5490873df310a3d98a2ed6b976af2503f811d5ced7df2019a9b92eb5d7d7385a

Analysis

max time kernel
116s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
06/10/2024, 09:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5490873df310a3d98a2ed6b976af2503f811d5ced7df2019a9b92eb5d7d7385aN.exe
Size

468KB
MD5

f60fa2a1bd916dac7410cf6419539710
SHA1

6d675b523d879a7fe8c022924e43039891f10a84
SHA256

5490873df310a3d98a2ed6b976af2503f811d5ced7df2019a9b92eb5d7d7385a
SHA512

a3f38b2031628c1df59aa04cb34b92e82f9b5d454f4f9394315880e4df27b36ac9b0ae75e8193bf7e35012ee1bd0b215c801fe04fdd0cbcfbf722b86ea6da1b8
SSDEEP

3072:3GoWoEXvt05ADbYtH5Bwvf8/uCa8P0pknLHe0Vx3bP2eQDWIoklq:3GZoQ8ADOHXwvfeYl2bPdSWIo

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2500	Unicorn-10155.exe
2804	Unicorn-54369.exe
2780	Unicorn-46756.exe
2596	Unicorn-12589.exe
2744	Unicorn-4976.exe
2120	Unicorn-43216.exe
2600	Unicorn-49346.exe
2976	Unicorn-12755.exe
2100	Unicorn-25562.exe
2188	Unicorn-59718.exe
1832	Unicorn-61764.exe
2660	Unicorn-40275.exe
1224	Unicorn-62319.exe
2880	Unicorn-8479.exe
1928	Unicorn-24551.exe
996	Unicorn-56969.exe
3028	Unicorn-57524.exe
1544	Unicorn-36357.exe
1176	Unicorn-48344.exe
940	Unicorn-41785.exe
2536	Unicorn-6874.exe
1172	Unicorn-21173.exe
1664	Unicorn-5391.exe
1704	Unicorn-37509.exe
1688	Unicorn-41593.exe
1480	Unicorn-35463.exe
1616	Unicorn-53845.exe
1396	Unicorn-54400.exe
1720	Unicorn-20981.exe
976	Unicorn-16134.exe
1192	Unicorn-16163.exe
3000	Unicorn-37137.exe
2456	Unicorn-5254.exe
2484	Unicorn-5254.exe
1524	Unicorn-19544.exe
2128	Unicorn-63178.exe
2680	Unicorn-17507.exe
2776	Unicorn-53501.exe
3012	Unicorn-62431.exe
2824	Unicorn-5617.exe
2832	Unicorn-45903.exe
2564	Unicorn-56109.exe
2648	Unicorn-41362.exe
2616	Unicorn-41627.exe
264	Unicorn-45711.exe
2148	Unicorn-54434.exe
2140	Unicorn-53365.exe
2000	Unicorn-53687.exe
1924	Unicorn-33821.exe
2904	Unicorn-53687.exe
2748	Unicorn-54154.exe
2392	Unicorn-34288.exe
1388	Unicorn-23327.exe
2672	Unicorn-17760.exe
2316	Unicorn-8845.exe
2016	Unicorn-8580.exe
1740	Unicorn-25182.exe
1588	Unicorn-16052.exe
804	Unicorn-43556.exe
744	Unicorn-46075.exe
908	Unicorn-35139.exe
832	Unicorn-29539.exe
2024	Unicorn-48875.exe
2348	Unicorn-35139.exe

Loads dropped DLL 64 IoCs

pid	Process
824	5490873df310a3d98a2ed6b976af2503f811d5ced7df2019a9b92eb5d7d7385aN.exe
824	5490873df310a3d98a2ed6b976af2503f811d5ced7df2019a9b92eb5d7d7385aN.exe
2500	Unicorn-10155.exe
824	5490873df310a3d98a2ed6b976af2503f811d5ced7df2019a9b92eb5d7d7385aN.exe
2500	Unicorn-10155.exe
824	5490873df310a3d98a2ed6b976af2503f811d5ced7df2019a9b92eb5d7d7385aN.exe
2804	Unicorn-54369.exe
2804	Unicorn-54369.exe
2500	Unicorn-10155.exe
2500	Unicorn-10155.exe
2780	Unicorn-46756.exe
2780	Unicorn-46756.exe
824	5490873df310a3d98a2ed6b976af2503f811d5ced7df2019a9b92eb5d7d7385aN.exe
824	5490873df310a3d98a2ed6b976af2503f811d5ced7df2019a9b92eb5d7d7385aN.exe
2596	Unicorn-12589.exe
2596	Unicorn-12589.exe
2804	Unicorn-54369.exe
2804	Unicorn-54369.exe
2500	Unicorn-10155.exe
2500	Unicorn-10155.exe
2744	Unicorn-4976.exe
2744	Unicorn-4976.exe
2600	Unicorn-49346.exe
2600	Unicorn-49346.exe
2120	Unicorn-43216.exe
2780	Unicorn-46756.exe
2120	Unicorn-43216.exe
2780	Unicorn-46756.exe
824	5490873df310a3d98a2ed6b976af2503f811d5ced7df2019a9b92eb5d7d7385aN.exe
824	5490873df310a3d98a2ed6b976af2503f811d5ced7df2019a9b92eb5d7d7385aN.exe
2976	Unicorn-12755.exe
2976	Unicorn-12755.exe
2596	Unicorn-12589.exe
2596	Unicorn-12589.exe
2188	Unicorn-59718.exe
2188	Unicorn-59718.exe
2500	Unicorn-10155.exe
2500	Unicorn-10155.exe
2100	Unicorn-25562.exe
2100	Unicorn-25562.exe
2804	Unicorn-54369.exe
1832	Unicorn-61764.exe
2804	Unicorn-54369.exe
1832	Unicorn-61764.exe
2600	Unicorn-49346.exe
2600	Unicorn-49346.exe
1224	Unicorn-62319.exe
1224	Unicorn-62319.exe
2780	Unicorn-46756.exe
2780	Unicorn-46756.exe
2660	Unicorn-40275.exe
2660	Unicorn-40275.exe
2880	Unicorn-8479.exe
2880	Unicorn-8479.exe
2744	Unicorn-4976.exe
2744	Unicorn-4976.exe
1928	Unicorn-24551.exe
1928	Unicorn-24551.exe
824	5490873df310a3d98a2ed6b976af2503f811d5ced7df2019a9b92eb5d7d7385aN.exe
824	5490873df310a3d98a2ed6b976af2503f811d5ced7df2019a9b92eb5d7d7385aN.exe
996	Unicorn-56969.exe
996	Unicorn-56969.exe
2976	Unicorn-12755.exe
2976	Unicorn-12755.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1584	1480	WerFault.exe	55

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49162.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49162.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36281.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5083.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57735.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25899.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42846.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2389.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3013.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39429.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51196.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49162.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26687.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43650.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3663.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58835.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17528.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53365.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29788.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53192.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43713.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59446.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29539.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34393.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42264.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29363.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63047.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27177.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49162.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58482.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20137.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24243.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36675.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65467.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55280.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62319.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7086.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7086.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13689.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42851.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46075.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58758.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20324.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52191.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35139.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29296.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22567.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49971.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26591.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4886.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7130.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54378.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36675.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55280.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41627.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54434.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49162.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28497.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3013.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36926.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46192.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29363.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6600.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58080.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
824	5490873df310a3d98a2ed6b976af2503f811d5ced7df2019a9b92eb5d7d7385aN.exe
2500	Unicorn-10155.exe
2804	Unicorn-54369.exe
2780	Unicorn-46756.exe
2596	Unicorn-12589.exe
2744	Unicorn-4976.exe
2600	Unicorn-49346.exe
2120	Unicorn-43216.exe
2976	Unicorn-12755.exe
2188	Unicorn-59718.exe
2100	Unicorn-25562.exe
1928	Unicorn-24551.exe
1224	Unicorn-62319.exe
2660	Unicorn-40275.exe
2880	Unicorn-8479.exe
1832	Unicorn-61764.exe
996	Unicorn-56969.exe
3028	Unicorn-57524.exe
1544	Unicorn-36357.exe
1176	Unicorn-48344.exe
940	Unicorn-41785.exe
1172	Unicorn-21173.exe
2536	Unicorn-6874.exe
1664	Unicorn-5391.exe
1704	Unicorn-37509.exe
1688	Unicorn-41593.exe
1480	Unicorn-35463.exe
1616	Unicorn-53845.exe
1720	Unicorn-20981.exe
1396	Unicorn-54400.exe
976	Unicorn-16134.exe
1192	Unicorn-16163.exe
3000	Unicorn-37137.exe
2456	Unicorn-5254.exe
1524	Unicorn-19544.exe
2128	Unicorn-63178.exe
2680	Unicorn-17507.exe
3012	Unicorn-62431.exe
2776	Unicorn-53501.exe
2824	Unicorn-5617.exe
2832	Unicorn-45903.exe
2616	Unicorn-41627.exe
2564	Unicorn-56109.exe
264	Unicorn-45711.exe
2648	Unicorn-41362.exe
2148	Unicorn-54434.exe
2140	Unicorn-53365.exe
2904	Unicorn-53687.exe
1924	Unicorn-33821.exe
2000	Unicorn-53687.exe
2748	Unicorn-54154.exe
2392	Unicorn-34288.exe
2016	Unicorn-8580.exe
2672	Unicorn-17760.exe
1388	Unicorn-23327.exe
1740	Unicorn-25182.exe
2316	Unicorn-8845.exe
1588	Unicorn-16052.exe
804	Unicorn-43556.exe
2468	Unicorn-35139.exe
832	Unicorn-29539.exe
744	Unicorn-46075.exe
1140	Unicorn-48875.exe
2348	Unicorn-35139.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 824 wrote to memory of 2500	824	5490873df310a3d98a2ed6b976af2503f811d5ced7df2019a9b92eb5d7d7385aN.exe	31
PID 824 wrote to memory of 2500	824	5490873df310a3d98a2ed6b976af2503f811d5ced7df2019a9b92eb5d7d7385aN.exe	31
PID 824 wrote to memory of 2500	824	5490873df310a3d98a2ed6b976af2503f811d5ced7df2019a9b92eb5d7d7385aN.exe	31
PID 824 wrote to memory of 2500	824	5490873df310a3d98a2ed6b976af2503f811d5ced7df2019a9b92eb5d7d7385aN.exe	31
PID 2500 wrote to memory of 2804	2500	Unicorn-10155.exe	32
PID 2500 wrote to memory of 2804	2500	Unicorn-10155.exe	32
PID 2500 wrote to memory of 2804	2500	Unicorn-10155.exe	32
PID 2500 wrote to memory of 2804	2500	Unicorn-10155.exe	32
PID 824 wrote to memory of 2780	824	5490873df310a3d98a2ed6b976af2503f811d5ced7df2019a9b92eb5d7d7385aN.exe	33
PID 824 wrote to memory of 2780	824	5490873df310a3d98a2ed6b976af2503f811d5ced7df2019a9b92eb5d7d7385aN.exe	33
PID 824 wrote to memory of 2780	824	5490873df310a3d98a2ed6b976af2503f811d5ced7df2019a9b92eb5d7d7385aN.exe	33
PID 824 wrote to memory of 2780	824	5490873df310a3d98a2ed6b976af2503f811d5ced7df2019a9b92eb5d7d7385aN.exe	33
PID 2804 wrote to memory of 2596	2804	Unicorn-54369.exe	34
PID 2804 wrote to memory of 2596	2804	Unicorn-54369.exe	34
PID 2804 wrote to memory of 2596	2804	Unicorn-54369.exe	34
PID 2804 wrote to memory of 2596	2804	Unicorn-54369.exe	34
PID 2500 wrote to memory of 2744	2500	Unicorn-10155.exe	35
PID 2500 wrote to memory of 2744	2500	Unicorn-10155.exe	35
PID 2500 wrote to memory of 2744	2500	Unicorn-10155.exe	35
PID 2500 wrote to memory of 2744	2500	Unicorn-10155.exe	35
PID 2780 wrote to memory of 2600	2780	Unicorn-46756.exe	36
PID 2780 wrote to memory of 2600	2780	Unicorn-46756.exe	36
PID 2780 wrote to memory of 2600	2780	Unicorn-46756.exe	36
PID 2780 wrote to memory of 2600	2780	Unicorn-46756.exe	36
PID 824 wrote to memory of 2120	824	5490873df310a3d98a2ed6b976af2503f811d5ced7df2019a9b92eb5d7d7385aN.exe	37
PID 824 wrote to memory of 2120	824	5490873df310a3d98a2ed6b976af2503f811d5ced7df2019a9b92eb5d7d7385aN.exe	37
PID 824 wrote to memory of 2120	824	5490873df310a3d98a2ed6b976af2503f811d5ced7df2019a9b92eb5d7d7385aN.exe	37
PID 824 wrote to memory of 2120	824	5490873df310a3d98a2ed6b976af2503f811d5ced7df2019a9b92eb5d7d7385aN.exe	37
PID 2596 wrote to memory of 2976	2596	Unicorn-12589.exe	38
PID 2596 wrote to memory of 2976	2596	Unicorn-12589.exe	38
PID 2596 wrote to memory of 2976	2596	Unicorn-12589.exe	38
PID 2596 wrote to memory of 2976	2596	Unicorn-12589.exe	38
PID 2804 wrote to memory of 2100	2804	Unicorn-54369.exe	39
PID 2804 wrote to memory of 2100	2804	Unicorn-54369.exe	39
PID 2804 wrote to memory of 2100	2804	Unicorn-54369.exe	39
PID 2804 wrote to memory of 2100	2804	Unicorn-54369.exe	39
PID 2500 wrote to memory of 2188	2500	Unicorn-10155.exe	40
PID 2500 wrote to memory of 2188	2500	Unicorn-10155.exe	40
PID 2500 wrote to memory of 2188	2500	Unicorn-10155.exe	40
PID 2500 wrote to memory of 2188	2500	Unicorn-10155.exe	40
PID 2744 wrote to memory of 2660	2744	Unicorn-4976.exe	41
PID 2744 wrote to memory of 2660	2744	Unicorn-4976.exe	41
PID 2744 wrote to memory of 2660	2744	Unicorn-4976.exe	41
PID 2744 wrote to memory of 2660	2744	Unicorn-4976.exe	41
PID 2600 wrote to memory of 1832	2600	Unicorn-49346.exe	42
PID 2600 wrote to memory of 1832	2600	Unicorn-49346.exe	42
PID 2600 wrote to memory of 1832	2600	Unicorn-49346.exe	42
PID 2600 wrote to memory of 1832	2600	Unicorn-49346.exe	42
PID 2120 wrote to memory of 2880	2120	Unicorn-43216.exe	43
PID 2120 wrote to memory of 2880	2120	Unicorn-43216.exe	43
PID 2120 wrote to memory of 2880	2120	Unicorn-43216.exe	43
PID 2120 wrote to memory of 2880	2120	Unicorn-43216.exe	43
PID 2780 wrote to memory of 1224	2780	Unicorn-46756.exe	44
PID 2780 wrote to memory of 1224	2780	Unicorn-46756.exe	44
PID 2780 wrote to memory of 1224	2780	Unicorn-46756.exe	44
PID 2780 wrote to memory of 1224	2780	Unicorn-46756.exe	44
PID 824 wrote to memory of 1928	824	5490873df310a3d98a2ed6b976af2503f811d5ced7df2019a9b92eb5d7d7385aN.exe	45
PID 824 wrote to memory of 1928	824	5490873df310a3d98a2ed6b976af2503f811d5ced7df2019a9b92eb5d7d7385aN.exe	45
PID 824 wrote to memory of 1928	824	5490873df310a3d98a2ed6b976af2503f811d5ced7df2019a9b92eb5d7d7385aN.exe	45
PID 824 wrote to memory of 1928	824	5490873df310a3d98a2ed6b976af2503f811d5ced7df2019a9b92eb5d7d7385aN.exe	45
PID 2976 wrote to memory of 996	2976	Unicorn-12755.exe	46
PID 2976 wrote to memory of 996	2976	Unicorn-12755.exe	46
PID 2976 wrote to memory of 996	2976	Unicorn-12755.exe	46
PID 2976 wrote to memory of 996	2976	Unicorn-12755.exe	46

C:\Users\Admin\AppData\Local\Temp\5490873df310a3d98a2ed6b976af2503f811d5ced7df2019a9b92eb5d7d7385aN.exe
"C:\Users\Admin\AppData\Local\Temp\5490873df310a3d98a2ed6b976af2503f811d5ced7df2019a9b92eb5d7d7385aN.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:824
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10155.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10155.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54369.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54369.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12589.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12589.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12755.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56969.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16163.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55005.exe
        8⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56863.exe
        9⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62260.exe
        9⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40381.exe
        9⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
        9⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55280.exe
        9⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29296.exe
        8⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1928.exe
        8⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6600.exe
        8⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32994.exe
        8⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33737.exe
        7⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-729.exe
        8⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36921.exe
        9⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26591.exe
        9⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45828.exe
        9⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7086.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29363.exe
        8⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
        8⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61158.exe
        8⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43709.exe
        7⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1499.exe
        7⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16526.exe
        7⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43305.exe
        7⤵
        
        PID:6980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37137.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55005.exe
        7⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49162.exe
        8⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4886.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3184.exe
        9⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40327.exe
        9⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51693.exe
        9⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7086.exe
        8⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29363.exe
        8⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
        8⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30775.exe
        8⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29296.exe
        7⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11446.exe
        8⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52191.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1928.exe
        7⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6600.exe
        7⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42506.exe
        7⤵
        
        PID:6288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48875.exe
        6⤵
        Executes dropped EXE
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49162.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61600.exe
        7⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15265.exe
        7⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49530.exe
        7⤵
        
        PID:6108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48897.exe
        6⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13080.exe
        7⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26645.exe
        7⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40327.exe
        7⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39441.exe
        7⤵
        
        PID:6652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46143.exe
        6⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38810.exe
        7⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26591.exe
        7⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59446.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17729.exe
        6⤵
        
        PID:4836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38057.exe
        6⤵
        
        PID:5200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26111.exe
        6⤵
        
        PID:6480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57524.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5254.exe
        6⤵
        Executes dropped EXE
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55005.exe
        7⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65467.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8476.exe
        9⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13825.exe
        9⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41424.exe
        8⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43609.exe
        8⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63047.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36281.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46511.exe
        8⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26591.exe
        8⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58080.exe
        8⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14341.exe
        7⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37526.exe
        7⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34660.exe
        7⤵
        
        PID:6640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35139.exe
        6⤵
        Executes dropped EXE
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49162.exe
        7⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58758.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8081.exe
        8⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7086.exe
        7⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29363.exe
        7⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48905.exe
        7⤵
        
        PID:6736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43032.exe
        6⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36675.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2565.exe
        7⤵
        
        PID:6532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26687.exe
        6⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36921.exe
        7⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26591.exe
        7⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8569.exe
        7⤵
        
        PID:6772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13159.exe
        6⤵
        
        PID:4112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20991.exe
        6⤵
        
        PID:5288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55810.exe
        6⤵
        
        PID:6800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19544.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10978.exe
        6⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36926.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18622.exe
        7⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40327.exe
        7⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12156.exe
        7⤵
        
        PID:6752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1928.exe
        6⤵
        
        PID:3664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6600.exe
        6⤵
        
        PID:4452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19053.exe
        6⤵
        
        PID:6468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56790.exe
        5⤵
        
        PID:1988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16018.exe
        5⤵
        
        PID:4064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3785.exe
        5⤵
        
        PID:4536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38057.exe
        5⤵
        
        PID:5160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22027.exe
        5⤵
        
        PID:7072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25562.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25562.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41785.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62431.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47605.exe
        7⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49162.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59323.exe
        9⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19219.exe
        9⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40327.exe
        9⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55777.exe
        9⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7086.exe
        8⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31538.exe
        9⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29363.exe
        8⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
        8⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55280.exe
        8⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8684.exe
        7⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20821.exe
        7⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21824.exe
        7⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37526.exe
        7⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38744.exe
        7⤵
        
        PID:7004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36338.exe
        6⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33169.exe
        7⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51145.exe
        7⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54873.exe
        7⤵
        
        PID:6856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30795.exe
        6⤵
        
        PID:3940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58835.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37526.exe
        6⤵
        
        PID:5008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38744.exe
        6⤵
        
        PID:6988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5617.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49162.exe
        6⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39085.exe
        7⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26591.exe
        7⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8569.exe
        7⤵
        
        PID:6604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7086.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29363.exe
        6⤵
        
        PID:4520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
        6⤵
        
        PID:5432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55280.exe
        6⤵
        
        PID:6916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43032.exe
        5⤵
        
        PID:2408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26687.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13159.exe
        5⤵
        
        PID:4132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20991.exe
        5⤵
        
        PID:5272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51726.exe
        5⤵
        
        PID:6700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6874.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45903.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49162.exe
        6⤵
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7086.exe
        6⤵
        
        PID:3932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29363.exe
        6⤵
        
        PID:4508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24560.exe
        6⤵
        
        PID:5552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55280.exe
        6⤵
        
        PID:6776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29296.exe
        5⤵
        
        PID:2700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10615.exe
        6⤵
        
        PID:3580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2224.exe
        6⤵
        
        PID:4172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40327.exe
        6⤵
        
        PID:5184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51693.exe
        6⤵
        
        PID:7164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1928.exe
        5⤵
        
        PID:3636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6600.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42506.exe
        5⤵
        
        PID:6260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41362.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55005.exe
        5⤵
        
        PID:776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24274.exe
        6⤵
        
        PID:2896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7086.exe
        6⤵
        
        PID:3908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29363.exe
        6⤵
        
        PID:4584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
        6⤵
        
        PID:5376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43028.exe
        6⤵
        
        PID:6592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59037.exe
        5⤵
        
        PID:3032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1928.exe
        5⤵
        
        PID:3688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6600.exe
        5⤵
        
        PID:4468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32994.exe
        5⤵
        
        PID:5572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46075.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46075.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8098.exe
        5⤵
        
        PID:3732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57735.exe
        5⤵
        
        PID:3748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40327.exe
        5⤵
        
        PID:5176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51693.exe
        5⤵
        
        PID:6356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26597.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26597.exe
      4⤵
      PID:3560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3663.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3663.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16526.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16526.exe
      4⤵
      PID:1636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16692.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16692.exe
      4⤵
      PID:6304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4976.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4976.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40275.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40275.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41593.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35139.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50013.exe
        7⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43650.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29363.exe
        7⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
        7⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20125.exe
        7⤵
        
        PID:7080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40998.exe
        6⤵
        
        PID:868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1928.exe
        6⤵
        
        PID:3448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6600.exe
        6⤵
        
        PID:4696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20550.exe
        6⤵
        
        PID:6240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54434.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55005.exe
        6⤵
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21280.exe
        7⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9899.exe
        8⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26591.exe
        8⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58080.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14786.exe
        7⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5208.exe
        7⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39629.exe
        7⤵
        
        PID:7052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59935.exe
        6⤵
        
        PID:1556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61600.exe
        6⤵
        
        PID:3536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15265.exe
        6⤵
        
        PID:4448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37085.exe
        6⤵
        
        PID:6196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48875.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58482.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25899.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26591.exe
        7⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47194.exe
        7⤵
        
        PID:7084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7086.exe
        6⤵
        
        PID:4052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29363.exe
        6⤵
        
        PID:4576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
        6⤵
        
        PID:5504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51196.exe
        6⤵
        
        PID:6648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13100.exe
        5⤵
        
        PID:1708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39085.exe
        6⤵
        
        PID:4940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26591.exe
        6⤵
        
        PID:5144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8569.exe
        6⤵
        
        PID:6588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42264.exe
        5⤵
        
        PID:3596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7130.exe
        5⤵
        
        PID:4772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42125.exe
        5⤵
        
        PID:6312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54400.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54400.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25182.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57055.exe
        6⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53203.exe
        7⤵
        
        PID:6128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5083.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36442.exe
        6⤵
        
        PID:4492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
        6⤵
        
        PID:5168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55280.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28829.exe
        5⤵
        
        PID:300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47407.exe
        5⤵
        
        PID:4092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46246.exe
        5⤵
        
        PID:4632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37526.exe
        5⤵
        
        PID:4800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34660.exe
        5⤵
        
        PID:6576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43556.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43556.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49162.exe
        5⤵
        
        PID:1492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45591.exe
        6⤵
        
        PID:6456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-969.exe
        5⤵
        
        PID:4296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20991.exe
        5⤵
        
        PID:5028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17528.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48897.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48897.exe
      4⤵
      PID:2704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18021.exe
      4⤵
      PID:3868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62161.exe
      4⤵
      PID:4100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38057.exe
      4⤵
      PID:5256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34279.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34279.exe
      4⤵
      PID:6792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59718.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59718.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36357.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36357.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5254.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55005.exe
        6⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49162.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63177.exe
        8⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48429.exe
        8⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7086.exe
        7⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55146.exe
        8⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26591.exe
        8⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45828.exe
        8⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29363.exe
        7⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
        7⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55280.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52374.exe
        6⤵
        
        PID:3220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49971.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38057.exe
        6⤵
        
        PID:1444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30195.exe
        6⤵
        
        PID:6620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35139.exe
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47543.exe
        6⤵
        
        PID:3400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21003.exe
        6⤵
        
        PID:4624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
        6⤵
        
        PID:5400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7873.exe
        6⤵
        
        PID:6236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29788.exe
        5⤵
        
        PID:3412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-969.exe
        5⤵
        
        PID:4304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20991.exe
        5⤵
        
        PID:5076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51726.exe
        5⤵
        
        PID:6696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63178.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63178.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56157.exe
        5⤵
        
        PID:2572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15149.exe
        5⤵
        
        PID:560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41475.exe
      4⤵
      PID:856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49162.exe
        5⤵
        
        PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7086.exe
        5⤵
        
        PID:3896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52214.exe
        5⤵
        
        PID:1120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37085.exe
        5⤵
        
        PID:6204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12349.exe
      4⤵
      PID:2204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36675.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2565.exe
        5⤵
        
        PID:6784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42264.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42264.exe
      4⤵
      PID:3460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7130.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16085.exe
      4⤵
      PID:6220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48344.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48344.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17507.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49162.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61600.exe
        5⤵
        
        PID:3520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3013.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63126.exe
        5⤵
        
        PID:6344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15149.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15149.exe
      4⤵
      PID:2196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1928.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1928.exe
      4⤵
      PID:3652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6600.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6600.exe
      4⤵
      PID:4752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46590.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46590.exe
      4⤵
      PID:6396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53501.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53501.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55005.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55005.exe
      4⤵
      PID:2428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49162.exe
        5⤵
        
        PID:2184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61600.exe
        5⤵
        
        PID:3368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15265.exe
        5⤵
        
        PID:4376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59042.exe
        5⤵
        
        PID:6268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15149.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15149.exe
      4⤵
      PID:2272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11986.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11986.exe
      4⤵
      PID:3756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33292.exe
      4⤵
      PID:4916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40159.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40159.exe
      4⤵
      PID:7104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29539.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29539.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18348.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18348.exe
      4⤵
      PID:1392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14786.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14786.exe
      4⤵
      PID:3308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21544.exe
      4⤵
      PID:4980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43220.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43220.exe
      4⤵
      PID:6440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44239.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44239.exe
    3⤵
    PID:3228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56522.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56522.exe
    3⤵
    PID:3344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35744.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35744.exe
    3⤵
    PID:2496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38105.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38105.exe
    3⤵
    PID:6892
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46756.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46756.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49346.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49346.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61764.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61764.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21173.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41627.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55005.exe
        7⤵
        
        PID:352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28841.exe
        8⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29744.exe
        9⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26591.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2077.exe
        9⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30874.exe
        8⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11054.exe
        8⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8404.exe
        8⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8845.exe
        7⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5933.exe
        7⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
        7⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55280.exe
        7⤵
        
        PID:6840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35139.exe
        6⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24243.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57735.exe
        7⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40327.exe
        7⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20324.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33872.exe
        6⤵
        
        PID:3452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20651.exe
        6⤵
        
        PID:3624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49828.exe
        6⤵
        
        PID:4832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43705.exe
        6⤵
        
        PID:6880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53365.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34393.exe
        6⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2063.exe
        7⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15628.exe
        7⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40327.exe
        7⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51693.exe
        7⤵
        
        PID:6216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40557.exe
        6⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22090.exe
        7⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26591.exe
        7⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58080.exe
        7⤵
        
        PID:7036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5933.exe
        6⤵
        
        PID:3236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
        6⤵
        
        PID:5496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51196.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37775.exe
        5⤵
        
        PID:2676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49930.exe
        6⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13080.exe
        7⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6033.exe
        7⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40327.exe
        7⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59861.exe
        7⤵
        
        PID:6744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35207.exe
        6⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42851.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37065.exe
        6⤵
        
        PID:4852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
        6⤵
        
        PID:5512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51196.exe
        6⤵
        
        PID:6672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21014.exe
        5⤵
        
        PID:1136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60988.exe
        5⤵
        
        PID:3772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37037.exe
        5⤵
        
        PID:4828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22712.exe
        5⤵
        
        PID:7148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5391.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5391.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53687.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56157.exe
        6⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10615.exe
        7⤵
        
        PID:3556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20137.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9634.exe
        6⤵
        
        PID:4352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37526.exe
        6⤵
        
        PID:5048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26492.exe
        6⤵
        
        PID:6328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11403.exe
        5⤵
        
        PID:2104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14263.exe
        6⤵
        
        PID:2944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14786.exe
        6⤵
        
        PID:3312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42846.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16757.exe
        6⤵
        
        PID:6408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46509.exe
        5⤵
        
        PID:3240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20651.exe
        5⤵
        
        PID:3408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8795.exe
        5⤵
        
        PID:5016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39429.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23327.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23327.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49162.exe
        5⤵
        
        PID:2740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36921.exe
        6⤵
        
        PID:5088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26591.exe
        6⤵
        
        PID:5128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8569.exe
        6⤵
        
        PID:6584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7086.exe
        5⤵
        
        PID:3980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29363.exe
        5⤵
        
        PID:4204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
        5⤵
        
        PID:5408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55280.exe
        5⤵
        
        PID:6940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48897.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48897.exe
      4⤵
      PID:2784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46511.exe
        5⤵
        
        PID:4712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26591.exe
        5⤵
        
        PID:5448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53996.exe
        5⤵
        
        PID:6956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12516.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12516.exe
      4⤵
      PID:860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28827.exe
      4⤵
      PID:3016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33905.exe
      4⤵
      PID:6924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62319.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62319.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37509.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37509.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45711.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55005.exe
        6⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28550.exe
        7⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36921.exe
        8⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26591.exe
        8⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45828.exe
        8⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61600.exe
        7⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15265.exe
        7⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59042.exe
        7⤵
        
        PID:6276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41356.exe
        6⤵
        
        PID:1848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20821.exe
        6⤵
        
        PID:3840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21824.exe
        6⤵
        
        PID:4140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37526.exe
        6⤵
        
        PID:5520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26492.exe
        6⤵
        
        PID:6384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10443.exe
        5⤵
        
        PID:624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56723.exe
        6⤵
        
        PID:3352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1051.exe
        6⤵
        
        PID:3760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15679.exe
        6⤵
        
        PID:2480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11345.exe
        6⤵
        
        PID:6164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29788.exe
        5⤵
        
        PID:3428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36921.exe
        6⤵
        
        PID:5116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26591.exe
        6⤵
        
        PID:5136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22306.exe
        6⤵
        
        PID:6436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20651.exe
        5⤵
        
        PID:3644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49828.exe
        5⤵
        
        PID:4984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27177.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33821.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60096.exe
        5⤵
        
        PID:1940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22557.exe
        6⤵
        
        PID:4960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24397.exe
        6⤵
        
        PID:5644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17060.exe
        5⤵
        
        PID:3952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52970.exe
        5⤵
        
        PID:4244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
        5⤵
        
        PID:5488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30775.exe
        5⤵
        
        PID:6624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46073.exe
      4⤵
      PID:2764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39085.exe
        5⤵
        
        PID:4948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26591.exe
        5⤵
        
        PID:5344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33575.exe
        5⤵
        
        PID:6664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36661.exe
      4⤵
      PID:3916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50170.exe
      4⤵
      PID:4232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20991.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20991.exe
      4⤵
      PID:5032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55810.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55810.exe
      4⤵
      PID:6972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35463.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35463.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1480
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 240
      4⤵
      Program crash
      PID:1584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8580.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8580.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49162.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49162.exe
      4⤵
      PID:568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7086.exe
      4⤵
      PID:3988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29363.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29363.exe
      4⤵
      PID:4564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
      4⤵
      PID:5440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55280.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55280.exe
      4⤵
      PID:6904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40232.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40232.exe
    3⤵
    PID:2172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61290.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61290.exe
      4⤵
      PID:3196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54378.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16149.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16149.exe
      4⤵
      PID:6552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1486.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1486.exe
    3⤵
    PID:3720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13689.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13689.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16526.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16526.exe
    3⤵
    PID:4992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28944.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28944.exe
    3⤵
    PID:7040
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43216.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43216.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8479.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8479.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53845.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53845.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53687.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49162.exe
        6⤵
        
        PID:1644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7086.exe
        6⤵
        
        PID:3924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29363.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
        6⤵
        
        PID:5560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51196.exe
        6⤵
        
        PID:6704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29296.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54568.exe
        6⤵
        
        PID:6072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1928.exe
        5⤵
        
        PID:3792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6600.exe
        5⤵
        
        PID:4744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55810.exe
        5⤵
        
        PID:6824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34288.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13365.exe
        5⤵
        
        PID:2084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7086.exe
        5⤵
        
        PID:4048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29363.exe
        5⤵
        
        PID:4528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
        5⤵
        
        PID:5472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51196.exe
        5⤵
        
        PID:6688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43800.exe
      4⤵
      PID:2868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58800.exe
      4⤵
      PID:3488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55602.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55602.exe
      4⤵
      PID:4332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50060.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50060.exe
      4⤵
      PID:1404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56109.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56109.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49162.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49162.exe
      4⤵
      PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7086.exe
      4⤵
      PID:3880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45936.exe
      4⤵
      PID:4728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1365.exe
      4⤵
      PID:6712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48897.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48897.exe
    3⤵
    PID:2688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47279.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47279.exe
      4⤵
      PID:4924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26591.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26591.exe
      4⤵
      PID:5264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8569.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8569.exe
      4⤵
      PID:6984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42264.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42264.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7130.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7130.exe
    3⤵
    PID:4760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16575.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16575.exe
    3⤵
    PID:5072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1233.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1233.exe
    3⤵
    PID:6816
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24551.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24551.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20981.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20981.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54154.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54154.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56157.exe
        5⤵
        
        PID:2612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52639.exe
        6⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39085.exe
        7⤵
        
        PID:4920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28497.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14786.exe
        5⤵
        
        PID:3372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58493.exe
        5⤵
        
        PID:4880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43713.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11403.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11403.exe
      4⤵
      PID:2360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57299.exe
        5⤵
        
        PID:3700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57735.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40327.exe
        5⤵
        
        PID:5240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51693.exe
        5⤵
        
        PID:6364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29788.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29788.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20651.exe
      4⤵
      PID:3684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49828.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49828.exe
      4⤵
      PID:4328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31453.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31453.exe
      4⤵
      PID:6832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17760.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17760.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49162.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49162.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36921.exe
        5⤵
        
        PID:4108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26591.exe
        5⤵
        
        PID:5044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58080.exe
        5⤵
        
        PID:6912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7086.exe
      4⤵
      PID:4032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29363.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29363.exe
      4⤵
      PID:4608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
      4⤵
      PID:5528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48905.exe
      4⤵
      PID:6448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43032.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43032.exe
    3⤵
    PID:876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36921.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36921.exe
      4⤵
      PID:3276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26591.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26591.exe
      4⤵
      PID:5208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20821.exe
      4⤵
      PID:6432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58800.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58800.exe
    3⤵
    PID:3392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55602.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55602.exe
    3⤵
    PID:4668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63656.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63656.exe
    3⤵
    PID:6332
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16134.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16134.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8845.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8845.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13365.exe
      4⤵
      PID:2200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59531.exe
        5⤵
        
        PID:4896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5189.exe
        5⤵
        
        PID:6132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8901.exe
        5⤵
        
        PID:6740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7086.exe
      4⤵
      PID:3888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29363.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29363.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
      4⤵
      PID:5456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58750.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58750.exe
      4⤵
      PID:6504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17620.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17620.exe
    3⤵
    PID:2548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1928.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1928.exe
    3⤵
    PID:3616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6600.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6600.exe
    3⤵
    PID:4700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39474.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39474.exe
    3⤵
    PID:6512
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16052.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16052.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34393.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34393.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16053.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16053.exe
      4⤵
      PID:3440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14786.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14786.exe
      4⤵
      PID:3320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58493.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58493.exe
      4⤵
      PID:4848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39629.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39629.exe
      4⤵
      PID:6992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32773.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32773.exe
    3⤵
    PID:3208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22567.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22567.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19219.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19219.exe
      4⤵
      PID:4904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40327.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40327.exe
      4⤵
      PID:2068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65441.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65441.exe
      4⤵
      PID:6876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21911.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21911.exe
    3⤵
    PID:3744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3013.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3013.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59042.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59042.exe
    3⤵
    PID:6296
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47757.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47757.exe
  2⤵
  PID:2916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49162.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49162.exe
    3⤵
    PID:2732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7086.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7086.exe
    3⤵
    PID:3972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29363.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29363.exe
    3⤵
    PID:4500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
    3⤵
    PID:5416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47112.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47112.exe
    3⤵
    PID:6460
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19231.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19231.exe
  2⤵
  PID:2032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36921.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36921.exe
    3⤵
    PID:5108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26591.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26591.exe
    3⤵
    PID:5216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49912.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49912.exe
    3⤵
    PID:6520
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57222.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57222.exe
  2⤵
  PID:3696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61098.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61098.exe
    3⤵
    PID:3304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1944.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1944.exe
    3⤵
    PID:5080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1396.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1396.exe
    3⤵
    PID:6168
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46534.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46534.exe
  2⤵
  PID:3768
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53192.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53192.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5540
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40493.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40493.exe
  2⤵
  PID:7092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-17729.exe

Filesize
468KB

MD5
60e7a8b01222c0973fb7abf2db06fca9

SHA1
ff9badde57552d73c6a9ab78f859688c039f2de0

SHA256
6d9abe4682a7781c8d82ffecc6891b456c203ee80e62b4db99dbf96f985187bf

SHA512
3410f6ec2be26698acae7039dd0435bd2ac5036a31712961e4c1c5db288605478d768f0368ed4a11a73e0566da7cdeb00a5529ef170761fc31a3ad9d60cb05d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24397.exe

Filesize
468KB

MD5
9178722d53d76068c2beb579ece8b66b

SHA1
156ad940ec55ae0d4e1b5011736b023e9faca48d

SHA256
48a3dff66d3146839b7fa71e0c7458a86f711e2217df799f2383213a07a87855

SHA512
ec5e25f9c992fecc51209f3bffc131ff97564d8401ee54f3fbf8037f43b35e5bd997c24b55cce3f0dff9b67c4bb21501a8b1231105446eccc390e682816ac0da

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24551.exe

Filesize
468KB

MD5
d603860302578740d640ed81b5a996da

SHA1
3429886f332dbe039c6f6e29a1aa893974ed3140

SHA256
4034c6e0d7336267c1a804b256664f9b061282da30106be65899bff71c75f06a

SHA512
87cceacd7d6caa73cc41c64bbed8e0fe565b2372f1cb47bd1701cb00c226a35c05288817353166e3c3d6236f9de4c6f0bafd827233002795d4d4f7c639dffbee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40275.exe

Filesize
468KB

MD5
2383485674a6f1d4b1e334cd9da05f64

SHA1
f466baa88b3ee06b9026df73fdbe9d91bbf0dba9

SHA256
f4d7e608ab226cb309aa4cbe311034d9dabc997d1b255a0af9b53562d6be7a20

SHA512
3a8bb618be5fbf3863d50dbf1a6fac2765b36906c4b561fcd0949b1394ac963ee0cf367993e6861361ec0caca63049277ff198b258d82e44b6cb76512c17a470

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4976.exe

Filesize
468KB

MD5
59047c0e7f03407ff22990469f6c7534

SHA1
fccaafa1d0d6010846d960b7c70ca77ba5873125

SHA256
6052838d1e5ce0a928c0505b2dd251a436721ba686959fff694df416c9558b33

SHA512
37021c159499d31187ab7f1b3c658dbfdc89fe40c60353bf210f25ca57f6ca302f92afa15c377218eb1ebc4aac93043b77792698cac0528e561b4b82945e19bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57524.exe

Filesize
468KB

MD5
7974e5db7c878244c6af25c37b1bdaf4

SHA1
33ab7e7d80b0c4437137ae488d8e9b9cb2643e58

SHA256
0b685e4bc277f67ac853196cedddb39adea80e2b14b7ee93d0c51ac85b090860

SHA512
5b04fd52892f7a2ebf86f16d31ec93a4b17f211597d475bbbc0e919fb99bcdf0c403441c6e34bf8d7748dba0ab32e3259c464f085c78b4116066c81d7506a62c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59718.exe

Filesize
468KB

MD5
fc79304faecbd24df2eb03404b0fa67f

SHA1
dbdd08c3ffabc5ab912d8d8881e327a79a0136b8

SHA256
813750f09608acccc7ae069ace22ae6b63503327221504695aa83bda711f320e

SHA512
8a18a9b776c05365433ed85accda3c1e99f8f04e211bfbcd63a24aea65b0878e93cb6b3edcc9b6723393233e7eaac23017795af87b6640f45c03de78cfaca80b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61764.exe

Filesize
468KB

MD5
5c951cde740e9ff67f4636a321713b6a

SHA1
727c8a0e600cbe94921adea18ffaae88581ebc83

SHA256
cfbe6063d17834cf4d8a096557ce9ea3b0e57333c9823fc959ad94992066c952

SHA512
7e87b73a23ebc62a120f8913d01d34491de969e924d51317f6a5f7244ae18e07a2ebffce81cfd98aa11c82e5879332c6ff94be09876a87787cc8a34ae9b90cad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62319.exe

Filesize
468KB

MD5
02bd49508b82e879303f9391f2ee10f4

SHA1
7c7b9dc06c1fc82543a003b2301bac16bb1fe604

SHA256
4088f777bbcde1e0709b00e5d11ef452c33350cd5d798651f64099eabbb9692e

SHA512
6a6ce6aaffc66ae2356b20c914e39bbc345142ae9473244693f79687e3a20e0b64ca40487e551cbc91b2e793450f896d89fc81c4057c7c1d5253fd497cc3b1be

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10155.exe

Filesize
468KB

MD5
00f360df4a224a2f2f8f3717256b10af

SHA1
0761afce749eadbabe66107855947b9f88c540d0

SHA256
6bf0c5cabfaa14fd0c82de82a913378c42c5d6000b86ac3f122ed28390f36da8

SHA512
2ad28f344f8bb2a485eac95db6993963e12f020ad4ca79fa739581c61f501c8bb520f7ef524f30970c8395e67c3a9f4e61f6e94941afbd1325ddd7e51c245346

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12589.exe

Filesize
468KB

MD5
c2a3f2f0e0ef450b41fa0a67c6a29943

SHA1
91e1861f67072d92a82d7ce86f8b362e7feb3ba5

SHA256
06d9567f01b4ce642a3de25f382f2d695d4d8a753327363d936a82106daf4a5a

SHA512
c1dc99af1c529f79aac13cbe5272e5248e1102b3fdab88aa6da20bab2680950ee2068a290c3262b6b95ca7c43c75c7f8805e18407a7fac0db235f6911df477b6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12755.exe

Filesize
468KB

MD5
e2c97f8980c5d789bb0a2b0b254372d3

SHA1
6fb2b3d769cf21de1514f2bd008204cd9d0ac468

SHA256
1d98ed80418bec5322bd458b0193bc643e31843314f252236a147e26e3061644

SHA512
06dedb7fe3de140e563dab5e88660046e7e726a30e2c6ae66bbdbf39a0b467349c2705d341f0f007a0e730e4b66d8170a4d0b210f99091306426bd93f3566a55

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25562.exe

Filesize
468KB

MD5
ddce0291d0b656d28e36eb3f93a880ee

SHA1
31a104b813cdf6c084cfb58e5b07af08540e0347

SHA256
80317595e772c58d8a8d199fb307ae910022b7b6e01f5d6fc35c201d34048826

SHA512
b425c853444242156af050f4e7a7c1a1c9cb674e20629800c366bcd9dec326f0007004ca9aca0831b94e311432786eaf411f6479da321b7bf106077cf221a6e8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36357.exe

Filesize
468KB

MD5
e2d1cefb81b9d4444acb5499a15120f7

SHA1
a79f1252910573ea6f9e3f5abad145a662f7f794

SHA256
98d2d0b1f507b6bee0545dea35f5f130767b8be9a4c570058543f51a1e9d08bd

SHA512
9570d7d08744acd1a89468b47e4df3c306b93e168b07772462152c9119a46b2b69b0c07e25fb261cba4a9c479d8de325b12d597592a6d41bef7a4077122a1793

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43216.exe

Filesize
468KB

MD5
3173ff25bad52c226bf8abee1bf92633

SHA1
a59904b63d11bcc7c454b3a3f14accaeb8fd2dce

SHA256
1285414c768dfc9a13f2d9d515b76c1e13f49162d883e7345384d682255b008b

SHA512
3708655ed82e9a681dcda5776919a4dba139bb0e40240bf71239a55db9ea54ad2c516d6d2fbdbf33123e66cd1575e9e416aab6ed2fe421fcd278abbea9dc7140

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46756.exe

Filesize
468KB

MD5
ce46e7caa0f3861fc6c526aea8054b84

SHA1
6395d46219c2f839e1965404ba8c4db16a8a9beb

SHA256
285c14412c72565b2f10a35418879fd2c7f5deae0d2c033ee74aa502fc18c37a

SHA512
b04cca395c51c3a98d1505f094d9816fb282abb97fb8b56260c5533848135a7e9a3eed189b8cfaa65f052410cc9addf91b8d2449024719e16eef7d66b6ebbd46

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48344.exe

Filesize
468KB

MD5
edf968e3d70338811570c59f7900e069

SHA1
e80582799888866ba0ca5268d3cd74f419eccc0e

SHA256
ae2989ea5cc4f81427c0beb8d87adcf9146162edf1fac28d7c1608b5f4d566fe

SHA512
9d7671f7cd9efc5969ab4d17638487b5f400d313ec54ddbe4c030b4a30b43e1ca41b9cf5d8193746e6a96c6c985011e06ac80530a308c7265aec1a75240e0503

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49346.exe

Filesize
468KB

MD5
3f3ebc3efe82d9380fb57084a564c1a9

SHA1
465343652aebd4984e7fa471970b67dee98f038f

SHA256
96e0092b007ecfa921775a78ef0cb2ab8908991efa9dde93c0bbe34f59aaf455

SHA512
ec6266e177eea3082d178871ae8884fd2bab05731c4e4ed5f4102431aa390e3fd8a3762d257a9414c35b42a9e228f776be3519ee3278ab00f04416271ee7ad2a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54369.exe

Filesize
468KB

MD5
e4f1ce8831d3b2b72661748f75004517

SHA1
f0cd50531d1b9a32492bf6c6c62dc83433d60fb5

SHA256
2a9bc27679ac25d915a9dc021df0ffecc42e9e324c78c4abc94d6175a066da43

SHA512
e24c51b584662aba85d022f6089e52c28cbc49635e7068a1d3d124733f61a3840a14453bd4cb53f8081f06bcb53ce1145b24083e5a5c5c7b752d6b8048fecd07

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56969.exe

Filesize
468KB

MD5
248238256381554bfedb11054ac4ed33

SHA1
77508afb113c86b2bc828c966f32992ba3fd7adf

SHA256
a06d02d19eb6dab1a9579d2c7aea8f817fb97cc8270f3df4fe863268d9dd7ef6

SHA512
2b3583842ab518ee44637e326de25403e2aeba7d2660e577d9662fb42e184c7a8d75cae2af992eceec4b37979789fe9470a8b4893a38b4f3e834a216791d0ad4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8479.exe

Filesize
468KB

MD5
414f9ac0074c7290cf07210a8f08240e

SHA1
c5fb58b7180d5e5a03828bebce6b53a0489c4e31

SHA256
8888be698371cf544ccaa0d683cdb3dda6d0ae77bacdbdc61aa0f24762f0f2d7

SHA512
10c83f17b6a62160999ed65c0b9d0a241e613e4ac258f4241fd5af1455824e203fbe2dd6c66f9bf44d8fe46c2518c51abc7285659c6be8614b0f0397802b46be

Download Submit