06a9e401776a16ffac7d54ecab176183f556a19acc96139de0d98b25f7ad54ac

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
06-10-2024 07:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

06a9e401776a16ffac7d54ecab176183f556a19acc96139de0d98b25f7ad54acN.exe
Size

468KB
MD5

e034af725064e12cef34c893e89f4df0
SHA1

24ac68073a3a958382e01718d1aef2af7ce08e0a
SHA256

06a9e401776a16ffac7d54ecab176183f556a19acc96139de0d98b25f7ad54ac
SHA512

41de0547086bb2e708a23048bf1977264561c8c30546ff5c6f30c25dfe1a65b3142e28cb590ccb42486f63c030ea21f93260b2a10425d61646cc08a2ebfb3ae8
SSDEEP

3072:yu0mogkEIY5AtbY9zfjTff8w/Chir6pO/EHCYV/WvWdL3ATuJRUH:yuNotYAtSzrTfflyS5vWZQTuJ

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
824	Unicorn-8249.exe
2212	Unicorn-31488.exe
2216	Unicorn-60823.exe
2900	Unicorn-58343.exe
2804	Unicorn-42199.exe
2652	Unicorn-22333.exe
2796	Unicorn-11564.exe
576	Unicorn-4897.exe
3000	Unicorn-50761.exe
1280	Unicorn-43826.exe
2852	Unicorn-15984.exe
1528	Unicorn-35850.exe
1524	Unicorn-29719.exe
664	Unicorn-35850.exe
1444	Unicorn-43753.exe
2576	Unicorn-52736.exe
3004	Unicorn-1926.exe
2716	Unicorn-62632.exe
856	Unicorn-40358.exe
1140	Unicorn-1864.exe
3008	Unicorn-34656.exe
964	Unicorn-34921.exe
2224	Unicorn-50495.exe
696	Unicorn-53696.exe
1020	Unicorn-8024.exe
1184	Unicorn-40697.exe
1680	Unicorn-20831.exe
1688	Unicorn-2086.exe
2424	Unicorn-37359.exe
2172	Unicorn-50183.exe
2064	Unicorn-46846.exe
1048	Unicorn-42207.exe
2296	Unicorn-11380.exe
2880	Unicorn-58735.exe
304	Unicorn-25871.exe
2400	Unicorn-25606.exe
2112	Unicorn-21189.exe
2268	Unicorn-57967.exe
2436	Unicorn-39170.exe
2660	Unicorn-14474.exe
2544	Unicorn-34340.exe
2800	Unicorn-24370.exe
2848	Unicorn-16202.exe
2584	Unicorn-11947.exe
2988	Unicorn-16586.exe
2588	Unicorn-36452.exe
1560	Unicorn-46850.exe
1640	Unicorn-28476.exe
1620	Unicorn-18002.exe
1816	Unicorn-51636.exe
1588	Unicorn-51636.exe
2964	Unicorn-29361.exe
2020	Unicorn-26561.exe
1924	Unicorn-3011.exe
396	Unicorn-3011.exe
496	Unicorn-3011.exe
2108	Unicorn-16010.exe
2472	Unicorn-41387.exe
2188	Unicorn-35522.exe
764	Unicorn-40365.exe
2004	Unicorn-62601.exe
2420	Unicorn-17122.exe
1008	Unicorn-28968.exe
888	Unicorn-48834.exe

Loads dropped DLL 64 IoCs

pid	Process
2512	06a9e401776a16ffac7d54ecab176183f556a19acc96139de0d98b25f7ad54acN.exe
2512	06a9e401776a16ffac7d54ecab176183f556a19acc96139de0d98b25f7ad54acN.exe
824	Unicorn-8249.exe
2512	06a9e401776a16ffac7d54ecab176183f556a19acc96139de0d98b25f7ad54acN.exe
824	Unicorn-8249.exe
2512	06a9e401776a16ffac7d54ecab176183f556a19acc96139de0d98b25f7ad54acN.exe
2212	Unicorn-31488.exe
2212	Unicorn-31488.exe
824	Unicorn-8249.exe
824	Unicorn-8249.exe
2216	Unicorn-60823.exe
2216	Unicorn-60823.exe
2512	06a9e401776a16ffac7d54ecab176183f556a19acc96139de0d98b25f7ad54acN.exe
2512	06a9e401776a16ffac7d54ecab176183f556a19acc96139de0d98b25f7ad54acN.exe
2804	Unicorn-42199.exe
2804	Unicorn-42199.exe
2216	Unicorn-60823.exe
2216	Unicorn-60823.exe
2900	Unicorn-58343.exe
2900	Unicorn-58343.exe
2212	Unicorn-31488.exe
2212	Unicorn-31488.exe
824	Unicorn-8249.exe
2796	Unicorn-11564.exe
2652	Unicorn-22333.exe
824	Unicorn-8249.exe
2796	Unicorn-11564.exe
2652	Unicorn-22333.exe
2512	06a9e401776a16ffac7d54ecab176183f556a19acc96139de0d98b25f7ad54acN.exe
2512	06a9e401776a16ffac7d54ecab176183f556a19acc96139de0d98b25f7ad54acN.exe
576	Unicorn-4897.exe
576	Unicorn-4897.exe
2804	Unicorn-42199.exe
2804	Unicorn-42199.exe
3000	Unicorn-50761.exe
3000	Unicorn-50761.exe
2216	Unicorn-60823.exe
2216	Unicorn-60823.exe
1524	Unicorn-29719.exe
1524	Unicorn-29719.exe
824	Unicorn-8249.exe
1444	Unicorn-43753.exe
824	Unicorn-8249.exe
1444	Unicorn-43753.exe
2512	06a9e401776a16ffac7d54ecab176183f556a19acc96139de0d98b25f7ad54acN.exe
2512	06a9e401776a16ffac7d54ecab176183f556a19acc96139de0d98b25f7ad54acN.exe
2652	Unicorn-22333.exe
664	Unicorn-35850.exe
2652	Unicorn-22333.exe
664	Unicorn-35850.exe
2796	Unicorn-11564.exe
1280	Unicorn-43826.exe
1280	Unicorn-43826.exe
2796	Unicorn-11564.exe
2212	Unicorn-31488.exe
2212	Unicorn-31488.exe
2900	Unicorn-58343.exe
2900	Unicorn-58343.exe
2576	Unicorn-52736.exe
2576	Unicorn-52736.exe
576	Unicorn-4897.exe
576	Unicorn-4897.exe
3004	Unicorn-1926.exe
3004	Unicorn-1926.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
872	2188	WerFault.exe	89

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38325.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29988.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49933.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61156.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46036.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25606.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3011.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60162.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62572.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29476.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41147.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49537.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17742.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4206.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23100.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37508.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21052.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26408.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50728.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41832.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34921.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63996.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10648.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53503.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46036.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52061.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48601.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59357.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46036.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5700.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17339.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38325.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49933.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2107.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62654.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10734.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11807.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41855.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1847.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22370.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17162.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28260.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34588.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19311.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35635.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37205.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38325.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40545.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41367.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46036.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46846.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65030.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62572.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10730.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42273.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30176.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57075.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48601.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35849.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26095.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46036.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36236.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62572.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31488.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2512	06a9e401776a16ffac7d54ecab176183f556a19acc96139de0d98b25f7ad54acN.exe
824	Unicorn-8249.exe
2212	Unicorn-31488.exe
2216	Unicorn-60823.exe
2804	Unicorn-42199.exe
2652	Unicorn-22333.exe
2900	Unicorn-58343.exe
2796	Unicorn-11564.exe
576	Unicorn-4897.exe
3000	Unicorn-50761.exe
1280	Unicorn-43826.exe
664	Unicorn-35850.exe
2852	Unicorn-15984.exe
1524	Unicorn-29719.exe
1528	Unicorn-35850.exe
1444	Unicorn-43753.exe
2576	Unicorn-52736.exe
3004	Unicorn-1926.exe
2716	Unicorn-62632.exe
856	Unicorn-40358.exe
1140	Unicorn-1864.exe
964	Unicorn-34921.exe
3008	Unicorn-34656.exe
1020	Unicorn-8024.exe
696	Unicorn-53696.exe
1680	Unicorn-20831.exe
1184	Unicorn-40697.exe
2224	Unicorn-50495.exe
1688	Unicorn-2086.exe
2424	Unicorn-37359.exe
2172	Unicorn-50183.exe
2064	Unicorn-46846.exe
1048	Unicorn-42207.exe
2296	Unicorn-11380.exe
2880	Unicorn-58735.exe
2400	Unicorn-25606.exe
304	Unicorn-25871.exe
2112	Unicorn-21189.exe
2268	Unicorn-57967.exe
2436	Unicorn-39170.exe
2660	Unicorn-14474.exe
2544	Unicorn-34340.exe
2800	Unicorn-24370.exe
2848	Unicorn-16202.exe
2584	Unicorn-11947.exe
2988	Unicorn-16586.exe
2588	Unicorn-36452.exe
1620	Unicorn-18002.exe
1640	Unicorn-28476.exe
1560	Unicorn-46850.exe
1816	Unicorn-51636.exe
1588	Unicorn-51636.exe
2964	Unicorn-29361.exe
496	Unicorn-3011.exe
1924	Unicorn-3011.exe
396	Unicorn-3011.exe
2020	Unicorn-26561.exe
2108	Unicorn-16010.exe
2472	Unicorn-41387.exe
2188	Unicorn-35522.exe
764	Unicorn-40365.exe
2004	Unicorn-62601.exe
2420	Unicorn-17122.exe
1008	Unicorn-28968.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2512 wrote to memory of 824	2512	06a9e401776a16ffac7d54ecab176183f556a19acc96139de0d98b25f7ad54acN.exe	31
PID 2512 wrote to memory of 824	2512	06a9e401776a16ffac7d54ecab176183f556a19acc96139de0d98b25f7ad54acN.exe	31
PID 2512 wrote to memory of 824	2512	06a9e401776a16ffac7d54ecab176183f556a19acc96139de0d98b25f7ad54acN.exe	31
PID 2512 wrote to memory of 824	2512	06a9e401776a16ffac7d54ecab176183f556a19acc96139de0d98b25f7ad54acN.exe	31
PID 824 wrote to memory of 2212	824	Unicorn-8249.exe	32
PID 824 wrote to memory of 2212	824	Unicorn-8249.exe	32
PID 824 wrote to memory of 2212	824	Unicorn-8249.exe	32
PID 824 wrote to memory of 2212	824	Unicorn-8249.exe	32
PID 2512 wrote to memory of 2216	2512	06a9e401776a16ffac7d54ecab176183f556a19acc96139de0d98b25f7ad54acN.exe	33
PID 2512 wrote to memory of 2216	2512	06a9e401776a16ffac7d54ecab176183f556a19acc96139de0d98b25f7ad54acN.exe	33
PID 2512 wrote to memory of 2216	2512	06a9e401776a16ffac7d54ecab176183f556a19acc96139de0d98b25f7ad54acN.exe	33
PID 2512 wrote to memory of 2216	2512	06a9e401776a16ffac7d54ecab176183f556a19acc96139de0d98b25f7ad54acN.exe	33
PID 2212 wrote to memory of 2900	2212	Unicorn-31488.exe	34
PID 2212 wrote to memory of 2900	2212	Unicorn-31488.exe	34
PID 2212 wrote to memory of 2900	2212	Unicorn-31488.exe	34
PID 2212 wrote to memory of 2900	2212	Unicorn-31488.exe	34
PID 824 wrote to memory of 2652	824	Unicorn-8249.exe	35
PID 824 wrote to memory of 2652	824	Unicorn-8249.exe	35
PID 824 wrote to memory of 2652	824	Unicorn-8249.exe	35
PID 824 wrote to memory of 2652	824	Unicorn-8249.exe	35
PID 2216 wrote to memory of 2804	2216	Unicorn-60823.exe	36
PID 2216 wrote to memory of 2804	2216	Unicorn-60823.exe	36
PID 2216 wrote to memory of 2804	2216	Unicorn-60823.exe	36
PID 2216 wrote to memory of 2804	2216	Unicorn-60823.exe	36
PID 2512 wrote to memory of 2796	2512	06a9e401776a16ffac7d54ecab176183f556a19acc96139de0d98b25f7ad54acN.exe	37
PID 2512 wrote to memory of 2796	2512	06a9e401776a16ffac7d54ecab176183f556a19acc96139de0d98b25f7ad54acN.exe	37
PID 2512 wrote to memory of 2796	2512	06a9e401776a16ffac7d54ecab176183f556a19acc96139de0d98b25f7ad54acN.exe	37
PID 2512 wrote to memory of 2796	2512	06a9e401776a16ffac7d54ecab176183f556a19acc96139de0d98b25f7ad54acN.exe	37
PID 2804 wrote to memory of 576	2804	Unicorn-42199.exe	38
PID 2804 wrote to memory of 576	2804	Unicorn-42199.exe	38
PID 2804 wrote to memory of 576	2804	Unicorn-42199.exe	38
PID 2804 wrote to memory of 576	2804	Unicorn-42199.exe	38
PID 2216 wrote to memory of 3000	2216	Unicorn-60823.exe	39
PID 2216 wrote to memory of 3000	2216	Unicorn-60823.exe	39
PID 2216 wrote to memory of 3000	2216	Unicorn-60823.exe	39
PID 2216 wrote to memory of 3000	2216	Unicorn-60823.exe	39
PID 2900 wrote to memory of 1280	2900	Unicorn-58343.exe	40
PID 2900 wrote to memory of 1280	2900	Unicorn-58343.exe	40
PID 2900 wrote to memory of 1280	2900	Unicorn-58343.exe	40
PID 2900 wrote to memory of 1280	2900	Unicorn-58343.exe	40
PID 2212 wrote to memory of 2852	2212	Unicorn-31488.exe	41
PID 2212 wrote to memory of 2852	2212	Unicorn-31488.exe	41
PID 2212 wrote to memory of 2852	2212	Unicorn-31488.exe	41
PID 2212 wrote to memory of 2852	2212	Unicorn-31488.exe	41
PID 824 wrote to memory of 1524	824	Unicorn-8249.exe	42
PID 824 wrote to memory of 1524	824	Unicorn-8249.exe	42
PID 824 wrote to memory of 1524	824	Unicorn-8249.exe	42
PID 824 wrote to memory of 1524	824	Unicorn-8249.exe	42
PID 2796 wrote to memory of 664	2796	Unicorn-11564.exe	43
PID 2796 wrote to memory of 664	2796	Unicorn-11564.exe	43
PID 2796 wrote to memory of 664	2796	Unicorn-11564.exe	43
PID 2796 wrote to memory of 664	2796	Unicorn-11564.exe	43
PID 2652 wrote to memory of 1528	2652	Unicorn-22333.exe	44
PID 2652 wrote to memory of 1528	2652	Unicorn-22333.exe	44
PID 2652 wrote to memory of 1528	2652	Unicorn-22333.exe	44
PID 2652 wrote to memory of 1528	2652	Unicorn-22333.exe	44
PID 2512 wrote to memory of 1444	2512	06a9e401776a16ffac7d54ecab176183f556a19acc96139de0d98b25f7ad54acN.exe	45
PID 2512 wrote to memory of 1444	2512	06a9e401776a16ffac7d54ecab176183f556a19acc96139de0d98b25f7ad54acN.exe	45
PID 2512 wrote to memory of 1444	2512	06a9e401776a16ffac7d54ecab176183f556a19acc96139de0d98b25f7ad54acN.exe	45
PID 2512 wrote to memory of 1444	2512	06a9e401776a16ffac7d54ecab176183f556a19acc96139de0d98b25f7ad54acN.exe	45
PID 576 wrote to memory of 2576	576	Unicorn-4897.exe	46
PID 576 wrote to memory of 2576	576	Unicorn-4897.exe	46
PID 576 wrote to memory of 2576	576	Unicorn-4897.exe	46
PID 576 wrote to memory of 2576	576	Unicorn-4897.exe	46

C:\Users\Admin\AppData\Local\Temp\06a9e401776a16ffac7d54ecab176183f556a19acc96139de0d98b25f7ad54acN.exe
"C:\Users\Admin\AppData\Local\Temp\06a9e401776a16ffac7d54ecab176183f556a19acc96139de0d98b25f7ad54acN.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2512
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8249.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8249.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31488.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31488.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58343.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43826.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40697.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3011.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24958.exe
        8⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49112.exe
        9⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26878.exe
        9⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48601.exe
        8⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21052.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53901.exe
        8⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62572.exe
        8⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44589.exe
        7⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58552.exe
        8⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64166.exe
        8⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49620.exe
        8⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62572.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62336.exe
        7⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47203.exe
        7⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62314.exe
        7⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34853.exe
        7⤵
        
        PID:6500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16010.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42170.exe
        7⤵
        
        PID:652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42985.exe
        7⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35849.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1183.exe
        7⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46036.exe
        7⤵
        
        PID:6156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64655.exe
        6⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40545.exe
        7⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64166.exe
        7⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49812.exe
        7⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62572.exe
        7⤵
        
        PID:5848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2664.exe
        6⤵
        
        PID:3632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26420.exe
        6⤵
        
        PID:3804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28700.exe
        6⤵
        
        PID:4900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59573.exe
        6⤵
        
        PID:6860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37359.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3011.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37205.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18282.exe
        8⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63360.exe
        8⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1847.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29983.exe
        7⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49812.exe
        7⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62572.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17339.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52813.exe
        7⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47835.exe
        7⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65372.exe
        7⤵
        
        PID:5868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15582.exe
        6⤵
        
        PID:3536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35849.exe
        6⤵
        
        PID:4580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41832.exe
        6⤵
        
        PID:5152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46036.exe
        6⤵
        
        PID:5592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35522.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2188
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 240
        6⤵
        Program crash
        
        PID:872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4983.exe
        5⤵
        
        PID:2168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58191.exe
        6⤵
        
        PID:944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14525.exe
        6⤵
        
        PID:3980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45431.exe
        6⤵
        
        PID:4192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2955.exe
        6⤵
        
        PID:6084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49261.exe
        5⤵
        
        PID:1976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59125.exe
        5⤵
        
        PID:4388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32076.exe
        5⤵
        
        PID:4956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36236.exe
        5⤵
        
        PID:5232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15984.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15984.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24370.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16603.exe
        6⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58191.exe
        7⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14525.exe
        7⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45431.exe
        7⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2955.exe
        7⤵
        
        PID:4264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29988.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10071.exe
        6⤵
        
        PID:5032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51659.exe
        6⤵
        
        PID:6136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27192.exe
        5⤵
        
        PID:2824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37508.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29983.exe
        6⤵
        
        PID:4720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50881.exe
        6⤵
        
        PID:5544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62572.exe
        6⤵
        
        PID:6172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57926.exe
        5⤵
        
        PID:2840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25460.exe
        5⤵
        
        PID:3784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26095.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60357.exe
        5⤵
        
        PID:6004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2086.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3011.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5248.exe
        6⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59154.exe
        7⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13588.exe
        7⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35635.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21278.exe
        7⤵
        
        PID:6944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26217.exe
        6⤵
        
        PID:2032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59790.exe
        6⤵
        
        PID:4116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42803.exe
        6⤵
        
        PID:5956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41571.exe
        6⤵
        
        PID:6276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50920.exe
        5⤵
        
        PID:1536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22784.exe
        6⤵
        
        PID:2776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39288.exe
        6⤵
        
        PID:3308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63668.exe
        6⤵
        
        PID:4668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9848.exe
        6⤵
        
        PID:5376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62572.exe
        6⤵
        
        PID:5740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7333.exe
        5⤵
        
        PID:2180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58889.exe
        5⤵
        
        PID:3356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59790.exe
        5⤵
        
        PID:4124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42803.exe
        5⤵
        
        PID:6024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41571.exe
        5⤵
        
        PID:6180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41387.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37205.exe
        5⤵
        
        PID:3044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1847.exe
        5⤵
        
        PID:3424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4494.exe
        5⤵
        
        PID:4328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1183.exe
        5⤵
        
        PID:5408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46036.exe
        5⤵
        
        PID:6328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28274.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28274.exe
      4⤵
      PID:1772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61784.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61784.exe
      4⤵
      PID:3464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27714.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27714.exe
      4⤵
      PID:4640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52434.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52434.exe
      4⤵
      PID:5164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36236.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36236.exe
      4⤵
      PID:6112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22333.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22333.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35850.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39170.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5248.exe
        6⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59154.exe
        7⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13588.exe
        7⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50938.exe
        7⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51389.exe
        7⤵
        
        PID:6488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48601.exe
        6⤵
        
        PID:3692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38319.exe
        6⤵
        
        PID:4204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40763.exe
        6⤵
        
        PID:4648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46036.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64655.exe
        5⤵
        
        PID:2468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26814.exe
        6⤵
        
        PID:3948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64166.exe
        6⤵
        
        PID:4372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9848.exe
        6⤵
        
        PID:5344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62572.exe
        6⤵
        
        PID:6384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2664.exe
        5⤵
        
        PID:3604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34588.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62307.exe
        5⤵
        
        PID:4676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63102.exe
        5⤵
        
        PID:5888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53696.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53696.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36452.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62036.exe
        6⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27846.exe
        7⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10734.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62114.exe
        6⤵
        
        PID:3920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4494.exe
        6⤵
        
        PID:4280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40763.exe
        6⤵
        
        PID:4672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46036.exe
        6⤵
        
        PID:5992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17339.exe
        5⤵
        
        PID:2304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26217.exe
        5⤵
        
        PID:2552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60868.exe
        5⤵
        
        PID:4684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50185.exe
        5⤵
        
        PID:5392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63102.exe
        5⤵
        
        PID:6352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46850.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34470.exe
        5⤵
        
        PID:1512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48601.exe
        5⤵
        
        PID:3684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38319.exe
        5⤵
        
        PID:372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1183.exe
        5⤵
        
        PID:5436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46036.exe
        5⤵
        
        PID:6228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61771.exe
      4⤵
      PID:2156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18339.exe
        5⤵
        
        PID:5828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9260.exe
        5⤵
        
        PID:6600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7512.exe
      4⤵
      PID:3928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10648.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10648.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42746.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42746.exe
      4⤵
      PID:5560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41571.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41571.exe
      4⤵
      PID:5908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29719.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29719.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1864.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1864.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57967.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7111.exe
        6⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17162.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49933.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45016.exe
        7⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5700.exe
        7⤵
        
        PID:6336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
        6⤵
        
        PID:2968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36237.exe
        6⤵
        
        PID:3988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10071.exe
        6⤵
        
        PID:5004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51659.exe
        6⤵
        
        PID:6116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3774.exe
        5⤵
        
        PID:1240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62844.exe
        6⤵
        
        PID:4184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10730.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65372.exe
        6⤵
        
        PID:6392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29476.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58595.exe
        5⤵
        
        PID:4448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36541.exe
        5⤵
        
        PID:5048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63102.exe
        5⤵
        
        PID:5248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14474.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14474.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18466.exe
        5⤵
        
        PID:904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34470.exe
        6⤵
        
        PID:1948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26217.exe
        6⤵
        
        PID:1032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59790.exe
        6⤵
        
        PID:5080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42803.exe
        6⤵
        
        PID:6032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41571.exe
        6⤵
        
        PID:6344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11226.exe
        5⤵
        
        PID:688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35393.exe
        5⤵
        
        PID:4044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35849.exe
        5⤵
        
        PID:4572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40763.exe
        5⤵
        
        PID:1708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46036.exe
        5⤵
        
        PID:5928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4359.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4359.exe
      4⤵
      PID:820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39120.exe
        5⤵
        
        PID:2532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39288.exe
        5⤵
        
        PID:3272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19453.exe
        5⤵
        
        PID:4104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42273.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46036.exe
        5⤵
        
        PID:6088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63551.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63551.exe
      4⤵
      PID:1676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50224.exe
      4⤵
      PID:3324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44332.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44332.exe
      4⤵
      PID:4632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42362.exe
      4⤵
      PID:5132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41571.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41571.exe
      4⤵
      PID:5580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34656.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34656.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51636.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33131.exe
        5⤵
        
        PID:2688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7085.exe
        6⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19311.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30953.exe
        7⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65372.exe
        7⤵
        
        PID:6284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48601.exe
        6⤵
        
        PID:3660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38733.exe
        6⤵
        
        PID:3976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29205.exe
        6⤵
        
        PID:4152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62572.exe
        6⤵
        
        PID:6268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28636.exe
        5⤵
        
        PID:2556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16975.exe
        6⤵
        
        PID:4024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11478.exe
        6⤵
        
        PID:4464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49812.exe
        6⤵
        
        PID:5444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62572.exe
        6⤵
        
        PID:6376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62336.exe
        5⤵
        
        PID:3588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11733.exe
        5⤵
        
        PID:3744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20539.exe
        5⤵
        
        PID:4132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46036.exe
        5⤵
        
        PID:5736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28833.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28833.exe
      4⤵
      PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59154.exe
        5⤵
        
        PID:3384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49933.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3983.exe
        5⤵
        
        PID:5468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5700.exe
        5⤵
        
        PID:6164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52061.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52061.exe
      4⤵
      PID:1168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34126.exe
      4⤵
      PID:3876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42631.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42631.exe
      4⤵
      PID:4444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51460.exe
      4⤵
      PID:5840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26561.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26561.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57251.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57251.exe
      4⤵
      PID:2724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58191.exe
        5⤵
        
        PID:2692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30669.exe
        5⤵
        
        PID:3612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4206.exe
        5⤵
        
        PID:4972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54488.exe
        5⤵
        
        PID:5700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
      4⤵
      PID:844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29988.exe
      4⤵
      PID:3884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51296.exe
      4⤵
      PID:4200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59827.exe
      4⤵
      PID:4256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13249.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13249.exe
    3⤵
    PID:2872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41523.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41523.exe
      4⤵
      PID:448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64166.exe
      4⤵
      PID:4404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49812.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49812.exe
      4⤵
      PID:5504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62572.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62572.exe
      4⤵
      PID:6236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49791.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49791.exe
    3⤵
    PID:2760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20604.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20604.exe
    3⤵
    PID:3472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32439.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32439.exe
    3⤵
    PID:4836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41367.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41367.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17984.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17984.exe
    3⤵
    PID:6688
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60823.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60823.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42199.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42199.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4897.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4897.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52736.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50183.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40365.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58191.exe
        8⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53503.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40763.exe
        8⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46036.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51159.exe
        7⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53024.exe
        7⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3996.exe
        7⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41832.exe
        7⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50998.exe
        7⤵
        
        PID:5912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62601.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41855.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22501.exe
        7⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61575.exe
        7⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6631.exe
        7⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2318.exe
        7⤵
        
        PID:6696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20846.exe
        6⤵
        
        PID:1876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58889.exe
        6⤵
        
        PID:3316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59790.exe
        6⤵
        
        PID:5064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42803.exe
        6⤵
        
        PID:5968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41571.exe
        6⤵
        
        PID:5568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46846.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48834.exe
        6⤵
        Executes dropped EXE
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58191.exe
        7⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22501.exe
        7⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4206.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60324.exe
        7⤵
        
        PID:5940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
        6⤵
        
        PID:2668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28260.exe
        6⤵
        
        PID:3388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26408.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38999.exe
        6⤵
        
        PID:5556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51320.exe
        6⤵
        
        PID:6752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34727.exe
        5⤵
        
        PID:1984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51362.exe
        6⤵
        
        PID:3512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42236.exe
        6⤵
        
        PID:3856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45431.exe
        6⤵
        
        PID:4660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37813.exe
        6⤵
        
        PID:6964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42432.exe
        5⤵
        
        PID:3484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59125.exe
        5⤵
        
        PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58033.exe
        5⤵
        
        PID:4792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36236.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1926.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1926.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:3004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42207.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17122.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58191.exe
        7⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14525.exe
        7⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4206.exe
        7⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54488.exe
        7⤵
        
        PID:5680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
        6⤵
        
        PID:2368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28068.exe
        6⤵
        
        PID:3812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41147.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46036.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28968.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12441.exe
        6⤵
        
        PID:3828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63996.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12400.exe
        6⤵
        
        PID:5900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5700.exe
        6⤵
        
        PID:6300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52061.exe
        5⤵
        
        PID:1112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42102.exe
        5⤵
        
        PID:3404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1406.exe
        5⤵
        
        PID:4944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46967.exe
        5⤵
        
        PID:5160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2848.exe
        5⤵
        
        PID:6668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11380.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11380.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49026.exe
        5⤵
        
        PID:1004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58191.exe
        6⤵
        
        PID:1792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        6⤵
        
        PID:4412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30331.exe
        6⤵
        
        PID:4812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62572.exe
        6⤵
        
        PID:5676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
        5⤵
        
        PID:2164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36237.exe
        5⤵
        
        PID:3100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1903.exe
        5⤵
        
        PID:4832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63503.exe
        5⤵
        
        PID:288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48953.exe
      4⤵
      PID:2196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-822.exe
        5⤵
        
        PID:3092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16253.exe
        5⤵
        
        PID:3532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45431.exe
        5⤵
        
        PID:4168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2955.exe
        5⤵
        
        PID:5964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49261.exe
      4⤵
      PID:2756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16901.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16901.exe
      4⤵
      PID:4016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59305.exe
      4⤵
      PID:4780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17998.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17998.exe
      4⤵
      PID:1496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41519.exe
      4⤵
      PID:6632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50761.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50761.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:3000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62632.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25871.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48528.exe
        6⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2903.exe
        7⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16248.exe
        7⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45016.exe
        7⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5700.exe
        7⤵
        
        PID:6252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57075.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2107.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40763.exe
        6⤵
        
        PID:2896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46036.exe
        6⤵
        
        PID:6424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50920.exe
        5⤵
        
        PID:2152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17609.exe
        6⤵
        
        PID:4480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49537.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65372.exe
        6⤵
        
        PID:6416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62336.exe
        5⤵
        
        PID:3576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50728.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25296.exe
        5⤵
        
        PID:4180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63102.exe
        5⤵
        
        PID:5648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21189.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21189.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8050.exe
        5⤵
        
        PID:988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56798.exe
        6⤵
        
        PID:3752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16248.exe
        6⤵
        
        PID:4728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45016.exe
        6⤵
        
        PID:5492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5700.exe
        6⤵
        
        PID:6212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28260.exe
        5⤵
        
        PID:3568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41832.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48048.exe
        5⤵
        
        PID:6824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-981.exe
      4⤵
      PID:2972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49691.exe
        5⤵
        
        PID:2632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64166.exe
        5⤵
        
        PID:4320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49812.exe
        5⤵
        
        PID:5528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62572.exe
        5⤵
        
        PID:6220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42432.exe
      4⤵
      PID:3492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8925.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8925.exe
      4⤵
      PID:3564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18272.exe
      4⤵
      PID:1036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42502.exe
      4⤵
      PID:5188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41519.exe
      4⤵
      PID:6640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40358.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40358.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58735.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58735.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48699.exe
        5⤵
        
        PID:1488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16443.exe
        6⤵
        
        PID:3936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64166.exe
        6⤵
        
        PID:4364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9848.exe
        6⤵
        
        PID:5360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62572.exe
        6⤵
        
        PID:5836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1723.exe
        5⤵
        
        PID:4380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53077.exe
        5⤵
        
        PID:4852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46036.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29902.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29902.exe
      4⤵
      PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59154.exe
        5⤵
        
        PID:3376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38093.exe
        5⤵
        
        PID:4144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35635.exe
        5⤵
        
        PID:5980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21278.exe
        5⤵
        
        PID:6936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52061.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52061.exe
      4⤵
      PID:2828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34126.exe
      4⤵
      PID:3760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17742.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17742.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46967.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46967.exe
      4⤵
      PID:1388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2848.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2848.exe
      4⤵
      PID:6652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25606.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25606.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24714.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24714.exe
      4⤵
      PID:1812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58191.exe
        5⤵
        
        PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16253.exe
        5⤵
        
        PID:3448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4206.exe
        5⤵
        
        PID:4992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30176.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
      4⤵
      PID:2820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52573.exe
      4⤵
      PID:3900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57291.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57291.exe
      4⤵
      PID:5308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46036.exe
      4⤵
      PID:6104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34039.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34039.exe
    3⤵
    PID:3032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50215.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50215.exe
      4⤵
      PID:2628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27602.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27602.exe
      4⤵
      PID:3776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55877.exe
      4⤵
      PID:5044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5700.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5700.exe
      4⤵
      PID:5652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32725.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32725.exe
    3⤵
    PID:1272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33967.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33967.exe
    3⤵
    PID:4040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45942.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45942.exe
    3⤵
    PID:4920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37167.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37167.exe
    3⤵
    PID:5252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45719.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45719.exe
    3⤵
    PID:6712
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11564.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11564.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35850.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35850.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8024.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11947.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42010.exe
        6⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5248.exe
        7⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4453.exe
        8⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30953.exe
        8⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65372.exe
        8⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48601.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7129.exe
        7⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12733.exe
        7⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62572.exe
        7⤵
        
        PID:6292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11807.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36014.exe
        7⤵
        
        PID:5916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62336.exe
        6⤵
        
        PID:3644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44598.exe
        6⤵
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
        6⤵
        
        PID:4908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46036.exe
        6⤵
        
        PID:6132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60162.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40545.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16248.exe
        6⤵
        
        PID:4760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3983.exe
        6⤵
        
        PID:5460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5700.exe
        6⤵
        
        PID:5760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52061.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50270.exe
        5⤵
        
        PID:3372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58775.exe
        5⤵
        
        PID:4740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46967.exe
        5⤵
        
        PID:5180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2848.exe
        5⤵
        
        PID:6660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16586.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16586.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23640.exe
        5⤵
        
        PID:1632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31417.exe
        6⤵
        
        PID:3836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50374.exe
        6⤵
        
        PID:4864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25360.exe
        6⤵
        
        PID:5744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46036.exe
        6⤵
        
        PID:6196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40738.exe
        5⤵
        
        PID:3200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28260.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51296.exe
        5⤵
        
        PID:852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59827.exe
        5⤵
        
        PID:6056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64655.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64655.exe
      4⤵
      PID:2012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3382.exe
        5⤵
        
        PID:4512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43055.exe
        5⤵
        
        PID:5660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2664.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2664.exe
      4⤵
      PID:3676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19570.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19570.exe
      4⤵
      PID:4296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11954.exe
      4⤵
      PID:5068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63102.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63102.exe
      4⤵
      PID:6440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20831.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20831.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51636.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4724.exe
        5⤵
        
        PID:2644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1847.exe
        5⤵
        
        PID:3440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29983.exe
        5⤵
        
        PID:4624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49812.exe
        5⤵
        
        PID:5512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62572.exe
        5⤵
        
        PID:6432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17339.exe
      4⤵
      PID:320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15582.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15582.exe
      4⤵
      PID:3544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35849.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35849.exe
      4⤵
      PID:4712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41147.exe
      4⤵
      PID:5352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46036.exe
      4⤵
      PID:6068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29361.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29361.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34470.exe
      4⤵
      PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19067.exe
        5⤵
        
        PID:4160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55977.exe
        5⤵
        
        PID:5616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65372.exe
        5⤵
        
        PID:6360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15582.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15582.exe
      4⤵
      PID:3528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35849.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35849.exe
      4⤵
      PID:4588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17135.exe
      4⤵
      PID:5196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46036.exe
      4⤵
      PID:5716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14490.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14490.exe
    3⤵
    PID:1752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32592.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32592.exe
    3⤵
    PID:4056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61896.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61896.exe
    3⤵
    PID:4276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19762.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19762.exe
    3⤵
    PID:2444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36236.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36236.exe
    3⤵
    PID:5596
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43753.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43753.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34921.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34921.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34340.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34340.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16603.exe
        5⤵
        
        PID:2560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51611.exe
        6⤵
        
        PID:3280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64166.exe
        6⤵
        
        PID:4340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9848.exe
        6⤵
        
        PID:5384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62572.exe
        6⤵
        
        PID:6312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
        5⤵
        
        PID:2236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36237.exe
        5⤵
        
        PID:2428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1903.exe
        5⤵
        
        PID:4756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63503.exe
        5⤵
        
        PID:5176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13649.exe
      4⤵
      PID:2568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53024.exe
        5⤵
        
        PID:3348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3996.exe
        5⤵
        
        PID:4540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1183.exe
        5⤵
        
        PID:5400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46036.exe
        5⤵
        
        PID:6320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52061.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52061.exe
      4⤵
      PID:2676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58438.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58438.exe
      4⤵
      PID:3908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1406.exe
      4⤵
      PID:4964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29287.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29287.exe
      4⤵
      PID:5712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16202.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16202.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14490.exe
      4⤵
      PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12441.exe
        5⤵
        
        PID:3820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31493.exe
        5⤵
        
        PID:4220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9848.exe
        5⤵
        
        PID:5368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62572.exe
        5⤵
        
        PID:6244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
      4⤵
      PID:2536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44405.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44405.exe
      4⤵
      PID:3340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1903.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1903.exe
      4⤵
      PID:4736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38999.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38999.exe
      4⤵
      PID:5572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16912.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16912.exe
    3⤵
    PID:1160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16975.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16975.exe
      4⤵
      PID:4072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1256.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1256.exe
      4⤵
      PID:5012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3983.exe
      4⤵
      PID:5476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5700.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5700.exe
      4⤵
      PID:6408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42432.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42432.exe
    3⤵
    PID:3500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25330.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25330.exe
      4⤵
      PID:3480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12922.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12922.exe
      4⤵
      PID:4976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5109.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5109.exe
      4⤵
      PID:6076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5700.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5700.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8733.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8733.exe
    3⤵
    PID:3848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43161.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43161.exe
    3⤵
    PID:1092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46994.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46994.exe
    3⤵
    PID:5856
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50495.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50495.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28476.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28476.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5248.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5248.exe
      4⤵
      PID:2908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2168.exe
        5⤵
        
        PID:4232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62654.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48601.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48601.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43057.exe
      4⤵
      PID:4936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40763.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40763.exe
      4⤵
      PID:940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46036.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11807.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11807.exe
    3⤵
    PID:3060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1157.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1157.exe
      4⤵
      PID:3960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64166.exe
      4⤵
      PID:4356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9848.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9848.exe
      4⤵
      PID:5336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62572.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62572.exe
      4⤵
      PID:5816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62336.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62336.exe
    3⤵
    PID:3708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28236.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28236.exe
    3⤵
    PID:4268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58410.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58410.exe
    3⤵
    PID:5800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63102.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63102.exe
    3⤵
    PID:2984
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18002.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18002.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65030.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65030.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45029.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45029.exe
      4⤵
      PID:4344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44820.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44820.exe
      4⤵
      PID:4136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54189.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54189.exe
      4⤵
      PID:6512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48601.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48601.exe
    3⤵
    PID:3700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22370.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22370.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21093.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21093.exe
    3⤵
    PID:4840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62572.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62572.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6204
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34046.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34046.exe
  2⤵
  PID:2860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59357.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59357.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61156.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61156.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65372.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65372.exe
    3⤵
    PID:6368
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38535.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38535.exe
  2⤵
  PID:3668
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33909.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33909.exe
  2⤵
  PID:3304
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23100.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23100.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4816
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12700.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12700.exe
  2⤵
  PID:5656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14474.exe

Filesize
468KB

MD5
264e1a7664d6b7d03fcbe2a40051af38

SHA1
8b4ae0e22dc136bec46c0f7a8a1247ca936f70dd

SHA256
67ab02a8f4e319cee2794f80ff5d6e030fb5df9c637dc7796b196cbed50b6301

SHA512
d85302e9eac5e87ae95fa7af6dd8b1cfc38ffc4fb0bfe508e71ff1bde9cfc8b36811a7f1add94f55d8584d4f01048bcac2036d72ad1f3c4b7b789a48656e2845

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15984.exe

Filesize
468KB

MD5
f8b92f20b462dea4fe6fffc50aba24b6

SHA1
67319a887dee7660bb320d3f50cd5b5b82f942d5

SHA256
68c0921e786c65059fbdec5bfd9eb5dcf55141f81bf36a5fe613443c1abde2ae

SHA512
529183417fbfaba1542d818adb00c3f49b8804eac90052032573b630c1a3e3bd539afb112ae3242b895d68b1a6bb84c12c8e9b166ea2b4809fce4c560320b146

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1926.exe

Filesize
468KB

MD5
6b39c7e07f692c1d7b66ae7d0c0df286

SHA1
9d1d8a8339f827f9e650d3a212a903511651e2c6

SHA256
b32fd5ef1834bbf28b46f77da37f3542e9fe3daf0b02138d50fc84ba370ff5ba

SHA512
a9a93c8c209003510b6bf9f1bde14f202c8e2bac30d147831cb7656815469ee905d2b67fa97225c5e137b80b0a775cf08a64473309ee5ebf257377173f6b2d85

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42199.exe

Filesize
468KB

MD5
f009db6d4a02e18fa0986693adff9281

SHA1
229cbc265706f64bf74c0ef2708c13421a067c00

SHA256
99e90c293c4e060e45e72db9c3e38a8e5759ef459a6b7bef62de42b17cf4b8be

SHA512
31cf784cf750ffe8f45e81e6e589ad54491f222564307a687e15e0fc1afa621faa89cb626511ec1a5a3adf379fa14652c295b6bb36604dbd692ef9814acd8638

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43753.exe

Filesize
468KB

MD5
fa5c33dc19c9247511013a8961182ec9

SHA1
9ba09b1021cc4613893a4aae9ad1adf91d8a1f22

SHA256
66cc8fa2f418ceb2ade90fb64c1e0e248220454713bd93f31237d1eb381f5fcc

SHA512
fdccc18e2029a6ef0f5d081d45d3357386a7ee38df830f4c45b7c66adc0776b6cabe205f49c34ee6c4f738096fdd24951336eb2ac09fe5970dce1808bec2ca31

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4897.exe

Filesize
468KB

MD5
d53acca5484423cc9208f5f314600412

SHA1
ef96180c3a5dff40239310130ae066967bdfecfc

SHA256
a937e7cf977fed22b9d2878bdeebfb71f41f58e70f876708aead3a6f9c333eee

SHA512
52b4b2887d40a224f384bf1bfc1f7c75a2a4b369e9989f2b34c2e789aa1f36806e6049126e6294e8ced80e991006275eae244c6ca2f40417a18733b599a4853c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62844.exe

Filesize
468KB

MD5
56b2c79e4e55652380c9251b72d97a4f

SHA1
1a3d101a7c9a10a1687f65bf853886dd1d3052f5

SHA256
f3cc3f44eb6ae50c07de83a1a3dfdf3e8a0be416fa621b84ad9803dd12dae36b

SHA512
8b72a5253062ab295a2599e5e0ae82285400c9045554835156941a9d5dd22825ea21d293ec2868a216e0629cc4ca550afcb3d3c96c6906f14cfba62df046ea5d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11564.exe

Filesize
468KB

MD5
0b4e9949126ba791b71aa4cbd9dd2070

SHA1
ebc23d6d91e93af1e62dc7da860f46e92cf61099

SHA256
aaabb7c67083e2f05efc052daa0d6c2fd2a23ce5c9c53756c02b387845baa73c

SHA512
c2dde06f2a29605d792801ce61ea366078278c49fa749559357a8759377f14f6eb2fe3172a3132c707a7d0aa8e796dd4ec8f8a91b732f8af975f71a4d5428d0e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22333.exe

Filesize
468KB

MD5
bf3bc597d7f9a4b6ab7ba2f98c8c486d

SHA1
12e1537ca388052540fd1aef77a6198db987f7d1

SHA256
75bfb422c1c0907ea2409857a9b32f20c590152ffa6b02e065dbe7efe4ec513a

SHA512
4bd1028014606d4e6f6c832395fe20964ccdae81bfbf98f41f4e2b9085e7449ad82fc3568ead5f8c8dc78f424821ba91d3add79668ba0b1a5b74e63bb35a4072

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29719.exe

Filesize
468KB

MD5
6af8817aca21b55b7e7d42a55dccfb53

SHA1
0748657ceed809a00839782d19e646a748a83975

SHA256
444d41c616149c7880c387aedfb9455e4932e6a76b49ad70341789d27de9c052

SHA512
c3fe89e36cab91f116f2ec211213c425ae237b0455b790e008a4cabca4faae7d96e35d4c86dc2070376fc15f99afadd3687733f235a6aadfaecc12d58ccdffdd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31488.exe

Filesize
468KB

MD5
640ac3abf8e2dcfb2cc296238e76e087

SHA1
ebac54d96698a97205a35cdbfb64bff0cdd6190b

SHA256
7bce3ed16e351adb6b4c381066c0de77fd2da76348ae1401413cd904477f62fc

SHA512
7b9cd545b0874b21ba001e9c2b43a568c2d918501793b43eed5d09c49d1de59bc16b9be2dcfd7218afb6996e1809e64ad926161f80ac06b5c90738c0df06f473

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35850.exe

Filesize
468KB

MD5
3f8138b163ad815788d81065741c1c43

SHA1
a606d5ee436ebdc0e74aa1944d67180674874e30

SHA256
ce5e3e4db7af76dffd279b698b3dd16d283d71ef495a461016aa2a86808e327d

SHA512
661f4a9b376dcd47a0e3d8f780adca9b47152e34552068701899a46f9ebc21fd6aeff32713a7f98a7c82842b51daa3373a0dbff85cb801d804a642bc29923991

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43826.exe

Filesize
468KB

MD5
8e3281cd357d4f13cf739dde90fe1f8c

SHA1
9c009f16d86cf63b57e85ad3a53bac8d36c5b15d

SHA256
9e827e0eb8ee7f7c8878b765ab93c7c50603c663f620dc8984cdabaa73f2ee36

SHA512
ad370132fc4474c5dd2e4273c71e7e0f9032b8fffd8688c5e1ce8d8777a54bbfedbecffd72dc8cafcfc68322067948465feab0a455d857239e753ecbde7c2657

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50761.exe

Filesize
468KB

MD5
6d4651afae6f811b1bc75b1f68ad2f6e

SHA1
3226e4e1322c6c43ca853fd57ad76cba32f5238d

SHA256
0df4954cd8df107ef76b1761014c73838331ee69d8b966fc199928338794d7df

SHA512
7c94a5eabab01b88e2c171c48194435b98685dc27f7af0d09b7e408149d2236e9423de22e555853cbe9b29edfc726742ad89c31faa1c7fec3d0554166b888d41

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52736.exe

Filesize
468KB

MD5
8a2f879e9f0b9a80ca8ac56b1421f788

SHA1
0072219119fb0476267576ba36b929e04863bbfb

SHA256
62cd7136c16d7232f5f7b274bd6dcb7cda9461c9d0d3ceee43b97274f5453f66

SHA512
8a64e2cb6717b0f2fdadfa5676caf9cde2c7e256ec2fb083472092a3eb72dc4e0d7b56ff2be0e9e640577e4cf5c3f00b49a2698242a5cdb8a0f0a87b77132200

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58343.exe

Filesize
468KB

MD5
239c4fa1868993bc258fb4d379954e30

SHA1
1bfa39e36d134735bdc35d593d89cee3ba998d2c

SHA256
15dc91ad25ad8c1354b20ae6db3d1b7ddd176c5b7923722790033744fab6f23f

SHA512
c60717e756e7dd4956e8bd741009e77a391717ca27f175069d1014c6cf7f104e882cb2b0b131069bbd534b009ea586a4c24b84e6f76e70bb4605081c938ff339

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60823.exe

Filesize
468KB

MD5
f069a7cadf102d391eb262197a7640b2

SHA1
7045b91a21d6290e431c0efbeebc11d71128b2a6

SHA256
aa2fcadd885267f2c180af843d491c0fc02f11948eacd4fe6ed195a6e0517984

SHA512
bd5945c95433bded0fab8b854ba99f944fb5e508ef7ce7d22f07698ee163f349a2aba633f04c1aaa2a3fc6c13b8bba7d8def62b0f6240050f5acb36d3fa162cf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62632.exe

Filesize
468KB

MD5
5c8234e409b79b1a2e38ab2ab87bad53

SHA1
7c7044a5bd75c09415206395cd712683acf94c99

SHA256
2a1a94224dc26b890b9f92a7c38cda321f04efb0cde6b341fed45bff77c80cba

SHA512
340eb86bdc450c47f79281cb5a4bc16c09a3a684917804e8d0f612dcd350e9161ac7c44a22b745b5edc763dfb25957947570872765fe04375d8c0c605e52d62f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8249.exe

Filesize
468KB

MD5
612fe5052e03328c39d39986fcd84aa1

SHA1
d0e7c2c98b8695c6e5579c1da897f56b64cbc6ed

SHA256
4badbafdfcf0544a8ef4db0b0ba601f5578a720ab65b2a25c28e9414a0c7e80f

SHA512
035843a9d13c73594378066f76a2c8c8424d3e42dec2997df1714a92cd5ce3ef29c8078544195c82165e005555a33043570e64d5db1168af541e4de19d20adc0

Download Submit