2bbffa1cc8fab875d190ce951be287781976e18e46732e8793f007193a1d08cd

Analysis

max time kernel
142s
max time network
123s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
04-10-2024 20:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2bbffa1cc8fab875d190ce951be287781976e18e46732e8793f007193a1d08cd.exe
Size

468KB
MD5

668d74deff48f63aa7d8a64a7ba9b21c
SHA1

82dd4e7748d93780c726183e69bf8207dc043629
SHA256

2bbffa1cc8fab875d190ce951be287781976e18e46732e8793f007193a1d08cd
SHA512

0ac2f0766e2bc354e0485eca2c14c74ce03c0deaeab29fe2c929259f25af4048618c4f4c95e6b80a7df9f945486f0a30d1dc3f1052af1e52fa8300df37dc5d1a
SSDEEP

3072:9q+Co3cOIV3KtbYxPzcxNfT/rChZPIpIn1HC4VLHsShp60BNSMlC:9qToC9KtiP4xNf80PMsS/LBNS

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2684	Unicorn-41338.exe
2884	Unicorn-19932.exe
2772	Unicorn-28654.exe
2816	Unicorn-48603.exe
2652	Unicorn-24653.exe
2600	Unicorn-13792.exe
2604	Unicorn-3578.exe
2108	Unicorn-28266.exe
2088	Unicorn-4393.exe
1424	Unicorn-26860.exe
2436	Unicorn-24722.exe
648	Unicorn-4856.exe
2292	Unicorn-42931.exe
1068	Unicorn-51364.exe
2932	Unicorn-23330.exe
808	Unicorn-33466.exe
2220	Unicorn-4062.exe
2116	Unicorn-1369.exe
2348	Unicorn-21524.exe
2176	Unicorn-48432.exe
2496	Unicorn-53071.exe
2628	Unicorn-3315.exe
1156	Unicorn-3870.exe
816	Unicorn-23736.exe
280	Unicorn-59515.exe
2396	Unicorn-13429.exe
1816	Unicorn-29003.exe
2028	Unicorn-60492.exe
2464	Unicorn-62229.exe
2492	Unicorn-2822.exe
288	Unicorn-20782.exe
1488	Unicorn-3590.exe
1644	Unicorn-61514.exe
3064	Unicorn-48515.exe
2328	Unicorn-14259.exe
2744	Unicorn-58629.exe
2768	Unicorn-54545.exe
2792	Unicorn-34024.exe
2784	Unicorn-40155.exe
3056	Unicorn-40155.exe
2708	Unicorn-21772.exe
2964	Unicorn-28457.exe
2332	Unicorn-59184.exe
464	Unicorn-61343.exe
2368	Unicorn-16781.exe
2312	Unicorn-63289.exe
2888	Unicorn-29033.exe
2040	Unicorn-14088.exe
3068	Unicorn-65235.exe
2576	Unicorn-65235.exe
1232	Unicorn-9904.exe
1684	Unicorn-16035.exe
2980	Unicorn-58251.exe
1092	Unicorn-24757.exe
1132	Unicorn-44623.exe
2168	Unicorn-50030.exe
2240	Unicorn-18648.exe
1880	Unicorn-59589.exe
2224	Unicorn-47337.exe
1456	Unicorn-31985.exe
952	Unicorn-14207.exe
564	Unicorn-14472.exe
1948	Unicorn-24322.exe
328	Unicorn-62111.exe

Loads dropped DLL 64 IoCs

pid	Process
2488	2bbffa1cc8fab875d190ce951be287781976e18e46732e8793f007193a1d08cd.exe
2488	2bbffa1cc8fab875d190ce951be287781976e18e46732e8793f007193a1d08cd.exe
2684	Unicorn-41338.exe
2684	Unicorn-41338.exe
2488	2bbffa1cc8fab875d190ce951be287781976e18e46732e8793f007193a1d08cd.exe
2488	2bbffa1cc8fab875d190ce951be287781976e18e46732e8793f007193a1d08cd.exe
2884	Unicorn-19932.exe
2884	Unicorn-19932.exe
2684	Unicorn-41338.exe
2684	Unicorn-41338.exe
2772	Unicorn-28654.exe
2772	Unicorn-28654.exe
2488	2bbffa1cc8fab875d190ce951be287781976e18e46732e8793f007193a1d08cd.exe
2488	2bbffa1cc8fab875d190ce951be287781976e18e46732e8793f007193a1d08cd.exe
2652	Unicorn-24653.exe
2652	Unicorn-24653.exe
2684	Unicorn-41338.exe
2684	Unicorn-41338.exe
2816	Unicorn-48603.exe
2816	Unicorn-48603.exe
2604	Unicorn-3578.exe
2604	Unicorn-3578.exe
2884	Unicorn-19932.exe
2884	Unicorn-19932.exe
2600	Unicorn-13792.exe
2600	Unicorn-13792.exe
2488	2bbffa1cc8fab875d190ce951be287781976e18e46732e8793f007193a1d08cd.exe
2488	2bbffa1cc8fab875d190ce951be287781976e18e46732e8793f007193a1d08cd.exe
2772	Unicorn-28654.exe
2772	Unicorn-28654.exe
2108	Unicorn-28266.exe
2108	Unicorn-28266.exe
2652	Unicorn-24653.exe
2652	Unicorn-24653.exe
2088	Unicorn-4393.exe
2088	Unicorn-4393.exe
2684	Unicorn-41338.exe
2684	Unicorn-41338.exe
1424	Unicorn-26860.exe
1424	Unicorn-26860.exe
2816	Unicorn-48603.exe
2816	Unicorn-48603.exe
2436	Unicorn-24722.exe
2436	Unicorn-24722.exe
2604	Unicorn-3578.exe
648	Unicorn-4856.exe
648	Unicorn-4856.exe
2604	Unicorn-3578.exe
2884	Unicorn-19932.exe
2884	Unicorn-19932.exe
2292	Unicorn-42931.exe
2292	Unicorn-42931.exe
2488	2bbffa1cc8fab875d190ce951be287781976e18e46732e8793f007193a1d08cd.exe
2488	2bbffa1cc8fab875d190ce951be287781976e18e46732e8793f007193a1d08cd.exe
2932	Unicorn-23330.exe
2932	Unicorn-23330.exe
2772	Unicorn-28654.exe
2772	Unicorn-28654.exe
1068	Unicorn-51364.exe
1068	Unicorn-51364.exe
2600	Unicorn-13792.exe
2600	Unicorn-13792.exe
808	Unicorn-33466.exe
808	Unicorn-33466.exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65030.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30598.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34524.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9539.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24581.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21208.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21208.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34866.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21208.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47544.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9070.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20685.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46675.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25483.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61514.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55479.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2170.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39293.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51615.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34731.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47544.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26543.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24322.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61113.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38094.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15412.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26378.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4547.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39984.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52084.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3470.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18768.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48074.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29003.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29080.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22304.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46145.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38732.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3811.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28671.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31008.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9857.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6049.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13040.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11416.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-824.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42295.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11239.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56666.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14171.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25384.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46675.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37325.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25483.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41338.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57321.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31250.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19262.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52561.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59589.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14472.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11239.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4440.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4440.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2488	2bbffa1cc8fab875d190ce951be287781976e18e46732e8793f007193a1d08cd.exe
2684	Unicorn-41338.exe
2884	Unicorn-19932.exe
2772	Unicorn-28654.exe
2652	Unicorn-24653.exe
2816	Unicorn-48603.exe
2600	Unicorn-13792.exe
2604	Unicorn-3578.exe
2108	Unicorn-28266.exe
2088	Unicorn-4393.exe
1424	Unicorn-26860.exe
2436	Unicorn-24722.exe
648	Unicorn-4856.exe
2932	Unicorn-23330.exe
2292	Unicorn-42931.exe
1068	Unicorn-51364.exe
808	Unicorn-33466.exe
2220	Unicorn-4062.exe
2116	Unicorn-1369.exe
2348	Unicorn-21524.exe
2176	Unicorn-48432.exe
2496	Unicorn-53071.exe
2628	Unicorn-3315.exe
816	Unicorn-23736.exe
1156	Unicorn-3870.exe
280	Unicorn-59515.exe
2396	Unicorn-13429.exe
2028	Unicorn-60492.exe
1816	Unicorn-29003.exe
2464	Unicorn-62229.exe
2492	Unicorn-2822.exe
288	Unicorn-20782.exe
1488	Unicorn-3590.exe
1644	Unicorn-61514.exe
3064	Unicorn-48515.exe
2328	Unicorn-14259.exe
2744	Unicorn-58629.exe
2768	Unicorn-54545.exe
2784	Unicorn-40155.exe
2792	Unicorn-34024.exe
3056	Unicorn-40155.exe
2708	Unicorn-21772.exe
2964	Unicorn-28457.exe
2332	Unicorn-59184.exe
464	Unicorn-61343.exe
2312	Unicorn-63289.exe
2368	Unicorn-16781.exe
2888	Unicorn-29033.exe
2040	Unicorn-14088.exe
3068	Unicorn-65235.exe
2576	Unicorn-65235.exe
1232	Unicorn-9904.exe
1684	Unicorn-16035.exe
2980	Unicorn-58251.exe
1132	Unicorn-44623.exe
1092	Unicorn-24757.exe
2168	Unicorn-50030.exe
2240	Unicorn-18648.exe
1880	Unicorn-59589.exe
2224	Unicorn-47337.exe
1456	Unicorn-31985.exe
952	Unicorn-14207.exe
564	Unicorn-14472.exe
1948	Unicorn-24322.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2488 wrote to memory of 2684	2488	2bbffa1cc8fab875d190ce951be287781976e18e46732e8793f007193a1d08cd.exe	30
PID 2488 wrote to memory of 2684	2488	2bbffa1cc8fab875d190ce951be287781976e18e46732e8793f007193a1d08cd.exe	30
PID 2488 wrote to memory of 2684	2488	2bbffa1cc8fab875d190ce951be287781976e18e46732e8793f007193a1d08cd.exe	30
PID 2488 wrote to memory of 2684	2488	2bbffa1cc8fab875d190ce951be287781976e18e46732e8793f007193a1d08cd.exe	30
PID 2684 wrote to memory of 2884	2684	Unicorn-41338.exe	31
PID 2684 wrote to memory of 2884	2684	Unicorn-41338.exe	31
PID 2684 wrote to memory of 2884	2684	Unicorn-41338.exe	31
PID 2684 wrote to memory of 2884	2684	Unicorn-41338.exe	31
PID 2488 wrote to memory of 2772	2488	2bbffa1cc8fab875d190ce951be287781976e18e46732e8793f007193a1d08cd.exe	32
PID 2488 wrote to memory of 2772	2488	2bbffa1cc8fab875d190ce951be287781976e18e46732e8793f007193a1d08cd.exe	32
PID 2488 wrote to memory of 2772	2488	2bbffa1cc8fab875d190ce951be287781976e18e46732e8793f007193a1d08cd.exe	32
PID 2488 wrote to memory of 2772	2488	2bbffa1cc8fab875d190ce951be287781976e18e46732e8793f007193a1d08cd.exe	32
PID 2884 wrote to memory of 2816	2884	Unicorn-19932.exe	33
PID 2884 wrote to memory of 2816	2884	Unicorn-19932.exe	33
PID 2884 wrote to memory of 2816	2884	Unicorn-19932.exe	33
PID 2884 wrote to memory of 2816	2884	Unicorn-19932.exe	33
PID 2684 wrote to memory of 2652	2684	Unicorn-41338.exe	34
PID 2684 wrote to memory of 2652	2684	Unicorn-41338.exe	34
PID 2684 wrote to memory of 2652	2684	Unicorn-41338.exe	34
PID 2684 wrote to memory of 2652	2684	Unicorn-41338.exe	34
PID 2772 wrote to memory of 2600	2772	Unicorn-28654.exe	35
PID 2772 wrote to memory of 2600	2772	Unicorn-28654.exe	35
PID 2772 wrote to memory of 2600	2772	Unicorn-28654.exe	35
PID 2772 wrote to memory of 2600	2772	Unicorn-28654.exe	35
PID 2488 wrote to memory of 2604	2488	2bbffa1cc8fab875d190ce951be287781976e18e46732e8793f007193a1d08cd.exe	36
PID 2488 wrote to memory of 2604	2488	2bbffa1cc8fab875d190ce951be287781976e18e46732e8793f007193a1d08cd.exe	36
PID 2488 wrote to memory of 2604	2488	2bbffa1cc8fab875d190ce951be287781976e18e46732e8793f007193a1d08cd.exe	36
PID 2488 wrote to memory of 2604	2488	2bbffa1cc8fab875d190ce951be287781976e18e46732e8793f007193a1d08cd.exe	36
PID 2652 wrote to memory of 2108	2652	Unicorn-24653.exe	37
PID 2652 wrote to memory of 2108	2652	Unicorn-24653.exe	37
PID 2652 wrote to memory of 2108	2652	Unicorn-24653.exe	37
PID 2652 wrote to memory of 2108	2652	Unicorn-24653.exe	37
PID 2684 wrote to memory of 2088	2684	Unicorn-41338.exe	38
PID 2684 wrote to memory of 2088	2684	Unicorn-41338.exe	38
PID 2684 wrote to memory of 2088	2684	Unicorn-41338.exe	38
PID 2684 wrote to memory of 2088	2684	Unicorn-41338.exe	38
PID 2816 wrote to memory of 1424	2816	Unicorn-48603.exe	39
PID 2816 wrote to memory of 1424	2816	Unicorn-48603.exe	39
PID 2816 wrote to memory of 1424	2816	Unicorn-48603.exe	39
PID 2816 wrote to memory of 1424	2816	Unicorn-48603.exe	39
PID 2604 wrote to memory of 2436	2604	Unicorn-3578.exe	40
PID 2604 wrote to memory of 2436	2604	Unicorn-3578.exe	40
PID 2604 wrote to memory of 2436	2604	Unicorn-3578.exe	40
PID 2604 wrote to memory of 2436	2604	Unicorn-3578.exe	40
PID 2884 wrote to memory of 648	2884	Unicorn-19932.exe	41
PID 2884 wrote to memory of 648	2884	Unicorn-19932.exe	41
PID 2884 wrote to memory of 648	2884	Unicorn-19932.exe	41
PID 2884 wrote to memory of 648	2884	Unicorn-19932.exe	41
PID 2600 wrote to memory of 1068	2600	Unicorn-13792.exe	42
PID 2600 wrote to memory of 1068	2600	Unicorn-13792.exe	42
PID 2600 wrote to memory of 1068	2600	Unicorn-13792.exe	42
PID 2600 wrote to memory of 1068	2600	Unicorn-13792.exe	42
PID 2488 wrote to memory of 2292	2488	2bbffa1cc8fab875d190ce951be287781976e18e46732e8793f007193a1d08cd.exe	43
PID 2488 wrote to memory of 2292	2488	2bbffa1cc8fab875d190ce951be287781976e18e46732e8793f007193a1d08cd.exe	43
PID 2488 wrote to memory of 2292	2488	2bbffa1cc8fab875d190ce951be287781976e18e46732e8793f007193a1d08cd.exe	43
PID 2488 wrote to memory of 2292	2488	2bbffa1cc8fab875d190ce951be287781976e18e46732e8793f007193a1d08cd.exe	43
PID 2772 wrote to memory of 2932	2772	Unicorn-28654.exe	44
PID 2772 wrote to memory of 2932	2772	Unicorn-28654.exe	44
PID 2772 wrote to memory of 2932	2772	Unicorn-28654.exe	44
PID 2772 wrote to memory of 2932	2772	Unicorn-28654.exe	44
PID 2108 wrote to memory of 808	2108	Unicorn-28266.exe	45
PID 2108 wrote to memory of 808	2108	Unicorn-28266.exe	45
PID 2108 wrote to memory of 808	2108	Unicorn-28266.exe	45
PID 2108 wrote to memory of 808	2108	Unicorn-28266.exe	45

C:\Users\Admin\AppData\Local\Temp\2bbffa1cc8fab875d190ce951be287781976e18e46732e8793f007193a1d08cd.exe
"C:\Users\Admin\AppData\Local\Temp\2bbffa1cc8fab875d190ce951be287781976e18e46732e8793f007193a1d08cd.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2488
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41338.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41338.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19932.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19932.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48603.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48603.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26860.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48432.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61343.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6299.exe
        8⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38094.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48928.exe
        9⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41322.exe
        9⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9070.exe
        8⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37192.exe
        8⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31318.exe
        8⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32279.exe
        8⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13263.exe
        8⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57425.exe
        7⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28671.exe
        7⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38633.exe
        7⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27539.exe
        7⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51934.exe
        7⤵
        
        PID:5704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16781.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61722.exe
        7⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9070.exe
        7⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37192.exe
        7⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35896.exe
        7⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48074.exe
        7⤵
        
        PID:6352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30127.exe
        6⤵
        
        PID:1692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20005.exe
        6⤵
        
        PID:936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13086.exe
        6⤵
        
        PID:4020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48553.exe
        6⤵
        
        PID:4328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13927.exe
        6⤵
        
        PID:5780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25408.exe
        6⤵
        
        PID:5556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53071.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58629.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11239.exe
        7⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42312.exe
        8⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52561.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30346.exe
        7⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28671.exe
        7⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29621.exe
        7⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29609.exe
        7⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45178.exe
        7⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57269.exe
        7⤵
        
        PID:5844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56911.exe
        6⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20522.exe
        7⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61113.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44082.exe
        6⤵
        
        PID:2748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31250.exe
        6⤵
        
        PID:3380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47468.exe
        6⤵
        
        PID:3736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49518.exe
        6⤵
        
        PID:5076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48074.exe
        6⤵
        
        PID:6288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34024.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11239.exe
        6⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18768.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57029.exe
        7⤵
        
        PID:6596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30346.exe
        6⤵
        
        PID:928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55169.exe
        6⤵
        
        PID:3948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14783.exe
        6⤵
        
        PID:4648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49345.exe
        6⤵
        
        PID:5776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57269.exe
        6⤵
        
        PID:5856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10974.exe
        5⤵
        
        PID:588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13040.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36532.exe
        6⤵
        
        PID:3760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21791.exe
        6⤵
        
        PID:4916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56209.exe
        6⤵
        
        PID:5200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41282.exe
        5⤵
        
        PID:1436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6049.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31662.exe
        5⤵
        
        PID:5108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59443.exe
        5⤵
        
        PID:4200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21208.exe
        5⤵
        
        PID:5180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4856.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23736.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40155.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55479.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60651.exe
        8⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26302.exe
        8⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3512.exe
        7⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4291.exe
        8⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10461.exe
        8⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39638.exe
        8⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29152.exe
        8⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25384.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56133.exe
        7⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35135.exe
        7⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31008.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59288.exe
        6⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36038.exe
        7⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12379.exe
        7⤵
        
        PID:6908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4440.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29159.exe
        6⤵
        
        PID:4068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22818.exe
        6⤵
        
        PID:4788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30250.exe
        6⤵
        
        PID:5628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13263.exe
        6⤵
        
        PID:5576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59184.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14171.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38094.exe
        7⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52518.exe
        7⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56209.exe
        7⤵
        
        PID:2984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15297.exe
        6⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21806.exe
        7⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12445.exe
        7⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56209.exe
        7⤵
        
        PID:1560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31250.exe
        6⤵
        
        PID:3396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47468.exe
        6⤵
        
        PID:4132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41158.exe
        6⤵
        
        PID:4920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48074.exe
        6⤵
        
        PID:6344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5109.exe
        5⤵
        
        PID:1736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-485.exe
        6⤵
        
        PID:5648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9857.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49947.exe
        5⤵
        
        PID:2188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22584.exe
        5⤵
        
        PID:632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30932.exe
        5⤵
        
        PID:4144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-855.exe
        5⤵
        
        PID:4716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26543.exe
        5⤵
        
        PID:6168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59515.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59515.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47337.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39683.exe
        6⤵
        
        PID:3640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36532.exe
        6⤵
        
        PID:3776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52518.exe
        6⤵
        
        PID:4828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21398.exe
        6⤵
        
        PID:5516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11130.exe
        5⤵
        
        PID:1696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42008.exe
        6⤵
        
        PID:4256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4740.exe
        6⤵
        
        PID:5148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50344.exe
        6⤵
        
        PID:6216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22805.exe
        5⤵
        
        PID:3188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50539.exe
        5⤵
        
        PID:1576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53019.exe
        5⤵
        
        PID:5104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40793.exe
        5⤵
        
        PID:5768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26543.exe
        5⤵
        
        PID:5900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14207.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14207.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46050.exe
        5⤵
        
        PID:264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12542.exe
        6⤵
        
        PID:3744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-464.exe
        6⤵
        
        PID:5456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50344.exe
        6⤵
        
        PID:6208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30346.exe
        5⤵
        
        PID:3040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25384.exe
        5⤵
        
        PID:3456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56133.exe
        5⤵
        
        PID:4136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-325.exe
        5⤵
        
        PID:3592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31008.exe
        5⤵
        
        PID:5300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2309.exe
      4⤵
      PID:2504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38094.exe
        5⤵
        
        PID:4988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52518.exe
        5⤵
        
        PID:4356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21398.exe
        5⤵
        
        PID:1152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24746.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24746.exe
      4⤵
      PID:2952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23114.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23114.exe
      4⤵
      PID:3424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26467.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26467.exe
      4⤵
      PID:4176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-824.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25408.exe
      4⤵
      PID:6160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24653.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24653.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28266.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33466.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3590.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62111.exe
        7⤵
        Executes dropped EXE
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58297.exe
        8⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11649.exe
        8⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50268.exe
        8⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35825.exe
        8⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47544.exe
        8⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34264.exe
        7⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22805.exe
        7⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38287.exe
        7⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53019.exe
        7⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40793.exe
        7⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26543.exe
        7⤵
        
        PID:2540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8312.exe
        6⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37976.exe
        7⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38909.exe
        7⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42295.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56209.exe
        7⤵
        
        PID:5192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48000.exe
        6⤵
        
        PID:1544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28671.exe
        6⤵
        
        PID:3112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29621.exe
        6⤵
        
        PID:3996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4547.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19262.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21208.exe
        6⤵
        
        PID:5208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61514.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28178.exe
        6⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11239.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38094.exe
        8⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52518.exe
        8⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21398.exe
        8⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30346.exe
        7⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50252.exe
        8⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32494.exe
        7⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50248.exe
        7⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26543.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60881.exe
        6⤵
        
        PID:2688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3470.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1563.exe
        6⤵
        
        PID:3752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25144.exe
        6⤵
        
        PID:4532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38732.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25408.exe
        6⤵
        
        PID:6320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38384.exe
        5⤵
        
        PID:2936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38094.exe
        6⤵
        
        PID:4956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21791.exe
        6⤵
        
        PID:4864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62130.exe
        6⤵
        
        PID:6852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53865.exe
        5⤵
        
        PID:1076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20005.exe
        5⤵
        
        PID:3096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13086.exe
        5⤵
        
        PID:4044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46675.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23647.exe
        5⤵
        
        PID:6048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21208.exe
        5⤵
        
        PID:4704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4062.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54545.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35163.exe
        6⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32496.exe
        7⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51340.exe
        7⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56209.exe
        7⤵
        
        PID:5364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29080.exe
        6⤵
        
        PID:3552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63807.exe
        6⤵
        
        PID:4408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39984.exe
        6⤵
        
        PID:4608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61067.exe
        6⤵
        
        PID:5916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31008.exe
        6⤵
        
        PID:5224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24752.exe
        5⤵
        
        PID:1612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4440.exe
        5⤵
        
        PID:2552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28526.exe
        5⤵
        
        PID:1704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14783.exe
        5⤵
        
        PID:4832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61597.exe
        5⤵
        
        PID:4584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26543.exe
        5⤵
        
        PID:5880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21772.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21772.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38868.exe
        5⤵
        
        PID:1572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61146.exe
        6⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19043.exe
        7⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22218.exe
        7⤵
        
        PID:6564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22805.exe
        6⤵
        
        PID:3252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50539.exe
        6⤵
        
        PID:3648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46145.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28112.exe
        6⤵
        
        PID:6008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48074.exe
        6⤵
        
        PID:6280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12500.exe
        5⤵
        
        PID:2612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40016.exe
        5⤵
        
        PID:3500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60891.exe
        5⤵
        
        PID:4672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62575.exe
        5⤵
        
        PID:4696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40066.exe
        5⤵
        
        PID:6016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21208.exe
        5⤵
        
        PID:6360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65245.exe
      4⤵
      PID:2876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50420.exe
        5⤵
        
        PID:1672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38909.exe
        5⤵
        
        PID:4800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42295.exe
        5⤵
        
        PID:5352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56209.exe
        5⤵
        
        PID:6304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26232.exe
      4⤵
      PID:2904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26378.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25352.exe
        5⤵
        
        PID:5416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50344.exe
        5⤵
        
        PID:6400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23480.exe
      4⤵
      PID:3508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22834.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22834.exe
      4⤵
      PID:4240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10318.exe
      4⤵
      PID:4784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34731.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34731.exe
      4⤵
      PID:6120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25408.exe
      4⤵
      PID:5976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4393.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4393.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1369.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1369.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48515.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26040.exe
        6⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32366.exe
        7⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36241.exe
        8⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22805.exe
        7⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50539.exe
        7⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46145.exe
        7⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28112.exe
        7⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48074.exe
        7⤵
        
        PID:6264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29032.exe
        6⤵
        
        PID:432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11416.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34524.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22066.exe
        7⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56209.exe
        7⤵
        
        PID:6464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48681.exe
        6⤵
        
        PID:3584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22304.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14783.exe
        6⤵
        
        PID:4736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24581.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62516.exe
        6⤵
        
        PID:6916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57321.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54727.exe
        6⤵
        
        PID:1464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11649.exe
        6⤵
        
        PID:3364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50268.exe
        6⤵
        
        PID:3004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9182.exe
        6⤵
        
        PID:2388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47544.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52084.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28671.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49560.exe
        5⤵
        
        PID:4936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63528.exe
        5⤵
        
        PID:4720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51934.exe
        5⤵
        
        PID:5644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14259.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14259.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7565.exe
        5⤵
        
        PID:884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48282.exe
        6⤵
        
        PID:3608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38909.exe
        6⤵
        
        PID:5060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47448.exe
        6⤵
        
        PID:5952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56209.exe
        6⤵
        
        PID:5196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1400.exe
        5⤵
        
        PID:900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22805.exe
        5⤵
        
        PID:868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38287.exe
        5⤵
        
        PID:3324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46145.exe
        5⤵
        
        PID:4468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19194.exe
        5⤵
        
        PID:5312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26543.exe
        5⤵
        
        PID:6384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56666.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56666.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55888.exe
        5⤵
        
        PID:2008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20685.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37201.exe
        5⤵
        
        PID:4536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16013.exe
        5⤵
        
        PID:5472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26543.exe
        5⤵
        
        PID:5876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34898.exe
      4⤵
      PID:2584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38094.exe
        5⤵
        
        PID:4996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52518.exe
        5⤵
        
        PID:4344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56209.exe
        5⤵
        
        PID:6176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40016.exe
      4⤵
      PID:3472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21036.exe
      4⤵
      PID:4332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62575.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62575.exe
      4⤵
      PID:4644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40066.exe
      4⤵
      PID:6124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21208.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21208.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21524.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21524.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65235.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65235.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35163.exe
        5⤵
        
        PID:1708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60015.exe
        6⤵
        
        PID:4164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20383.exe
        6⤵
        
        PID:4776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51615.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56209.exe
        6⤵
        
        PID:5368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29080.exe
        5⤵
        
        PID:3532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51555.exe
        5⤵
        
        PID:4376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39984.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18088.exe
        5⤵
        
        PID:5624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61735.exe
        5⤵
        
        PID:5672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49833.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49833.exe
      4⤵
      PID:2500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24077.exe
        5⤵
        
        PID:6948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22805.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22805.exe
      4⤵
      PID:3232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50539.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50539.exe
      4⤵
      PID:3596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46145.exe
      4⤵
      PID:4460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48532.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48532.exe
      4⤵
      PID:5328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48074.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48074.exe
      4⤵
      PID:6232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58251.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58251.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63746.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63746.exe
      4⤵
      PID:3288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30938.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30938.exe
      4⤵
      PID:3628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48945.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48945.exe
      4⤵
      PID:4400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34839.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34839.exe
      4⤵
      PID:5308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47544.exe
      4⤵
      PID:1720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28088.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28088.exe
    3⤵
    PID:2944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37457.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37457.exe
      4⤵
      PID:4112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20383.exe
      4⤵
      PID:4840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63867.exe
      4⤵
      PID:5960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56209.exe
      4⤵
      PID:6456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20535.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20535.exe
    3⤵
    PID:1800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8621.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8621.exe
    3⤵
    PID:4092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19809.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19809.exe
    3⤵
    PID:3240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22512.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22512.exe
    3⤵
    PID:6080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63209.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63209.exe
    3⤵
    PID:6524
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28654.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28654.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13792.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13792.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51364.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2822.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16035.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11239.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28936.exe
        8⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30938.exe
        8⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48945.exe
        8⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53313.exe
        8⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12733.exe
        8⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40016.exe
        7⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44471.exe
        7⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31849.exe
        7⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12054.exe
        7⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21208.exe
        7⤵
        
        PID:6328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50849.exe
        6⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19502.exe
        7⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39293.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47448.exe
        7⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56209.exe
        7⤵
        
        PID:5288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20005.exe
        6⤵
        
        PID:2412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13086.exe
        6⤵
        
        PID:4000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46675.exe
        6⤵
        
        PID:4308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23647.exe
        6⤵
        
        PID:6036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21208.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50030.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11753.exe
        6⤵
        
        PID:2476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56242.exe
        6⤵
        
        PID:2996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23293.exe
        6⤵
        
        PID:840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31484.exe
        6⤵
        
        PID:4796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46786.exe
        6⤵
        
        PID:5660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61735.exe
        6⤵
        
        PID:5620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47424.exe
        5⤵
        
        PID:1604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40016.exe
        5⤵
        
        PID:3488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9853.exe
        5⤵
        
        PID:4192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62575.exe
        5⤵
        
        PID:4636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27814.exe
        5⤵
        
        PID:5708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21208.exe
        5⤵
        
        PID:6392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20782.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20782.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14088.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60954.exe
        6⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35163.exe
        7⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53575.exe
        8⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47527.exe
        8⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45575.exe
        8⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29080.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45525.exe
        7⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39984.exe
        7⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48815.exe
        7⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31008.exe
        7⤵
        
        PID:5316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15297.exe
        6⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64099.exe
        7⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3811.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47544.exe
        7⤵
        
        PID:5396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42816.exe
        6⤵
        
        PID:3572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57420.exe
        6⤵
        
        PID:4364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50287.exe
        6⤵
        
        PID:5260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48074.exe
        6⤵
        
        PID:6296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47119.exe
        5⤵
        
        PID:948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28671.exe
        5⤵
        
        PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11991.exe
        5⤵
        
        PID:3332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60211.exe
        5⤵
        
        PID:5212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21208.exe
        5⤵
        
        PID:5468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9904.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9904.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57949.exe
        5⤵
        
        PID:1764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20005.exe
        5⤵
        
        PID:3104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13086.exe
        5⤵
        
        PID:4084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46675.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23647.exe
        5⤵
        
        PID:5984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51934.exe
        5⤵
        
        PID:5636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35680.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35680.exe
      4⤵
      PID:2872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2170.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65030.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65030.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62020.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62020.exe
      4⤵
      PID:4804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24650.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24650.exe
      4⤵
      PID:5584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47806.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47806.exe
      4⤵
      PID:6516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23330.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23330.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60492.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60492.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65235.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40016.exe
        6⤵
        
        PID:3524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5769.exe
        6⤵
        
        PID:4248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52043.exe
        6⤵
        
        PID:5248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21208.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49833.exe
        5⤵
        
        PID:2472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22805.exe
        5⤵
        
        PID:3260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50539.exe
        5⤵
        
        PID:3676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46145.exe
        5⤵
        
        PID:4424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28112.exe
        5⤵
        
        PID:5920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13263.exe
        5⤵
        
        PID:5536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24757.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24757.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55016.exe
        5⤵
        
        PID:2692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64533.exe
        6⤵
        
        PID:6784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10305.exe
        5⤵
        
        PID:1368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20493.exe
        5⤵
        
        PID:4048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6283.exe
        5⤵
        
        PID:4744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47316.exe
        5⤵
        
        PID:5604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57269.exe
        5⤵
        
        PID:5848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56714.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56714.exe
      4⤵
      PID:696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11525.exe
        5⤵
        
        PID:3568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38909.exe
        5⤵
        
        PID:4896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12637.exe
        5⤵
        
        PID:5888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25483.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1640.exe
      4⤵
      PID:1384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3958.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3958.exe
      4⤵
      PID:4004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23348.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23348.exe
      4⤵
      PID:4748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60595.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60595.exe
      4⤵
      PID:5680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21208.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21208.exe
      4⤵
      PID:6068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62229.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62229.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14472.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14472.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52558.exe
        5⤵
        
        PID:3408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38909.exe
        5⤵
        
        PID:4928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27027.exe
        5⤵
        
        PID:5860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25483.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39718.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39718.exe
      4⤵
      PID:2444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22805.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22805.exe
      4⤵
      PID:3224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50539.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50539.exe
      4⤵
      PID:1664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46145.exe
      4⤵
      PID:4464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48532.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48532.exe
      4⤵
      PID:5320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48074.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48074.exe
      4⤵
      PID:6256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24322.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24322.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6299.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6299.exe
      4⤵
      PID:1996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9070.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9070.exe
      4⤵
      PID:3088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37192.exe
      4⤵
      PID:3976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60593.exe
      4⤵
      PID:5228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48074.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48074.exe
      4⤵
      PID:6480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3591.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3591.exe
    3⤵
    PID:2160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3470.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3470.exe
    3⤵
    PID:920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30152.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30152.exe
    3⤵
    PID:3308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25144.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25144.exe
    3⤵
    PID:3780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18312.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18312.exe
    3⤵
    PID:6092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25408.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25408.exe
    3⤵
    PID:6312
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3578.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3578.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24722.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24722.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3315.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3315.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40155.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19408.exe
        6⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38094.exe
        7⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52518.exe
        7⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2799.exe
        7⤵
        
        PID:7652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30346.exe
        6⤵
        
        PID:1496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29351.exe
        6⤵
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53737.exe
        6⤵
        
        PID:4572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64485.exe
        6⤵
        
        PID:5444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48074.exe
        6⤵
        
        PID:6272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37113.exe
        5⤵
        
        PID:2264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49852.exe
        6⤵
        
        PID:5424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65197.exe
        6⤵
        
        PID:6640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4440.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32494.exe
        5⤵
        
        PID:5020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19521.exe
        5⤵
        
        PID:1712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26543.exe
        5⤵
        
        PID:6152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28457.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28457.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28562.exe
        5⤵
        
        PID:2360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34783.exe
        5⤵
        
        PID:1820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28671.exe
        5⤵
        
        PID:988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29621.exe
        5⤵
        
        PID:4016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4547.exe
        5⤵
        
        PID:4208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19262.exe
        5⤵
        
        PID:5760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21208.exe
        5⤵
        
        PID:6104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26515.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26515.exe
      4⤵
      PID:2752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15412.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5124.exe
        5⤵
        
        PID:5696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50344.exe
        5⤵
        
        PID:6240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41282.exe
      4⤵
      PID:2832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6049.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6049.exe
      4⤵
      PID:3336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30598.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30598.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53314.exe
      4⤵
      PID:5508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25408.exe
      4⤵
      PID:6448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3870.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3870.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44623.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11239.exe
        5⤵
        
        PID:688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52345.exe
        6⤵
        
        PID:4060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13398.exe
        6⤵
        
        PID:5064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9539.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21398.exe
        6⤵
        
        PID:5800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55888.exe
        5⤵
        
        PID:1908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31250.exe
        5⤵
        
        PID:3388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47468.exe
        5⤵
        
        PID:4104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49518.exe
        5⤵
        
        PID:5044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48074.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50849.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50849.exe
      4⤵
      PID:2452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38094.exe
        5⤵
        
        PID:4972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52518.exe
        5⤵
        
        PID:4540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56209.exe
        5⤵
        
        PID:5204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20005.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20005.exe
      4⤵
      PID:2664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29057.exe
      4⤵
      PID:3924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10318.exe
      4⤵
      PID:4872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34731.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34731.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25408.exe
      4⤵
      PID:5504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18648.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18648.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11239.exe
      4⤵
      PID:316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42003.exe
        5⤵
        
        PID:4528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9291.exe
        5⤵
        
        PID:5440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50344.exe
        5⤵
        
        PID:6432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55888.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55888.exe
      4⤵
      PID:2320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31250.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47468.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47468.exe
      4⤵
      PID:2004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49518.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49518.exe
      4⤵
      PID:4600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48074.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48074.exe
      4⤵
      PID:6368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48049.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48049.exe
    3⤵
    PID:1448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37325.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37325.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65197.exe
      4⤵
      PID:6632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50642.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50642.exe
    3⤵
    PID:2780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21023.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21023.exe
    3⤵
    PID:4032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1818.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1818.exe
    3⤵
    PID:4756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47092.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47092.exe
    3⤵
    PID:5808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25408.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25408.exe
    3⤵
    PID:6440
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42931.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42931.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13429.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13429.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63289.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26912.exe
        5⤵
        
        PID:1716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9070.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32421.exe
        5⤵
        
        PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54810.exe
        5⤵
        
        PID:4288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44648.exe
        5⤵
        
        PID:5968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31008.exe
        5⤵
        
        PID:6184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34866.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34866.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42615.exe
        5⤵
        
        PID:3276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56537.exe
        5⤵
        
        PID:4556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24725.exe
        5⤵
        
        PID:5612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47544.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22805.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22805.exe
      4⤵
      PID:3204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50539.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50539.exe
      4⤵
      PID:3444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53019.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53019.exe
      4⤵
      PID:2924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40793.exe
      4⤵
      PID:5804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26543.exe
      4⤵
      PID:6192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29033.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29033.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35163.exe
      4⤵
      PID:1964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14317.exe
        5⤵
        
        PID:4780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43827.exe
        5⤵
        
        PID:5480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50344.exe
        5⤵
        
        PID:6408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29080.exe
      4⤵
      PID:3460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45525.exe
      4⤵
      PID:4316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39984.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39984.exe
      4⤵
      PID:4612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61067.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61067.exe
      4⤵
      PID:6004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31008.exe
      4⤵
      PID:6424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-169.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-169.exe
    3⤵
    PID:3024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28671.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28671.exe
    3⤵
    PID:3144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29621.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29621.exe
    3⤵
    PID:3244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29609.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29609.exe
    3⤵
    PID:2236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45178.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45178.exe
    3⤵
    PID:5940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26543.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26543.exe
    3⤵
    PID:5980
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29003.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29003.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59589.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59589.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3066.exe
      4⤵
      PID:1808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1336.exe
        5⤵
        
        PID:5528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38445.exe
        5⤵
        
        PID:6868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7975.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7975.exe
      4⤵
      PID:3764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27133.exe
      4⤵
      PID:5052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54299.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54299.exe
      4⤵
      PID:984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47544.exe
      4⤵
      PID:5388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33688.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33688.exe
    3⤵
    PID:2736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22805.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22805.exe
    3⤵
    PID:3172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50539.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50539.exe
    3⤵
    PID:3436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46145.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46145.exe
    3⤵
    PID:4416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13722.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13722.exe
    3⤵
    PID:5156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48074.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48074.exe
    3⤵
    PID:6248
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31985.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31985.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20768.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20768.exe
    3⤵
    PID:3300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30938.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30938.exe
    3⤵
    PID:3624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12682.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12682.exe
    3⤵
    PID:4276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40263.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40263.exe
    3⤵
    PID:5744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31008.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31008.exe
    3⤵
    PID:5908
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38932.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38932.exe
  2⤵
  PID:1952
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64542.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64542.exe
  2⤵
  PID:3196
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15538.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15538.exe
  2⤵
  PID:3656
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24009.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24009.exe
  2⤵
  PID:4216
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60313.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60313.exe
  2⤵
  PID:6028
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45009.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45009.exe
  2⤵
  PID:6500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13792.exe

Filesize
468KB

MD5
33bf99396814d9f3743dd5f547675f19

SHA1
cb527609701402f09aad136fb04a2fc4f87677be

SHA256
bde648e3086cabec0bf0be47e0d40777526515d6b1d2e936a18164d2b38000cd

SHA512
aba0475de3fa6dbeacf4721dccb1ef625191d294b5c4532de07d02949b7f0f0a091fa80003e543fc2741f4757a1453447d993e71c06affaa2140701005b6bc6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23330.exe

Filesize
468KB

MD5
8a63ed537f284977762b16b0f07959ae

SHA1
25d13217e0a6e32c6e87a1ac6417737fc3c999c0

SHA256
d1c3ead66f5e1b19aa8d88246908867677bb0bdd79c7b260e0df09409706b6f8

SHA512
2ffaae4f02db7557314a61e8aa59c2162bfda05b8cb0f7213f7aedd29f6dfc5fb887815e27a887ac606b98f89103de825d194fd9eb495a9621c366d3f4252827

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24653.exe

Filesize
468KB

MD5
9d1daee24e5db8f1c8befa285009a1cd

SHA1
7faae11a626d1f79bc9d2ad0a2cb4470e350ac77

SHA256
5c40b8a601b7c12473fbbfa8fe32289833f1a677a8b432864b35098a215cdfb2

SHA512
014a3f072d98dacd59a3086db49bdf7290911bbcd66d2895a29f04b09b48294e4fb997f55bddfbb8b690a45d46f07852f4542c6c621a4309251e0742caf1d31f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28654.exe

Filesize
468KB

MD5
0367c35e80e8bcfff2a959bd8000fea3

SHA1
6dff2378fcde35c5f661ba6d3335fb9dea73f7cb

SHA256
16beae23c00ca1153ea8910a6c0505bbd9b43479f907fb49f61b8ab64ecae805

SHA512
34062be6c9276e917c77c9363bf8c6b9b4d6007e70ca64c76dd40158b70e6bf5ee97123c6cba507bfd4935a5d6ef7c21382a1e5d54fc72c36eb4c091c5549a1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39718.exe

Filesize
468KB

MD5
becc034140b0e55353c7d69a679ef79e

SHA1
8b7f02dfb0071cf7baf69a0fef7cad73af7d03d8

SHA256
a2081d7707513f563740cc4fa7f19f08fd9e84d65843093b2652b7057a3f6828

SHA512
d262c9450530b4dc22f82a0476e31a5a7cacff943a04349bdc07be97b58d04b5ef1823298f0a5cc18d397e7651a908a59181bc07750f5f4a09137ce19a1642bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4062.exe

Filesize
468KB

MD5
6eb19f824464343bd50fb66b5bb8e97a

SHA1
7b0908c40ecc65b9d6a118d20d668e83259e59c8

SHA256
9c114a8e29abb9926e26b1cc8313ca386e8b20f40cc0becd97561845f213e365

SHA512
bd615606fe3c408125d994331344c479639c2db700745457affb93891742f4b6323d15304f98d50ce4a28688458e50294b1d5732748447470c67adbf41f3c7c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42931.exe

Filesize
468KB

MD5
c10bfb6ba99e30b747bea2f35e9536c2

SHA1
0b5c4c58f5e1ff39a0075dd60a743b92b1bfd7ff

SHA256
f96cd148ec8e34f285f82eba1e728843f3792939293e020b120cece698f650f3

SHA512
e56b3ce9f43bfd70e3c377122b094b857ca11366fa477f1feb2f66a01e32b2f684593c9a7be5facb75b46ebf2ee65edf5a16a54d118cb99a12a203dff2fea51b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4856.exe

Filesize
468KB

MD5
9c26878a38b770a9483dfd85d1892835

SHA1
20ab531e77a18b73fddb67e54d16c34ce87bb5f9

SHA256
702ee6a820d8fd1481e34f37370a2d796619587de3ec52379a95ee1d8ab0e740

SHA512
8aa21d4010dd47eae68fee9505201fb5f9c9f757479c04c50c61aeda6602cc101d7f7c46b0b46c2eb1ddff783ed5004bf3f2ce05b2b3e8f614da0727b12af8ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50248.exe

Filesize
468KB

MD5
0103bcc5e1fa3055a6311b7f2f697fa4

SHA1
23b3d87ff8a7a964c00cd03d9c906112b7fccf83

SHA256
620aaf3b1355309e235f7abad8dd71d0171c94b5514784501c76ca93a48c4acb

SHA512
8aa55d8d0629b7ea11a2600df9659834e7bfb444d877f0764398abfdc7cd0de2685435ecb530c1a87bc5e543af2800fda63193455be765d27cd39a53a203897b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50287.exe

Filesize
468KB

MD5
c0c1a296f4a0e2ab4e46a8781dbe55d7

SHA1
d08d7e40e094630841acb24cca3b70c8bfc18b42

SHA256
28aeb61599bd4ca6edc66578a7a6960323e005fac88f121a2b8064fdc8667b4f

SHA512
54d0f053be173d875389703a113433189613e75e02668f18243f5de9ca111f5b843ad1cff8acf5142454e2156b19f014374e98ae8da09c3a5dac550f69ea931a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51364.exe

Filesize
468KB

MD5
4fc6ddb2ab495721e8f97254c559a620

SHA1
0b15318e99cb6461ce9204ccbc701671f6be851d

SHA256
7b17c0778b540157b0d33fe4ed5591d9123aa923901bab046b2f143249ceb343

SHA512
f758ab37289c2312e67591e0348ccf70d6d55ccd45493ffe8165b308df0db32e89d766800d5ead43672995fbab2031fc13b43c8fb2bd003022f3cf88d9826051

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1369.exe

Filesize
468KB

MD5
06a7170984bfbba7878cffe353d18be0

SHA1
ef551cc9e8f7217c1df2d66bbc38854ab2891722

SHA256
9deffa0c0bad9113ace6c2ab2a2a64145270fa4004aa5cf036cb5a7d580c6581

SHA512
a47e301a045c1ba3c0a5389f792ac5ab89afa70b534e49e179d06b6713553a89b666053e49a3febe343843364527292251bd1227c19f63414c34a496d0128b89

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19932.exe

Filesize
468KB

MD5
2bcd05dd5ae9d5a15982f2668b739d1d

SHA1
3f70b3d32ffb05daea0386a55a5588af7ad64948

SHA256
cf9c63bc1ab2bc1da1d12608160a1ddb649ec7048e9180c29062d9ff449bdeb5

SHA512
dce012dbeba52d1b260228cb009722fa2fb95983f052302e01ce3e2713ed159e4b0cc200b657cb389768c1b515e19f65c7f79252766a266513f52a192a12dafc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21524.exe

Filesize
468KB

MD5
9be69f80d30ffd21c469cba9565b5042

SHA1
91fa73c7388bf08dd68a4e8b9619a78e88d30377

SHA256
4fce77ff6cd7655ee5ad038c85ea028bf9be85b7b02c3948f90402297f28f66f

SHA512
fc64b3314e6fd048d997c330876ec2349449ff79aadb0cc1f4f9862e443b8cb94cdfe0f80e248e1c48ddfd15993e61cf0e7ecdb7e075d566cc478c5f64eec688

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24722.exe

Filesize
468KB

MD5
bc30b541683888f42e68a3b3d3a16c96

SHA1
1b58eeb80c3088502e1734c50a1f380bc3419118

SHA256
98311dced939c5dc74d63deb502528454e6521bbf5ed99d7d176184c0cfd8056

SHA512
a73292a2dd65d331bb8da9a40ae9aa6d750fb5445b61b1bd11dc9ea4d21b5a8662038105678e9b22656ab4827278ca9e74f40af3330f42878e9f8e8401cec868

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26860.exe

Filesize
468KB

MD5
9ce132b9dc933cb58f808f12e183c6ef

SHA1
c7aeb34e5f917d2b7ebb4db1d3ae0ad7890dc6b8

SHA256
305a99a53d40d1b41e77b748e031e1a903848bf70cfc873847d450f851bfcbab

SHA512
9ab4ca11eb40965b9e07ee6c75a4ff6b91c64109c3e3bd29746298b304b42f0532b7a7bc4c48b1b161181fb40471ce164e456ceaef6c91bdbf579d519ca8cba7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28266.exe

Filesize
468KB

MD5
18086bcb00a7d81525de268c927a36d1

SHA1
f4336c665fd7d088bbefb5b6f790b3da9cdd1908

SHA256
51ac0564563972aa180604ae0e9e1bb45276e974c7609fc2529939bd5b2bc299

SHA512
fcf5fa6134ea1334065a7ed134dbd9258d23ebbb53e973e8a38cfc3fa7c8df15d451e624ab5956701e07991ccf91d30727b5d4506004774658b64ef2d5320dfd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33466.exe

Filesize
468KB

MD5
7c0e920f1a05f4efa3539b7e70113008

SHA1
8f9b289a52a4d8f0cd33bf2fd097243bc194d5c6

SHA256
754bd2f1c7c6beeecda73a7ae69313fa982940add98d720f5a0cfab43e6b89a2

SHA512
2eb106897982fa58c8e68ffe0e0ab48d4ac842dc17f9a7e86df4f83d762aa7449b522525bd8bd85240cfd18a6e28f7d4cc3c032e573e15248c9968efbe71ddd6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3578.exe

Filesize
468KB

MD5
3d41fa2f7b7aab0e9a37cea7609e1146

SHA1
1055ef1440abdb36c09319a3fefe482778a226a9

SHA256
06d1e89638857a05ec634a71ae49fd627705ed902251a53d11916dc92a1c7197

SHA512
edecabb04348c85816777286e6e1ee15e347a6875583169bef38a38302229874039234b276181d3e822abb13238c4c0a587fe8d126255882974d7b7e51e6f060

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41338.exe

Filesize
468KB

MD5
659dd516066cddc0a4264036ce37850e

SHA1
cf9e18a795fe993c4c402ccc7ac76e873acb8f91

SHA256
c111f797fda178af422a87420e2256dff06e8337b09561a3b2cbab3a4e7c7588

SHA512
fd42b6b895b13e75fdb773de26fafb4059e363e74ad635c04c9cd969147cea7014159596158167dc30ca1bb26c3628b2a858a52cd0030112d37355936ec8027a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4393.exe

Filesize
468KB

MD5
bbf221ec4ab6eba06d46db97e38797d0

SHA1
a833b1b8209c3d6cf6e4ebdf85eb9c71cd56b0da

SHA256
056bfe95b61030322d2d76bae0d57a0be18054cc1ed2a08c6970b3ebfafb5660

SHA512
298f5b4f8130099ce4537e44ff484c4900aa625b226317741aac1c3e887e7f986a87451ec816cc1e20ed3276f65c76bdc5892e68184e22c10a7c74089934f06a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48603.exe

Filesize
468KB

MD5
0a6502fa840e63c6bade7979b44a696b

SHA1
8083ea285f597c1555412ff0422dbbee25db180e

SHA256
a9285fa2706ac867eeb0106276b496d63b621fdd26da2299f42f5af4eead14bd

SHA512
3b5275416b78a766fa50c60f2a3e30bd32d912088a28243de24817f1d79a3cf962c7c230dd5ef79a16fbaa1ff91d5747d4020a8afa96ba293efd1d8f1f0e1c3e

Download Submit