	Unicorn-3709.exe
2704	Unicorn-3709.exe
1540	Unicorn-9829.exe
1540	Unicorn-9829.exe
1900	Unicorn-39932.exe
1900	Unicorn-39932.exe
2740	Unicorn-59232.exe
2740	Unicorn-59232.exe
2836	Unicorn-48988.exe
2836	Unicorn-48988.exe
1848	Unicorn-4894.exe
1848	Unicorn-4894.exe
2772	Unicorn-39174.exe
2772	Unicorn-39174.exe
1272	Unicorn-4894.exe
1924	Unicorn-53668.exe
1924	Unicorn-53668.exe
1272	Unicorn-4894.exe
2844	Unicorn-26176.exe
2844	Unicorn-26176.exe
3020	Unicorn-57037.exe
3020	Unicorn-57037.exe
2512	Unicorn-40262.exe
2512	Unicorn-40262.exe
584	c8bcc6dab2bef65058e5023644ec003f47de5cf772d197f4f8f66aff3649b874N.exe
584	c8bcc6dab2bef65058e5023644ec003f47de5cf772d197f4f8f66aff3649b874N.exe
1020	Unicorn-65221.exe
1020	Unicorn-65221.exe
2568	Unicorn-5278.exe
2568	Unicorn-5278.exe
2616	Unicorn-49491.exe
2616	Unicorn-49491.exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44412.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9588.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47515.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4233.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44697.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42069.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34398.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58260.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58717.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21931.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4894.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12817.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34135.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42599.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35077.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23565.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62494.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61621.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37726.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28208.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40028.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9529.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3699.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45923.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25579.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60081.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25533.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25086.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5606.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42801.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49491.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40215.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39116.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42801.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44752.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35416.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55807.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44655.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12336.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15741.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7191.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34372.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48332.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57799.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35668.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24024.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7373.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22718.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42534.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11072.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34666.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36936.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39683.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47346.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62135.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62135.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64363.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12528.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26542.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62400.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39116.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31552.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42069.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41980.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
584	c8bcc6dab2bef65058e5023644ec003f47de5cf772d197f4f8f66aff3649b874N.exe
2512	Unicorn-40262.exe
2836	Unicorn-48988.exe
2924	Unicorn-52325.exe
2704	Unicorn-3709.exe
2740	Unicorn-59232.exe
2772	Unicorn-39174.exe
2844	Unicorn-26176.exe
2568	Unicorn-5278.exe
3020	Unicorn-57037.exe
1900	Unicorn-39932.exe
1272	Unicorn-4894.exe
1848	Unicorn-4894.exe
1540	Unicorn-9829.exe
1924	Unicorn-53668.exe
1020	Unicorn-65221.exe
2616	Unicorn-49491.exe
2900	Unicorn-13114.exe
2868	Unicorn-35668.exe
1656	Unicorn-2611.exe
1096	Unicorn-20763.exe
696	Unicorn-12817.exe
2388	Unicorn-31370.exe
1120	Unicorn-51236.exe
2164	Unicorn-35284.exe
1700	Unicorn-51236.exe
864	Unicorn-47515.exe
1712	Unicorn-966.exe
1444	Unicorn-701.exe
1424	Unicorn-9249.exe
1652	Unicorn-10639.exe
336	Unicorn-39590.exe
2928	Unicorn-42736.exe
1240	Unicorn-9798.exe
2992	Unicorn-11106.exe
1492	Unicorn-22189.exe
2488	Unicorn-26675.exe
2132	Unicorn-22761.exe
1744	Unicorn-42435.exe
2728	Unicorn-32666.exe
2968	Unicorn-65411.exe
2820	Unicorn-32547.exe
2676	Unicorn-48561.exe
2764	Unicorn-51514.exe
2688	Unicorn-44778.exe
2604	Unicorn-18650.exe
2444	Unicorn-12519.exe
2624	Unicorn-18458.exe
3028	Unicorn-17616.exe
680	Unicorn-53818.exe
2440	Unicorn-28167.exe
1508	Unicorn-32691.exe
812	Unicorn-52557.exe
388	Unicorn-4233.exe
1564	Unicorn-14247.exe
1752	Unicorn-2780.exe
2636	Unicorn-2780.exe
2536	Unicorn-26515.exe
2856	Unicorn-64683.exe
2876	Unicorn-1555.exe
2128	Unicorn-6366.exe
2480	Unicorn-2453.exe
2532	Unicorn-54607.exe
836	Unicorn-34963.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 584 wrote to memory of 2512	584	c8bcc6dab2bef65058e5023644ec003f47de5cf772d197f4f8f66aff3649b874N.exe	31
PID 584 wrote to memory of 2512	584	c8bcc6dab2bef65058e5023644ec003f47de5cf772d197f4f8f66aff3649b874N.exe	31
PID 584 wrote to memory of 2512	584	c8bcc6dab2bef65058e5023644ec003f47de5cf772d197f4f8f66aff3649b874N.exe	31
PID 584 wrote to memory of 2512	584	c8bcc6dab2bef65058e5023644ec003f47de5cf772d197f4f8f66aff3649b874N.exe	31
PID 2512 wrote to memory of 2924	2512	Unicorn-40262.exe	32
PID 2512 wrote to memory of 2924	2512	Unicorn-40262.exe	32
PID 2512 wrote to memory of 2924	2512	Unicorn-40262.exe	32
PID 2512 wrote to memory of 2924	2512	Unicorn-40262.exe	32
PID 584 wrote to memory of 2836	584	c8bcc6dab2bef65058e5023644ec003f47de5cf772d197f4f8f66aff3649b874N.exe	33
PID 584 wrote to memory of 2836	584	c8bcc6dab2bef65058e5023644ec003f47de5cf772d197f4f8f66aff3649b874N.exe	33
PID 584 wrote to memory of 2836	584	c8bcc6dab2bef65058e5023644ec003f47de5cf772d197f4f8f66aff3649b874N.exe	33
PID 584 wrote to memory of 2836	584	c8bcc6dab2bef65058e5023644ec003f47de5cf772d197f4f8f66aff3649b874N.exe	33
PID 2836 wrote to memory of 2740	2836	Unicorn-48988.exe	34
PID 2836 wrote to memory of 2740	2836	Unicorn-48988.exe	34
PID 2836 wrote to memory of 2740	2836	Unicorn-48988.exe	34
PID 2836 wrote to memory of 2740	2836	Unicorn-48988.exe	34
PID 584 wrote to memory of 2704	584	c8bcc6dab2bef65058e5023644ec003f47de5cf772d197f4f8f66aff3649b874N.exe	35
PID 584 wrote to memory of 2704	584	c8bcc6dab2bef65058e5023644ec003f47de5cf772d197f4f8f66aff3649b874N.exe	35
PID 584 wrote to memory of 2704	584	c8bcc6dab2bef65058e5023644ec003f47de5cf772d197f4f8f66aff3649b874N.exe	35
PID 584 wrote to memory of 2704	584	c8bcc6dab2bef65058e5023644ec003f47de5cf772d197f4f8f66aff3649b874N.exe	35
PID 2924 wrote to memory of 2844	2924	Unicorn-52325.exe	36
PID 2924 wrote to memory of 2844	2924	Unicorn-52325.exe	36
PID 2924 wrote to memory of 2844	2924	Unicorn-52325.exe	36
PID 2924 wrote to memory of 2844	2924	Unicorn-52325.exe	36
PID 2512 wrote to memory of 2772	2512	Unicorn-40262.exe	37
PID 2512 wrote to memory of 2772	2512	Unicorn-40262.exe	37
PID 2512 wrote to memory of 2772	2512	Unicorn-40262.exe	37
PID 2512 wrote to memory of 2772	2512	Unicorn-40262.exe	37
PID 2704 wrote to memory of 2568	2704	Unicorn-3709.exe	38
PID 2704 wrote to memory of 2568	2704	Unicorn-3709.exe	38
PID 2704 wrote to memory of 2568	2704	Unicorn-3709.exe	38
PID 2704 wrote to memory of 2568	2704	Unicorn-3709.exe	38
PID 584 wrote to memory of 3020	584	c8bcc6dab2bef65058e5023644ec003f47de5cf772d197f4f8f66aff3649b874N.exe	39
PID 584 wrote to memory of 3020	584	c8bcc6dab2bef65058e5023644ec003f47de5cf772d197f4f8f66aff3649b874N.exe	39
PID 584 wrote to memory of 3020	584	c8bcc6dab2bef65058e5023644ec003f47de5cf772d197f4f8f66aff3649b874N.exe	39
PID 584 wrote to memory of 3020	584	c8bcc6dab2bef65058e5023644ec003f47de5cf772d197f4f8f66aff3649b874N.exe	39
PID 2772 wrote to memory of 1848	2772	Unicorn-39174.exe	40
PID 2772 wrote to memory of 1848	2772	Unicorn-39174.exe	40
PID 2772 wrote to memory of 1848	2772	Unicorn-39174.exe	40
PID 2772 wrote to memory of 1848	2772	Unicorn-39174.exe	40
PID 2844 wrote to memory of 1272	2844	Unicorn-26176.exe	41
PID 2844 wrote to memory of 1272	2844	Unicorn-26176.exe	41
PID 2844 wrote to memory of 1272	2844	Unicorn-26176.exe	41
PID 2844 wrote to memory of 1272	2844	Unicorn-26176.exe	41
PID 2512 wrote to memory of 1924	2512	Unicorn-40262.exe	42
PID 2512 wrote to memory of 1924	2512	Unicorn-40262.exe	42
PID 2512 wrote to memory of 1924	2512	Unicorn-40262.exe	42
PID 2512 wrote to memory of 1924	2512	Unicorn-40262.exe	42
PID 2836 wrote to memory of 1900	2836	Unicorn-48988.exe	43
PID 2836 wrote to memory of 1900	2836	Unicorn-48988.exe	43
PID 2836 wrote to memory of 1900	2836	Unicorn-48988.exe	43
PID 2836 wrote to memory of 1900	2836	Unicorn-48988.exe	43
PID 2740 wrote to memory of 1540	2740	Unicorn-59232.exe	44
PID 2740 wrote to memory of 1540	2740	Unicorn-59232.exe	44
PID 2740 wrote to memory of 1540	2740	Unicorn-59232.exe	44
PID 2740 wrote to memory of 1540	2740	Unicorn-59232.exe	44
PID 2568 wrote to memory of 1020	2568	Unicorn-5278.exe	45
PID 2568 wrote to memory of 1020	2568	Unicorn-5278.exe	45
PID 2568 wrote to memory of 1020	2568	Unicorn-5278.exe	45
PID 2568 wrote to memory of 1020	2568	Unicorn-5278.exe	45
PID 2924 wrote to memory of 2616	2924	Unicorn-52325.exe	46
PID 2924 wrote to memory of 2616	2924	Unicorn-52325.exe	46
PID 2924 wrote to memory of 2616	2924	Unicorn-52325.exe	46
PID 2924 wrote to memory of 2616	2924	Unicorn-52325.exe	46

C:\Users\Admin\AppData\Local\Temp\c8bcc6dab2bef65058e5023644ec003f47de5cf772d197f4f8f66aff3649b874N.exe
"C:\Users\Admin\AppData\Local\Temp\c8bcc6dab2bef65058e5023644ec003f47de5cf772d197f4f8f66aff3649b874N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:584
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40262.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40262.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52325.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52325.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26176.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4894.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51236.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32547.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31016.exe
        8⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23902.exe
        8⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14271.exe
        8⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9012.exe
        8⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3699.exe
        7⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61845.exe
        7⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22917.exe
        7⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44697.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44778.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14000.exe
        7⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26764.exe
        7⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12159.exe
        7⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32276.exe
        7⤵
        
        PID:5328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41944.exe
        6⤵
        
        PID:1640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43490.exe
        6⤵
        
        PID:3288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7019.exe
        6⤵
        
        PID:2476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26249.exe
        6⤵
        
        PID:5096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47515.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2780.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44571.exe
        7⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10999.exe
        8⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61621.exe
        8⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61921.exe
        8⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42534.exe
        7⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34162.exe
        7⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42801.exe
        7⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24191.exe
        7⤵
        
        PID:5772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59874.exe
        6⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54850.exe
        7⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61621.exe
        7⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61729.exe
        7⤵
        
        PID:4936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56270.exe
        6⤵
        
        PID:496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40028.exe
        6⤵
        
        PID:3884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17607.exe
        6⤵
        
        PID:4304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39617.exe
        6⤵
        
        PID:5432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64683.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62251.exe
        6⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3620.exe
        7⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11844.exe
        7⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28864.exe
        7⤵
        
        PID:4440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42534.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34162.exe
        6⤵
        
        PID:3160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26273.exe
        6⤵
        
        PID:5084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56153.exe
        6⤵
        
        PID:5412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2152.exe
        5⤵
        
        PID:2948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35416.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11844.exe
        6⤵
        
        PID:4360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47889.exe
        6⤵
        
        PID:5580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53470.exe
        5⤵
        
        PID:2988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14827.exe
        5⤵
        
        PID:3660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18137.exe
        5⤵
        
        PID:4252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52749.exe
        5⤵
        
        PID:6012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49491.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49491.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42736.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40767.exe
        6⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23565.exe
        7⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48332.exe
        7⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41916.exe
        7⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30709.exe
        7⤵
        
        PID:5800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3699.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61845.exe
        6⤵
        
        PID:3136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6581.exe
        6⤵
        
        PID:4744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44889.exe
        6⤵
        
        PID:5588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7196.exe
        5⤵
        
        PID:3044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23565.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48332.exe
        6⤵
        
        PID:3996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25579.exe
        6⤵
        
        PID:3392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1315.exe
        6⤵
        
        PID:4504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50617.exe
        5⤵
        
        PID:904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36862.exe
        5⤵
        
        PID:3500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22319.exe
        5⤵
        
        PID:2396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10118.exe
        5⤵
        
        PID:6028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9798.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41094.exe
        5⤵
        Executes dropped EXE
        
        PID:3004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62400.exe
        6⤵
        
        PID:2140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20427.exe
        6⤵
        
        PID:3184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20407.exe
        6⤵
        
        PID:2788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16878.exe
        6⤵
        
        PID:6084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32827.exe
        5⤵
        
        PID:3012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55807.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14271.exe
        5⤵
        
        PID:4836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42069.exe
        5⤵
        
        PID:984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47981.exe
      4⤵
      PID:1116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7373.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26764.exe
        5⤵
        
        PID:3096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59020.exe
        5⤵
        
        PID:3480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39683.exe
        5⤵
        
        PID:4584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23044.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23044.exe
      4⤵
      PID:1568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38230.exe
      4⤵
      PID:3120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1779.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1779.exe
      4⤵
      PID:4316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48929.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48929.exe
      4⤵
      PID:4156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39174.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39174.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4894.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4894.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35284.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53818.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48074.exe
        7⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53972.exe
        8⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54612.exe
        8⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58953.exe
        8⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23889.exe
        7⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63664.exe
        7⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10465.exe
        7⤵
        
        PID:5224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1696.exe
        6⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4626.exe
        7⤵
        
        PID:5868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30162.exe
        6⤵
        
        PID:3852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3494.exe
        6⤵
        
        PID:5076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58590.exe
        6⤵
        
        PID:6052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32691.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64363.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21301.exe
        7⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63295.exe
        7⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11812.exe
        7⤵
        
        PID:5336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8979.exe
        6⤵
        
        PID:1572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15684.exe
        6⤵
        
        PID:3336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62813.exe
        6⤵
        
        PID:4508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44336.exe
        5⤵
        
        PID:3056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34642.exe
        6⤵
        
        PID:3228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53272.exe
        6⤵
        
        PID:4512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48316.exe
        6⤵
        
        PID:5920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62135.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22718.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2557.exe
        5⤵
        
        PID:5668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31370.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52557.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31162.exe
        6⤵
        
        PID:1440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56754.exe
        6⤵
        
        PID:3364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25579.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34730.exe
        6⤵
        
        PID:4720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3699.exe
        5⤵
        
        PID:2068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45923.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47781.exe
        5⤵
        
        PID:4432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9536.exe
        5⤵
        
        PID:5264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14247.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23565.exe
        5⤵
        
        PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48332.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25086.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34372.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23300.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23300.exe
      4⤵
      PID:536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43123.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43123.exe
      4⤵
      PID:3904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56021.exe
      4⤵
      PID:1520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58717.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53668.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53668.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51236.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51236.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2780.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14202.exe
        6⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10496.exe
        7⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28318.exe
        7⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65113.exe
        7⤵
        
        PID:6064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42534.exe
        6⤵
        
        PID:2572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34162.exe
        6⤵
        
        PID:3860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42801.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39651.exe
        6⤵
        
        PID:5976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42385.exe
        5⤵
        
        PID:2200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42977.exe
        6⤵
        
        PID:3628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28318.exe
        6⤵
        
        PID:4852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31552.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56270.exe
        5⤵
        
        PID:1140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40028.exe
        5⤵
        
        PID:3624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17607.exe
        5⤵
        
        PID:4180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57215.exe
        5⤵
        
        PID:6016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1555.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1555.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20612.exe
        5⤵
        
        PID:2076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27340.exe
        5⤵
        
        PID:768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9819.exe
        5⤵
        
        PID:3260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39683.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3739.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3739.exe
      4⤵
      PID:1988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46365.exe
      4⤵
      PID:3112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39116.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39116.exe
      4⤵
      PID:4148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9529.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9529.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-701.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-701.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18458.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18458.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7191.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33989.exe
        6⤵
        
        PID:3636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57799.exe
        6⤵
        
        PID:4612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34398.exe
        6⤵
        
        PID:6124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43480.exe
        5⤵
        
        PID:3284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39830.exe
        5⤵
        
        PID:4628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58538.exe
        5⤵
        
        PID:5304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26542.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26542.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50024.exe
        5⤵
        
        PID:3560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11844.exe
        5⤵
        
        PID:4352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46462.exe
        5⤵
        
        PID:4752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56270.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56270.exe
      4⤵
      PID:2404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40028.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40028.exe
      4⤵
      PID:3224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17607.exe
      4⤵
      PID:4344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7822.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7822.exe
      4⤵
      PID:5420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28167.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28167.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28208.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28208.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7562.exe
        5⤵
        
        PID:5476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10807.exe
      4⤵
      PID:3436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56166.exe
      4⤵
      PID:4672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2596.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2596.exe
      4⤵
      PID:5696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12525.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12525.exe
    3⤵
    PID:2812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30014.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30014.exe
      4⤵
      PID:3748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44655.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44655.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64033.exe
      4⤵
      PID:5604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38230.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38230.exe
    3⤵
    PID:3088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51555.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51555.exe
    3⤵
    PID:3456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64716.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64716.exe
    3⤵
    PID:5012
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48988.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48988.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59232.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59232.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9829.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9829.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35668.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26675.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61846.exe
        7⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15109.exe
        8⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45285.exe
        8⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28506.exe
        8⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42534.exe
        7⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34162.exe
        7⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42801.exe
        7⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8213.exe
        7⤵
        
        PID:6000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40527.exe
        6⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54850.exe
        7⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28180.exe
        7⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39375.exe
        7⤵
        
        PID:5732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56270.exe
        6⤵
        
        PID:756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40028.exe
        6⤵
        
        PID:3600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17607.exe
        6⤵
        
        PID:4292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7822.exe
        6⤵
        
        PID:5456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22761.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11514.exe
        6⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48378.exe
        7⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63664.exe
        7⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42069.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42534.exe
        6⤵
        
        PID:1596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34162.exe
        6⤵
        
        PID:3848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58260.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40720.exe
        6⤵
        
        PID:5892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24024.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54357.exe
        6⤵
        
        PID:4084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57799.exe
        6⤵
        
        PID:4640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48793.exe
        6⤵
        
        PID:5884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62135.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31362.exe
        5⤵
        
        PID:3528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1072.exe
        5⤵
        
        PID:2040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7674.exe
        5⤵
        
        PID:6116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20763.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20763.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51514.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44752.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11072.exe
        7⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45231.exe
        7⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64033.exe
        7⤵
        
        PID:5596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62229.exe
        6⤵
        
        PID:3776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22917.exe
        6⤵
        
        PID:4784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12217.exe
        6⤵
        
        PID:5540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33610.exe
        5⤵
        
        PID:2984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60081.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28894.exe
        6⤵
        
        PID:4656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12336.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24931.exe
        5⤵
        
        PID:1360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30952.exe
        5⤵
        
        PID:924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25706.exe
        5⤵
        
        PID:624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12519.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53476.exe
        5⤵
        
        PID:1800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11072.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42340.exe
        6⤵
        
        PID:4908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34398.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11196.exe
        5⤵
        
        PID:808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25579.exe
        5⤵
        
        PID:3648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1315.exe
        5⤵
        
        PID:4464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37726.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37726.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37699.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37699.exe
      4⤵
      PID:3128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6244.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6244.exe
      4⤵
      PID:4324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42739.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42739.exe
      4⤵
      PID:5192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39932.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39932.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2611.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65411.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22952.exe
        6⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2660.exe
        7⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57799.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50734.exe
        7⤵
        
        PID:5168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42534.exe
        6⤵
        
        PID:2588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34162.exe
        6⤵
        
        PID:3568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26273.exe
        6⤵
        
        PID:5108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8213.exe
        6⤵
        
        PID:5992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9630.exe
        5⤵
        
        PID:2004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5457.exe
        6⤵
        
        PID:3236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61621.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32940.exe
        6⤵
        
        PID:4756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56270.exe
        5⤵
        
        PID:2996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40028.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34135.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23115.exe
        5⤵
        
        PID:5940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48561.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23565.exe
        5⤵
        
        PID:1756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48332.exe
        5⤵
        
        PID:3980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63664.exe
        5⤵
        
        PID:4580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9588.exe
        5⤵
        
        PID:6068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17434.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17434.exe
      4⤵
      PID:1456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51788.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51788.exe
      4⤵
      PID:3916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39116.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39116.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42585.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42585.exe
      4⤵
      PID:4952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12817.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12817.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42435.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42435.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26569.exe
        5⤵
        
        PID:2556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40875.exe
        6⤵
        
        PID:3248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61621.exe
        6⤵
        
        PID:3360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47889.exe
        6⤵
        
        PID:5612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42534.exe
        5⤵
        
        PID:2752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47919.exe
        5⤵
        
        PID:4900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9536.exe
        5⤵
        
        PID:5372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3854.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3854.exe
      4⤵
      PID:2684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17160.exe
        5⤵
        
        PID:3592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28180.exe
        5⤵
        
        PID:4484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31552.exe
        5⤵
        
        PID:5532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14844.exe
      4⤵
      PID:1256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39116.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39116.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8979.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8979.exe
      4⤵
      PID:4988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32666.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32666.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27145.exe
      4⤵
      PID:2092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19957.exe
        5⤵
        
        PID:3824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11844.exe
        5⤵
        
        PID:4368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31552.exe
        5⤵
        
        PID:5384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42534.exe
      4⤵
      PID:1936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47919.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47919.exe
      4⤵
      PID:4880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46161.exe
      4⤵
      PID:5648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50695.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50695.exe
    3⤵
    PID:2700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62400.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62400.exe
      4⤵
      PID:980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15282.exe
        5⤵
        
        PID:4168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42054.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42054.exe
      4⤵
      PID:4924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18201.exe
      4⤵
      PID:5280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36934.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36934.exe
    3⤵
    PID:2032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31893.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31893.exe
    3⤵
    PID:3768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13135.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13135.exe
    3⤵
    PID:4980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14384.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14384.exe
    3⤵
    PID:5864
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3709.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3709.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5278.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5278.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65221.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65221.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10639.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6366.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33938.exe
        7⤵
        
        PID:236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46329.exe
        8⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55303.exe
        8⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34398.exe
        8⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42534.exe
        7⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34162.exe
        7⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42801.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39651.exe
        7⤵
        
        PID:5980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50139.exe
        6⤵
        
        PID:2468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40199.exe
        6⤵
        
        PID:964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64885.exe
        6⤵
        
        PID:2156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30140.exe
        6⤵
        
        PID:4992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2453.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65005.exe
        6⤵
        
        PID:1196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20427.exe
        6⤵
        
        PID:3576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36936.exe
        6⤵
        
        PID:5004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49385.exe
        6⤵
        
        PID:5816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46563.exe
        5⤵
        
        PID:2328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28808.exe
        5⤵
        
        PID:3168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17792.exe
        5⤵
        
        PID:4544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24721.exe
        5⤵
        
        PID:5792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39590.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39590.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54607.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12677.exe
        6⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62494.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28318.exe
        7⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31552.exe
        7⤵
        
        PID:5524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48378.exe
        6⤵
        
        PID:3276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14271.exe
        6⤵
        
        PID:4816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42069.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-923.exe
        5⤵
        
        PID:2680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24011.exe
        5⤵
        
        PID:3864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63664.exe
        5⤵
        
        PID:4520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9588.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34963.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34963.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44752.exe
        5⤵
        
        PID:1008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40128.exe
        5⤵
        
        PID:3340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5606.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15741.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4477.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4477.exe
      4⤵
      PID:2236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14514.exe
        5⤵
        
        PID:4420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51144.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51144.exe
      4⤵
      PID:3404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56696.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56696.exe
      4⤵
      PID:4588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56568.exe
      4⤵
      PID:5724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13114.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13114.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11106.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11106.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59350.exe
        5⤵
        
        PID:1944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42987.exe
        6⤵
        
        PID:3408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11844.exe
        6⤵
        
        PID:4376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12336.exe
        6⤵
        
        PID:5316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42534.exe
        5⤵
        
        PID:2712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34162.exe
        5⤵
        
        PID:3812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42801.exe
        5⤵
        
        PID:4780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39651.exe
        5⤵
        
        PID:5956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41980.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41980.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40215.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42630.exe
        5⤵
        
        PID:4616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62697.exe
        5⤵
        
        PID:5620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56270.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56270.exe
      4⤵
      PID:880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39254.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39254.exe
      4⤵
      PID:4872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63227.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63227.exe
      4⤵
      PID:5704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22189.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22189.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43206.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43206.exe
      4⤵
      PID:2412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10373.exe
        5⤵
        
        PID:1948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56744.exe
        5⤵
        
        PID:3428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42630.exe
        5⤵
        
        PID:4572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27797.exe
        5⤵
        
        PID:5688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64348.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64348.exe
      4⤵
      PID:2172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22942.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22942.exe
      4⤵
      PID:3164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14271.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14271.exe
      4⤵
      PID:4824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32276.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32276.exe
      4⤵
      PID:5380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42557.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42557.exe
    3⤵
    PID:1048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62400.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62400.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44412.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11144.exe
        5⤵
        
        PID:5656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20427.exe
      4⤵
      PID:3476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36936.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49385.exe
      4⤵
      PID:5828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53470.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53470.exe
    3⤵
    PID:2028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33314.exe
      4⤵
      PID:5664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14827.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14827.exe
    3⤵
    PID:3524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34666.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34666.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19719.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19719.exe
    3⤵
    PID:5844
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57037.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57037.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:3020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-966.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-966.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18650.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18650.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23565.exe
        5⤵
        
        PID:1916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48332.exe
        5⤵
        
        PID:4004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63664.exe
        5⤵
        
        PID:4608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42069.exe
        5⤵
        
        PID:5152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47171.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47171.exe
      4⤵
      PID:2668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62067.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62067.exe
      4⤵
      PID:4040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54999.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54999.exe
      4⤵
      PID:4688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25533.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17616.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17616.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28208.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28208.exe
      4⤵
      PID:1428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37625.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37625.exe
      4⤵
      PID:3308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15684.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15684.exe
      4⤵
      PID:3868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9728.exe
      4⤵
      PID:5144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47346.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47346.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45966.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45966.exe
      4⤵
      PID:3876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28318.exe
      4⤵
      PID:4808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21931.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21931.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30797.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30797.exe
    3⤵
    PID:592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7019.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7019.exe
    3⤵
    PID:3484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46277.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46277.exe
    3⤵
    PID:4472
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9249.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9249.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4233.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4233.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62059.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62059.exe
      4⤵
      PID:408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17736.exe
        5⤵
        
        PID:3512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28180.exe
        5⤵
        
        PID:4496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12528.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45578.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45578.exe
      4⤵
      PID:3196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38463.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38463.exe
      4⤵
      PID:4548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42599.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42599.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64233.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64233.exe
    3⤵
    PID:1628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30526.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30526.exe
      4⤵
      PID:3612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44749.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44749.exe
      4⤵
      PID:4956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35077.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35077.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34814.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34814.exe
    3⤵
    PID:3356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39630.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39630.exe
    3⤵
    PID:4600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10066.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10066.exe
    3⤵
    PID:5256
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26515.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26515.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56766.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56766.exe
    3⤵
    PID:2792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26764.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26764.exe
    3⤵
    PID:2368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63664.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63664.exe
    3⤵
    PID:4556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32276.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32276.exe
    3⤵
    PID:5396
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33182.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33182.exe
  2⤵
  PID:736
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16699.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16699.exe
  2⤵
  PID:3080
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46220.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46220.exe
  2⤵
  PID:4308
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53129.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53129.exe
  2⤵
  PID:5044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13114.exe

Filesize
468KB

MD5
68cbcc54d192e7e0fc94ac7afabf380a

SHA1
e974a624b69efae61d54911e86d950de03721abb

SHA256
2decb4e70f19554fbd045d05d339a93f3499044ad934cfe79175ef133c46baa3

SHA512
1bf984e87a76cf5054ec283026860e21095368ffa6f7e58cda7b9944b7f4a4bbae387e2ba8d617fc865a4f87b6d5414f6b36e650cf1b2c0247f4502ef376312a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26176.exe

Filesize
468KB

MD5
64940fec17c4f3479e42176414999e65

SHA1
c77ffc562586c8a8f42356286771a1d433a5e582

SHA256
f3ae18d51f494ac7b0a945b7cce5807b3c660ee62a179418b0a43864cc6bedcd

SHA512
e04992b9da20fd5e83c3ca2a9a78def18bc9f4f2d7cb5e4b2218166a366cafcc4a1e36572d0b42c4065d18ad8a449dba6cc75968af7e3f9576e240ff16a422cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4894.exe

Filesize
468KB

MD5
c6322ba169947e7d49259e0df75a1793

SHA1
3018bb661cbb119d8198d056079dd72f683edec4

SHA256
77825e69e571d94b06cd1045c4aadb4013bcb67e1e8686f0cfe9e76e5e80afd9

SHA512
1f9e3bef10d71b187e7ffd406a7507e4cc6c5540cb27cdcbf4235e3852e0775c6ca58a7dc7622caadacb12526b43af5218c4c41632d61fd1db24b444a262c91e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52325.exe

Filesize
468KB

MD5
85ab3fbc646b8275ce6a1d905f6eaa94

SHA1
fda125032c8e5300c9b45b2e7939ea9c2e62d342

SHA256
fad0150927fcea310e9c7cb2faeb8fb5d3e5db75f91ffb458977a796a9887114

SHA512
0150099317774e663fd5e84e00d478b1fdeca42d67b940dff7ad5ae6a625da439ce12a2d786f0efa473e61e260e4c38c1518102a647a2542cfb483bd537da467

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5278.exe

Filesize
468KB

MD5
1ce7a68d69a84a2dd14b0e2bfa4333ee

SHA1
54896f7adfa6c1b8b9e12dc104ea3b45a9528baa

SHA256
ec75226e242e92d931c8341ea4a82b8f232b1da7231128fe90299b79602ec922

SHA512
c7ecb8e308e8d1dcc1cb363e6eb412c592f62279b368b77402aa68939815073c343880fb47dab8b3269985521835e7cdc59cee00dac9939709309c3cb3f06060

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59232.exe

Filesize
468KB

MD5
23fb6482c431674bfe02ffc004f054e5

SHA1
d2f552e0068d88cf386229d23ca7cad4ac109d91

SHA256
f73baa0361716f0ee74b88c258c0076953cbe040605a1647582fe68c696b7bed

SHA512
b03ee7c81363189f8cc596d8678e435858bb7745cd6599f6cd3e5d74ac8706d02a762b565cfdbeec9c5062a3feb6af2e6639b648a771a5f32e55d178d75ea60d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35668.exe

Filesize
468KB

MD5
c47b62e38364a90f93d4760dcbda8bac

SHA1
7123af7518b7fe6951371d4e59fbf9344bb29e10

SHA256
e29c825373ca3cd80b426a51000013914b85e99a732a8dcdd3053351427c5de5

SHA512
44c22aca8530724a52f55bb90abc280b3d165731635fe127ff0de9bc42c5d4b03f2e65f99fd53c3777f47b975e66d449ef22fe32c49e4941ef49235689b19ab2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3709.exe

Filesize
468KB

MD5
01437ad0a77a8cbd3a0ebe87a8a32296

SHA1
cf52ed1ead097686e93026203a90a7b9a1d2a321

SHA256
a09cf244edca43bf4f112f99d1e1f2d8b34b6f9f6df22be6e647c45755b61f8c

SHA512
52166a15f05d8e68cbb9a99b93cb5ca12fd030a81e6b36b20e28913be2d8d76ca3cac82c601683e05c17016b191ca372c5933093db636367eba106ec070bcbec

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39174.exe

Filesize
468KB

MD5
edfd5b312de8452e2b77b7bf3c96b710

SHA1
44e2f577ef72404c38b34c913978e6c59cf2b01f

SHA256
19b668ac254d57c3aa337d4d99ef1a478574205aebb90dbc34150591a17a3449

SHA512
37de91d16e3139af763850dff85320005b8f898ad13cd5de1b8397e98f4f4a2f887fc2319ef17c5f05586e0c99ae3ecda40fe7bb4235c02b04270b0e59123aca

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39932.exe

Filesize
468KB

MD5
c3b28dde47ee29cb657ba293688e511b

SHA1
ea7d0c852f659b33ea4e0e0dd9d865be6cb2eb9f

SHA256
ea8af0d175faa5ddc66b084a0f67eb2e1e55f2608480fb46dffdec5bd346236a

SHA512
8760348e657d08c22d2ab5aacd58e222eeb7012462a92dee281eb6d1266af26500f5a8a46495ccbed363c4a145d7efc0e3bedb9c903108077ca37bf3559abbac

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40262.exe

Filesize
468KB

MD5
a2ee75f3657c58bb85d8ae1e172d41a9

SHA1
0ec62bdcbdaddcec2b49f0161ce5dcfdc179676d

SHA256
b0bde075103663172003e011f0c55b0fa347fddfa0516877bdc81aa013ecd48f

SHA512
b751f6c9a357370ac86142d2144192d2dee7ca0ce0baadc8f9ea283ecd41a935c1d9136097edf3db60c00d042013c7117b819f6a6d8f6cdcc44417fb22a61d0c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48988.exe

Filesize
468KB

MD5
dbf86f8d770b301296acf8117a9a7459

SHA1
53082a9f592b587f387b52e14884ffc69a29d30b

SHA256
23d2a7097b6b5b46cfe6995535a44f36257b1cdffb0ffaa867a32db69c4edc9a

SHA512
b21f6d662717c2801e5ddb6b8e56580dd6fb4f16a52439974b0a7542d9edb99afcad6c21bd10f3c3e37e7938a533e71591434e1bfb5f23a9fc8fe55310fa07eb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49491.exe

Filesize
468KB

MD5
ec03ffde677ed08eaf7ffe01498fdbf2

SHA1
dca55d0cf47b3c5c9849b1629a708303fc0ac19f

SHA256
8ef0257eab02d76ef1d7c4dcc87ca8799110210312b4d98f61986cddbf942dfa

SHA512
c8cc29a7ca7cd2daa62a75273fe7a9272e7c3980b2e32dd8650a80972e03c98d895229c5614420c05e0251192814a800cbbaa6e7e84b491562174e19f853d572

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53668.exe

Filesize
468KB

MD5
d16f5e65cf63ea61fad095d709f27fbc

SHA1
9375a3e1a3fabd621d87b6133609b61490dacdaa

SHA256
ca0f151224416a12c255acb2592c4409c46ff93f7dec97bdf68cb7ff362aa16d

SHA512
a89ff1b59ba33bc450931b0883fea861fdb1aeccbac25aee1629cd43c4bec305bca9814f8cd89294949c5f733e9234dd901a3e0d6f056c2dd9076a8949907d80

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57037.exe

Filesize
468KB

MD5
cec0b0713c2fec7993392e07ec39d120

SHA1
b88cb7a3a9a73aea18acd55d0c3e8be1d7c27ba0

SHA256
974ca3b567e0e7affeea48b148cab6b27a39770ee01aaf93925de5bc9d7bcdc9

SHA512
bdb8de3aa98398dd158fba3b65855250d259c3b403744b257f6326241ab7907fb6bf31dcd48c517524734034cf1c58d68db5dfae18e92371b56a8b966028517f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65221.exe

Filesize
468KB

MD5
2a00e8384c844aeddac204c6216f7823

SHA1
722a04cab221e00b659197bdf23adc27e6be7881

SHA256
5c3dcbe6c3cbc273077c223589eb8e3c5b00a3475e77c1ee81e137fd631419fb

SHA512
9fb03e554c596800d51cf58f073e0abe3a8800a3bd9624c7b98957a3031d7a34f3baaab16b4c06ce8fff4e49f2853df69710ca2150e3a978ba5640eac345cfad

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9829.exe

Filesize
468KB

MD5
ea734a0a0f67216ce732b44443e93077

SHA1
9e3f787ed2780bab10dda52f8405d73759c02734

SHA256
09ccd417fd41b8e008da3a2287b2f2bbd32f47cb7dda66f8780794944f758795

SHA512
3a651d6933e16b71ad7334c4951c03d42e0e6e9872f97e6f8290ad0dd4f4fd7f96772bece018865b30a473bf333dd68538308494a41302c31a0c72d7597dbd45

Download Submit