53633020785b75c72f6e25e264f0184e69f36f270047384da0596f69e063f308

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09/10/2024, 22:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

53633020785b75c72f6e25e264f0184e69f36f270047384da0596f69e063f308N.exe
Size

468KB
MD5

e09d1196ebd203771d0a6e7acbf8f840
SHA1

e8ad11fc6e7ff0519608b46e9ec5b06d203f19f6
SHA256

53633020785b75c72f6e25e264f0184e69f36f270047384da0596f69e063f308
SHA512

da181a3780c08a177a103d3244f0fd756d08b1c01e27f3adf182eff4a29ea06774c876913071f59b25542378ca07797c81a1e2ce93240fef618df89e554983f6
SSDEEP

3072:S8X+oOh+JC8c2aYQqz8vrf8AvCm9i4pxhdHeMVplnjgbSN3EJcjsYl:S8OoN7c2oqAvrfaE0Mjgbe0Jcj

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1780	Unicorn-39677.exe
2180	Unicorn-25526.exe
2964	Unicorn-32110.exe
2280	Unicorn-46029.exe
2724	Unicorn-27454.exe
2652	Unicorn-33585.exe
2680	Unicorn-13719.exe
2668	Unicorn-53211.exe
2504	Unicorn-40143.exe
2576	Unicorn-23807.exe
264	Unicorn-47757.exe
1952	Unicorn-47757.exe
1492	Unicorn-61078.exe
1596	Unicorn-54948.exe
2732	Unicorn-35048.exe
2908	Unicorn-28790.exe
1268	Unicorn-58701.exe
1508	Unicorn-23144.exe
1464	Unicorn-47740.exe
604	Unicorn-21006.exe
1136	Unicorn-27127.exe
748	Unicorn-59900.exe
2956	Unicorn-63169.exe
2052	Unicorn-44140.exe
2440	Unicorn-10513.exe
888	Unicorn-19444.exe
1504	Unicorn-65115.exe
1912	Unicorn-30304.exe
1540	Unicorn-25209.exe
2372	Unicorn-50424.exe
2192	Unicorn-4752.exe
2640	Unicorn-
2240	Unicorn-51907.exe
1512	Unicorn-6698.exe
2492	Unicorn-6698.exe
2456	Unicorn-27851.exe
2168	Unicorn-27586.exe
2692	Unicorn-7985.exe
2624	Unicorn-7985.exe
2784	Unicorn-50409.exe
2500	Unicorn-32489.exe
2768	Unicorn-32489.exe
2748	Unicorn-64342.exe
548	Unicorn-29605.exe
3016	Unicorn-28213.exe
3052	Unicorn-5100.exe
1252	Unicorn-64222.exe
1080	Unicorn-15983.exe
1292	Unicorn-15983.exe
3004	Unicorn-60337.exe
1196	Unicorn-41041.exe
896	Unicorn-17929.exe
2132	Unicorn-19875.exe
3068	Unicorn-13744.exe
648	Unicorn-13744.exe
880	Unicorn-49210.exe
1528	Unicorn-
1792	Unicorn-
2128	Unicorn-23850.exe
1948	Unicorn-38048.exe
2416	Unicorn-63299.exe
2464	Unicorn-54939.exe
2520	Unicorn-5183.exe
2712	Unicorn-24212.exe

Loads dropped DLL 64 IoCs

pid	Process
2276	53633020785b75c72f6e25e264f0184e69f36f270047384da0596f69e063f308N.exe
2276	53633020785b75c72f6e25e264f0184e69f36f270047384da0596f69e063f308N.exe
1780	Unicorn-39677.exe
2276	53633020785b75c72f6e25e264f0184e69f36f270047384da0596f69e063f308N.exe
1780	Unicorn-39677.exe
2276	53633020785b75c72f6e25e264f0184e69f36f270047384da0596f69e063f308N.exe
2180	Unicorn-25526.exe
2180	Unicorn-25526.exe
2276	53633020785b75c72f6e25e264f0184e69f36f270047384da0596f69e063f308N.exe
2276	53633020785b75c72f6e25e264f0184e69f36f270047384da0596f69e063f308N.exe
2964	Unicorn-32110.exe
1780	Unicorn-39677.exe
1780	Unicorn-39677.exe
2964	Unicorn-32110.exe
2280	Unicorn-46029.exe
2280	Unicorn-46029.exe
2180	Unicorn-25526.exe
2180	Unicorn-25526.exe
2964	Unicorn-32110.exe
2964	Unicorn-32110.exe
2724	Unicorn-27454.exe
1780	Unicorn-39677.exe
2652	Unicorn-33585.exe
2680	Unicorn-13719.exe
2652	Unicorn-33585.exe
2724	Unicorn-27454.exe
1780	Unicorn-39677.exe
2680	Unicorn-13719.exe
2276	53633020785b75c72f6e25e264f0184e69f36f270047384da0596f69e063f308N.exe
2276	53633020785b75c72f6e25e264f0184e69f36f270047384da0596f69e063f308N.exe
2668	Unicorn-53211.exe
2668	Unicorn-53211.exe
2280	Unicorn-46029.exe
2280	Unicorn-46029.exe
2504	Unicorn-40143.exe
2504	Unicorn-40143.exe
2180	Unicorn-25526.exe
2180	Unicorn-25526.exe
2576	Unicorn-23807.exe
2576	Unicorn-23807.exe
2964	Unicorn-32110.exe
2964	Unicorn-32110.exe
264	Unicorn-47757.exe
264	Unicorn-47757.exe
2652	Unicorn-33585.exe
2652	Unicorn-33585.exe
2732	Unicorn-35048.exe
2732	Unicorn-35048.exe
2276	53633020785b75c72f6e25e264f0184e69f36f270047384da0596f69e063f308N.exe
2276	53633020785b75c72f6e25e264f0184e69f36f270047384da0596f69e063f308N.exe
1492	Unicorn-61078.exe
2724	Unicorn-27454.exe
1492	Unicorn-61078.exe
2724	Unicorn-27454.exe
2680	Unicorn-13719.exe
1780	Unicorn-39677.exe
2680	Unicorn-13719.exe
1780	Unicorn-39677.exe
2996	WerFault.exe
2996	WerFault.exe
2996	WerFault.exe
2996	WerFault.exe
2996	WerFault.exe
2996	WerFault.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2996	2956	WerFault.exe	52

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48058.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61485.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21036.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21036.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39677.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49210.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12836.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30206.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18967.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25371.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57845.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29598.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5753.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14109.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61096.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5100.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32048.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39235.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18836.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34551.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46237.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8843.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27454.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32310.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35173.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18836.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30166.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7559.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19444.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49226.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30206.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43942.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13758.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47388.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58701.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26178.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64638.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39235.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19875.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17087.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15849.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59791.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30155.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44985.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2953.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21036.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35048.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62069.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32048.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21036.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14873.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27701.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13744.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34959.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12836.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25649.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33585.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56098.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1172.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2276	53633020785b75c72f6e25e264f0184e69f36f270047384da0596f69e063f308N.exe
1780	Unicorn-39677.exe
2180	Unicorn-25526.exe
2964	Unicorn-32110.exe
2280	Unicorn-46029.exe
2680	Unicorn-13719.exe
2652	Unicorn-33585.exe
2724	Unicorn-27454.exe
2668	Unicorn-53211.exe
2504	Unicorn-40143.exe
2576	Unicorn-23807.exe
1952	Unicorn-47757.exe
264	Unicorn-47757.exe
2732	Unicorn-35048.exe
1596	Unicorn-54948.exe
1492	Unicorn-61078.exe
2908	Unicorn-28790.exe
1268	Unicorn-58701.exe
1508	Unicorn-23144.exe
604	Unicorn-21006.exe
1464	Unicorn-47740.exe
1136	Unicorn-27127.exe
748	Unicorn-59900.exe
888	Unicorn-19444.exe
2052	Unicorn-44140.exe
2956	Unicorn-63169.exe
1912	Unicorn-30304.exe
2440	Unicorn-10513.exe
1504	Unicorn-65115.exe
1540	Unicorn-25209.exe
2640	Unicorn-
2168	Unicorn-27586.exe
2456	Unicorn-27851.exe
1512	Unicorn-6698.exe
2372	Unicorn-50424.exe
2192	Unicorn-4752.exe
2240	Unicorn-51907.exe
2768	Unicorn-32489.exe
2784	Unicorn-50409.exe
2492	Unicorn-6698.exe
2500	Unicorn-32489.exe
2624	Unicorn-7985.exe
2692	Unicorn-7985.exe
2748	Unicorn-64342.exe
3016	Unicorn-28213.exe
3052	Unicorn-5100.exe
1292	Unicorn-15983.exe
1252	Unicorn-64222.exe
1080	Unicorn-15983.exe
3004	Unicorn-60337.exe
1196	Unicorn-41041.exe
896	Unicorn-17929.exe
648	Unicorn-13744.exe
2132	Unicorn-19875.exe
3068	Unicorn-13744.exe
880	Unicorn-49210.exe
1528	Unicorn-
1792	Unicorn-
2128	Unicorn-23850.exe
1948	Unicorn-38048.exe
2416	Unicorn-63299.exe
2464	Unicorn-54939.exe
2520	Unicorn-5183.exe
2712	Unicorn-24212.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2276 wrote to memory of 1780	2276	53633020785b75c72f6e25e264f0184e69f36f270047384da0596f69e063f308N.exe	28
PID 2276 wrote to memory of 1780	2276	53633020785b75c72f6e25e264f0184e69f36f270047384da0596f69e063f308N.exe	28
PID 2276 wrote to memory of 1780	2276	53633020785b75c72f6e25e264f0184e69f36f270047384da0596f69e063f308N.exe	28
PID 2276 wrote to memory of 1780	2276	53633020785b75c72f6e25e264f0184e69f36f270047384da0596f69e063f308N.exe	28
PID 1780 wrote to memory of 2180	1780	Unicorn-39677.exe	29
PID 1780 wrote to memory of 2180	1780	Unicorn-39677.exe	29
PID 1780 wrote to memory of 2180	1780	Unicorn-39677.exe	29
PID 1780 wrote to memory of 2180	1780	Unicorn-39677.exe	29
PID 2276 wrote to memory of 2964	2276	53633020785b75c72f6e25e264f0184e69f36f270047384da0596f69e063f308N.exe	30
PID 2276 wrote to memory of 2964	2276	53633020785b75c72f6e25e264f0184e69f36f270047384da0596f69e063f308N.exe	30
PID 2276 wrote to memory of 2964	2276	53633020785b75c72f6e25e264f0184e69f36f270047384da0596f69e063f308N.exe	30
PID 2276 wrote to memory of 2964	2276	53633020785b75c72f6e25e264f0184e69f36f270047384da0596f69e063f308N.exe	30
PID 2180 wrote to memory of 2280	2180	Unicorn-25526.exe	31
PID 2180 wrote to memory of 2280	2180	Unicorn-25526.exe	31
PID 2180 wrote to memory of 2280	2180	Unicorn-25526.exe	31
PID 2180 wrote to memory of 2280	2180	Unicorn-25526.exe	31
PID 2276 wrote to memory of 2724	2276	53633020785b75c72f6e25e264f0184e69f36f270047384da0596f69e063f308N.exe	32
PID 2276 wrote to memory of 2724	2276	53633020785b75c72f6e25e264f0184e69f36f270047384da0596f69e063f308N.exe	32
PID 2276 wrote to memory of 2724	2276	53633020785b75c72f6e25e264f0184e69f36f270047384da0596f69e063f308N.exe	32
PID 2276 wrote to memory of 2724	2276	53633020785b75c72f6e25e264f0184e69f36f270047384da0596f69e063f308N.exe	32
PID 1780 wrote to memory of 2680	1780	Unicorn-39677.exe	34
PID 1780 wrote to memory of 2680	1780	Unicorn-39677.exe	34
PID 1780 wrote to memory of 2680	1780	Unicorn-39677.exe	34
PID 1780 wrote to memory of 2680	1780	Unicorn-39677.exe	34
PID 2964 wrote to memory of 2652	2964	Unicorn-32110.exe	33
PID 2964 wrote to memory of 2652	2964	Unicorn-32110.exe	33
PID 2964 wrote to memory of 2652	2964	Unicorn-32110.exe	33
PID 2964 wrote to memory of 2652	2964	Unicorn-32110.exe	33
PID 2280 wrote to memory of 2668	2280	Unicorn-46029.exe	35
PID 2280 wrote to memory of 2668	2280	Unicorn-46029.exe	35
PID 2280 wrote to memory of 2668	2280	Unicorn-46029.exe	35
PID 2280 wrote to memory of 2668	2280	Unicorn-46029.exe	35
PID 2180 wrote to memory of 2504	2180	Unicorn-25526.exe	36
PID 2180 wrote to memory of 2504	2180	Unicorn-25526.exe	36
PID 2180 wrote to memory of 2504	2180	Unicorn-25526.exe	36
PID 2180 wrote to memory of 2504	2180	Unicorn-25526.exe	36
PID 2964 wrote to memory of 2576	2964	Unicorn-32110.exe	37
PID 2964 wrote to memory of 2576	2964	Unicorn-32110.exe	37
PID 2964 wrote to memory of 2576	2964	Unicorn-32110.exe	37
PID 2964 wrote to memory of 2576	2964	Unicorn-32110.exe	37
PID 2652 wrote to memory of 264	2652	Unicorn-33585.exe	40
PID 2652 wrote to memory of 264	2652	Unicorn-33585.exe	40
PID 2652 wrote to memory of 264	2652	Unicorn-33585.exe	40
PID 2652 wrote to memory of 264	2652	Unicorn-33585.exe	40
PID 1780 wrote to memory of 1596	1780	Unicorn-39677.exe	39
PID 1780 wrote to memory of 1596	1780	Unicorn-39677.exe	39
PID 1780 wrote to memory of 1596	1780	Unicorn-39677.exe	39
PID 1780 wrote to memory of 1596	1780	Unicorn-39677.exe	39
PID 2724 wrote to memory of 1492	2724	Unicorn-27454.exe	38
PID 2724 wrote to memory of 1492	2724	Unicorn-27454.exe	38
PID 2724 wrote to memory of 1492	2724	Unicorn-27454.exe	38
PID 2724 wrote to memory of 1492	2724	Unicorn-27454.exe	38
PID 2680 wrote to memory of 1952	2680	Unicorn-13719.exe	41
PID 2680 wrote to memory of 1952	2680	Unicorn-13719.exe	41
PID 2680 wrote to memory of 1952	2680	Unicorn-13719.exe	41
PID 2680 wrote to memory of 1952	2680	Unicorn-13719.exe	41
PID 2276 wrote to memory of 2732	2276	53633020785b75c72f6e25e264f0184e69f36f270047384da0596f69e063f308N.exe	42
PID 2276 wrote to memory of 2732	2276	53633020785b75c72f6e25e264f0184e69f36f270047384da0596f69e063f308N.exe	42
PID 2276 wrote to memory of 2732	2276	53633020785b75c72f6e25e264f0184e69f36f270047384da0596f69e063f308N.exe	42
PID 2276 wrote to memory of 2732	2276	53633020785b75c72f6e25e264f0184e69f36f270047384da0596f69e063f308N.exe	42
PID 2668 wrote to memory of 2908	2668	Unicorn-53211.exe	45
PID 2668 wrote to memory of 2908	2668	Unicorn-53211.exe	45
PID 2668 wrote to memory of 2908	2668	Unicorn-53211.exe	45
PID 2668 wrote to memory of 2908	2668	Unicorn-53211.exe	45

C:\Users\Admin\AppData\Local\Temp\53633020785b75c72f6e25e264f0184e69f36f270047384da0596f69e063f308N.exe
"C:\Users\Admin\AppData\Local\Temp\53633020785b75c72f6e25e264f0184e69f36f270047384da0596f69e063f308N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2276
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39677.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39677.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25526.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25526.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46029.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46029.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53211.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28790.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        9⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        10⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        10⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        9⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        9⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        9⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        9⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        9⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        9⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        9⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        9⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        8⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        8⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        8⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        8⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        8⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        8⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        8⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        8⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        8⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        7⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        7⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        7⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        7⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-
        7⤵
        
        PID:6004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50424.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12836.exe
        7⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49807.exe
        7⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26144.exe
        7⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21036.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61096.exe
        7⤵
        
        PID:6340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36251.exe
        6⤵
        
        PID:1092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11576.exe
        6⤵
        
        PID:3148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34400.exe
        6⤵
        
        PID:4628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29396.exe
        6⤵
        
        PID:5432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50406.exe
        6⤵
        
        PID:6912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58701.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4752.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48499.exe
        7⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2962.exe
        8⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60497.exe
        8⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5753.exe
        8⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19454.exe
        8⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45784.exe
        7⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50850.exe
        7⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26881.exe
        7⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39562.exe
        7⤵
        
        PID:5940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61545.exe
        6⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44322.exe
        7⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15572.exe
        7⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5753.exe
        7⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47388.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12836.exe
        6⤵
        
        PID:1640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49807.exe
        6⤵
        
        PID:3092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26144.exe
        6⤵
        
        PID:5092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21036.exe
        6⤵
        
        PID:2560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61096.exe
        6⤵
        
        PID:6348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51907.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20534.exe
        6⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36953.exe
        7⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34551.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1992.exe
        8⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32048.exe
        7⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44985.exe
        7⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35547.exe
        7⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56098.exe
        7⤵
        
        PID:5988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3081.exe
        6⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28417.exe
        7⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14436.exe
        7⤵
        
        PID:2452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45100.exe
        6⤵
        
        PID:3640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10171.exe
        6⤵
        
        PID:4188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43786.exe
        6⤵
        
        PID:5688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26387.exe
        6⤵
        
        PID:7104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40497.exe
        5⤵
        
        PID:2980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40518.exe
        6⤵
        
        PID:2392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30206.exe
        6⤵
        
        PID:3456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28944.exe
        6⤵
        
        PID:4620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46237.exe
        6⤵
        
        PID:6124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17587.exe
        6⤵
        
        PID:6624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60908.exe
        5⤵
        
        PID:1004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24606.exe
        5⤵
        
        PID:3196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61485.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19093.exe
        5⤵
        
        PID:5524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21978.exe
        5⤵
        
        PID:6548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40143.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40143.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23144.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27851.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38048.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45505.exe
        8⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49226.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30206.exe
        9⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28944.exe
        9⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17606.exe
        9⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64638.exe
        8⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5047.exe
        8⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58577.exe
        8⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21287.exe
        8⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31669.exe
        7⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39562.exe
        7⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50850.exe
        7⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26881.exe
        7⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39562.exe
        7⤵
        
        PID:5928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54939.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25826.exe
        7⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35173.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2953.exe
        7⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59791.exe
        7⤵
        
        PID:6792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12836.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49807.exe
        6⤵
        
        PID:3988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26144.exe
        6⤵
        
        PID:5024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21036.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58958.exe
        6⤵
        
        PID:6816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7985.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39008.exe
        6⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43942.exe
        7⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19682.exe
        7⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52014.exe
        7⤵
        
        PID:6048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64638.exe
        6⤵
        
        PID:1752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43942.exe
        6⤵
        
        PID:4004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47878.exe
        6⤵
        
        PID:5748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53761.exe
        6⤵
        
        PID:6532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18487.exe
        5⤵
        
        PID:1688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41805.exe
        6⤵
        
        PID:3056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40600.exe
        6⤵
        
        PID:4068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44985.exe
        6⤵
        
        PID:4376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35547.exe
        6⤵
        
        PID:5096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8843.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42116.exe
        5⤵
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58437.exe
        6⤵
        
        PID:3156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31249.exe
        6⤵
        
        PID:4536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64492.exe
        6⤵
        
        PID:5172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19899.exe
        5⤵
        
        PID:3932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10701.exe
        5⤵
        
        PID:4372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47489.exe
        5⤵
        
        PID:5724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49990.exe
        5⤵
        
        PID:6764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47740.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47740.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6698.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23850.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54057.exe
        7⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40600.exe
        7⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44985.exe
        7⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4820.exe
        7⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8843.exe
        7⤵
        
        PID:6464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34191.exe
        6⤵
        
        PID:2556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54336.exe
        6⤵
        
        PID:4052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50850.exe
        6⤵
        
        PID:4272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61692.exe
        6⤵
        
        PID:5252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47918.exe
        6⤵
        
        PID:7112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63299.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28894.exe
        6⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53777.exe
        7⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13678.exe
        7⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7616.exe
        7⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29953.exe
        7⤵
        
        PID:5264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45100.exe
        6⤵
        
        PID:3660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10171.exe
        6⤵
        
        PID:4236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56039.exe
        6⤵
        
        PID:5384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9373.exe
        6⤵
        
        PID:6456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60288.exe
        5⤵
        
        PID:3064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41281.exe
        6⤵
        
        PID:3108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13434.exe
        6⤵
        
        PID:4664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63122.exe
        6⤵
        
        PID:5712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58541.exe
        6⤵
        
        PID:6736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51649.exe
        5⤵
        
        PID:3768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42185.exe
        5⤵
        
        PID:4264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10346.exe
        5⤵
        
        PID:1468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29986.exe
        5⤵
        
        PID:5272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27586.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27586.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12749.exe
        5⤵
        
        PID:2368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36782.exe
        6⤵
        
        PID:2200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30206.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28944.exe
        6⤵
        
        PID:4604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48759.exe
        6⤵
        
        PID:5500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27701.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64638.exe
        5⤵
        
        PID:2068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50850.exe
        5⤵
        
        PID:4512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61692.exe
        5⤵
        
        PID:5224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65080.exe
      4⤵
      PID:316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18967.exe
        5⤵
        
        PID:1580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56849.exe
        5⤵
        
        PID:1340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42427.exe
        5⤵
        
        PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64763.exe
        5⤵
        
        PID:5160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59038.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59038.exe
      4⤵
      PID:776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41672.exe
      4⤵
      PID:3120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5144.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5144.exe
      4⤵
      PID:4640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13758.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13758.exe
      4⤵
      PID:5456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38430.exe
      4⤵
      PID:6220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13719.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13719.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47757.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47757.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32489.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7705.exe
        6⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14607.exe
        7⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30206.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59671.exe
        7⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48759.exe
        7⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48314.exe
        7⤵
        
        PID:6604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45697.exe
        6⤵
        
        PID:980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50850.exe
        6⤵
        
        PID:4504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26881.exe
        6⤵
        
        PID:5032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23034.exe
        6⤵
        
        PID:6312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26079.exe
        5⤵
        
        PID:112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54057.exe
        6⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32048.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44985.exe
        7⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35547.exe
        7⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56098.exe
        7⤵
        
        PID:6044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45784.exe
        6⤵
        
        PID:3804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50850.exe
        6⤵
        
        PID:4456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26881.exe
        6⤵
        
        PID:4844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39562.exe
        6⤵
        
        PID:5960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53792.exe
        5⤵
        
        PID:1796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51536.exe
        5⤵
        
        PID:4080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25649.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62222.exe
        5⤵
        
        PID:5188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28875.exe
        5⤵
        
        PID:6800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30304.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30304.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16620.exe
        5⤵
        
        PID:1028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32048.exe
        6⤵
        
        PID:3752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44985.exe
        6⤵
        
        PID:4400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4820.exe
        6⤵
        
        PID:5208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49876.exe
        6⤵
        
        PID:6744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12836.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49807.exe
        5⤵
        
        PID:4076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26144.exe
        5⤵
        
        PID:5036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23558.exe
        5⤵
        
        PID:5488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26195.exe
        5⤵
        
        PID:6260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13744.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13744.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39392.exe
        5⤵
        
        PID:2328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55271.exe
        6⤵
        
        PID:2804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39235.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18770.exe
        6⤵
        
        PID:4924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62069.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50406.exe
        6⤵
        
        PID:6940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36412.exe
        5⤵
        
        PID:2476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39235.exe
        5⤵
        
        PID:3860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18836.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2953.exe
        5⤵
        
        PID:5584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33340.exe
        5⤵
        
        PID:6808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61493.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61493.exe
      4⤵
      PID:1844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60570.exe
        5⤵
        
        PID:4008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8655.exe
        5⤵
        
        PID:4880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24087.exe
        5⤵
        
        PID:6168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42984.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42984.exe
      4⤵
      PID:3776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25649.exe
      4⤵
      PID:4320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27412.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27412.exe
      4⤵
      PID:5132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53379.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53379.exe
      4⤵
      PID:6580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54948.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54948.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32489.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5183.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32048.exe
        6⤵
        
        PID:3728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35173.exe
        6⤵
        
        PID:5068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2953.exe
        6⤵
        
        PID:5664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59791.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64638.exe
        5⤵
        
        PID:2336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5047.exe
        5⤵
        
        PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58577.exe
        5⤵
        
        PID:4968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25371.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36578.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36578.exe
      4⤵
      PID:2488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25.exe
        5⤵
        
        PID:1960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30206.exe
        5⤵
        
        PID:3404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28944.exe
        5⤵
        
        PID:4608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46237.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60566.exe
        5⤵
        
        PID:6148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14150.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14150.exe
      4⤵
      PID:2356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41142.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41142.exe
      4⤵
      PID:3184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9609.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9609.exe
      4⤵
      PID:5116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38102.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38102.exe
      4⤵
      PID:6096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62124.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62124.exe
      4⤵
      PID:6616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25209.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25209.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15983.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22947.exe
        5⤵
        
        PID:2716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34959.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39235.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18836.exe
        5⤵
        
        PID:4244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2953.exe
        5⤵
        
        PID:5624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33340.exe
        5⤵
        
        PID:6880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3081.exe
      4⤵
      PID:1744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45784.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45784.exe
      4⤵
      PID:3836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23804.exe
        5⤵
        
        PID:6400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50850.exe
      4⤵
      PID:4280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26881.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26881.exe
      4⤵
      PID:5140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33340.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33340.exe
      4⤵
      PID:6904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60337.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60337.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40762.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40762.exe
      4⤵
      PID:1920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18967.exe
        5⤵
        
        PID:1016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44985.exe
        5⤵
        
        PID:4364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19594.exe
        5⤵
        
        PID:5996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14873.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45100.exe
      4⤵
      PID:3888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10171.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10171.exe
      4⤵
      PID:4568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51955.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51955.exe
      4⤵
      PID:5632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11319.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11319.exe
      4⤵
      PID:6832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26178.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26178.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54524.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54524.exe
      4⤵
      PID:1108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48058.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48058.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27169.exe
      4⤵
      PID:4648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50513.exe
      4⤵
      PID:5472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4759.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4759.exe
      4⤵
      PID:6500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32310.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32310.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22878.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22878.exe
      4⤵
      PID:6656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20141.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20141.exe
    3⤵
    PID:3136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65346.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65346.exe
    3⤵
    PID:5100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15436.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15436.exe
    3⤵
    PID:6112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10694.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10694.exe
    3⤵
    PID:6356
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32110.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32110.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33585.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33585.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47757.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47757.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59900.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29605.exe
        6⤵
        Executes dropped EXE
        
        PID:548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24212.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61130.exe
        7⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30206.exe
        7⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28944.exe
        7⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46237.exe
        7⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30660.exe
        7⤵
        
        PID:6272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3661.exe
        6⤵
        
        PID:3020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49807.exe
        6⤵
        
        PID:4036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26144.exe
        6⤵
        
        PID:5084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21036.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61096.exe
        6⤵
        
        PID:6252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28213.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40570.exe
        6⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60466.exe
        7⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31249.exe
        7⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33897.exe
        7⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8109.exe
        7⤵
        
        PID:6424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64638.exe
        6⤵
        
        PID:1720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50850.exe
        6⤵
        
        PID:4520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61692.exe
        6⤵
        
        PID:5232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57845.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15965.exe
        5⤵
        
        PID:772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7788.exe
        6⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2163.exe
        7⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30206.exe
        7⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28944.exe
        7⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43706.exe
        7⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57111.exe
        7⤵
        
        PID:6332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45697.exe
        6⤵
        
        PID:1608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43942.exe
        6⤵
        
        PID:3976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23767.exe
        6⤵
        
        PID:4908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29455.exe
        6⤵
        
        PID:5248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36688.exe
        5⤵
        
        PID:1584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49693.exe
        6⤵
        
        PID:3124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57233.exe
        6⤵
        
        PID:3480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22390.exe
        6⤵
        
        PID:856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29953.exe
        6⤵
        
        PID:6188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10036.exe
        5⤵
        
        PID:2444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42715.exe
        5⤵
        
        PID:4572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5881.exe
        5⤵
        
        PID:4728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29762.exe
        5⤵
        
        PID:5956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63169.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2956
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 200
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4948.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4948.exe
      4⤵
      PID:2020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32048.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44985.exe
        5⤵
        
        PID:4424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25231.exe
        5⤵
        
        PID:5876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18701.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18701.exe
      4⤵
      PID:1676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41142.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41142.exe
      4⤵
      PID:3180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44419.exe
      4⤵
      PID:4672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40624.exe
      4⤵
      PID:5536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27313.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27313.exe
      4⤵
      PID:6576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23807.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23807.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21006.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6698.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51535.exe
        6⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50653.exe
        7⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31249.exe
        7⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64492.exe
        7⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58541.exe
        7⤵
        
        PID:6872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39235.exe
        6⤵
        
        PID:3868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18836.exe
        6⤵
        
        PID:4552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57608.exe
        6⤵
        
        PID:5284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14866.exe
        6⤵
        
        PID:6608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23505.exe
        5⤵
        
        PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45100.exe
        5⤵
        
        PID:3680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2235.exe
        5⤵
        
        PID:4912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13597.exe
        5⤵
        
        PID:5864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21052.exe
        5⤵
        
        PID:7088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7985.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56771.exe
        5⤵
        
        PID:2040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33689.exe
        6⤵
        
        PID:3468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60497.exe
        6⤵
        
        PID:4864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9837.exe
        6⤵
        
        PID:5412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17508.exe
        6⤵
        
        PID:6432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43942.exe
        5⤵
        
        PID:3360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49854.exe
        5⤵
        
        PID:920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21287.exe
        5⤵
        
        PID:6152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54808.exe
      4⤵
      PID:2220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45100.exe
      4⤵
      PID:3784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10171.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10171.exe
      4⤵
      PID:4248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51955.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51955.exe
      4⤵
      PID:5552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27127.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27127.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50409.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50409.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10611.exe
        5⤵
        
        PID:2628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25760.exe
        6⤵
        
        PID:3980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14109.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24087.exe
        6⤵
        
        PID:6196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38955.exe
        5⤵
        
        PID:3204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44985.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-736.exe
        5⤵
        
        PID:5348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30852.exe
        5⤵
        
        PID:7020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56091.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56091.exe
      4⤵
      PID:1924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18967.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48489.exe
        5⤵
        
        PID:3548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29598.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64763.exe
        5⤵
        
        PID:5156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12836.exe
      4⤵
      PID:1708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49807.exe
      4⤵
      PID:3880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26144.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26144.exe
      4⤵
      PID:5076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21036.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61096.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64342.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64342.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42708.exe
      4⤵
      PID:1804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32048.exe
        5⤵
        
        PID:3720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44985.exe
        5⤵
        
        PID:4328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35547.exe
        5⤵
        
        PID:4644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25371.exe
        5⤵
        
        PID:5888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64638.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43942.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43942.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49854.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49854.exe
      4⤵
      PID:4816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56098.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56098.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17441.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17441.exe
    3⤵
    PID:2260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18967.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18967.exe
      4⤵
      PID:2880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13678.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13678.exe
      4⤵
      PID:3576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29598.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29598.exe
      4⤵
      PID:4692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34037.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34037.exe
      4⤵
      PID:5900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59038.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59038.exe
    3⤵
    PID:2808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41672.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41672.exe
    3⤵
    PID:3172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5144.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5144.exe
    3⤵
    PID:4256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13758.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13758.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38430.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38430.exe
    3⤵
    PID:6296
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27454.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27454.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61078.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61078.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19444.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15983.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22947.exe
        6⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47498.exe
        7⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36942.exe
        7⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7559.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32048.exe
        6⤵
        
        PID:3736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44985.exe
        6⤵
        
        PID:4392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35547.exe
        6⤵
        
        PID:4952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56098.exe
        6⤵
        
        PID:5964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3081.exe
        5⤵
        
        PID:2636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45784.exe
        5⤵
        
        PID:3796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50850.exe
        5⤵
        
        PID:4480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26881.exe
        5⤵
        
        PID:4784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39562.exe
        5⤵
        
        PID:6032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41041.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41041.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24618.exe
        5⤵
        
        PID:2204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35059.exe
        6⤵
        
        PID:3112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15380.exe
        6⤵
        
        PID:4740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48732.exe
        6⤵
        
        PID:5372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13424.exe
        6⤵
        
        PID:6508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64638.exe
        5⤵
        
        PID:1432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50850.exe
        5⤵
        
        PID:4528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61692.exe
        5⤵
        
        PID:5216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34631.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34631.exe
      4⤵
      PID:2540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18701.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18701.exe
      4⤵
      PID:1772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2247.exe
      4⤵
      PID:3544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60019.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60019.exe
      4⤵
      PID:5016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21817.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21817.exe
      4⤵
      PID:5240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65115.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65115.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17929.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17929.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42381.exe
        5⤵
        
        PID:2836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45365.exe
        6⤵
        
        PID:3936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64773.exe
        6⤵
        
        PID:4204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5753.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58541.exe
        6⤵
        
        PID:6864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57513.exe
        5⤵
        
        PID:3152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20864.exe
        5⤵
        
        PID:4704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-736.exe
        5⤵
        
        PID:5336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30852.exe
        5⤵
        
        PID:7064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59464.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59464.exe
      4⤵
      PID:2584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39235.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39235.exe
      4⤵
      PID:3876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18836.exe
      4⤵
      PID:4260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2953.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59791.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59791.exe
      4⤵
      PID:6848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13744.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13744.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32594.exe
      4⤵
      PID:1888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32048.exe
        5⤵
        
        PID:3704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44985.exe
        5⤵
        
        PID:4448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35547.exe
        5⤵
        
        PID:4876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25231.exe
        5⤵
        
        PID:5860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33911.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33911.exe
      4⤵
      PID:2604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5047.exe
      4⤵
      PID:3684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49854.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49854.exe
      4⤵
      PID:928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21287.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21287.exe
      4⤵
      PID:6180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16376.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16376.exe
    3⤵
    PID:2516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57560.exe
      4⤵
      PID:3588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31249.exe
      4⤵
      PID:4296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29681.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29681.exe
      4⤵
      PID:5148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17508.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17508.exe
      4⤵
      PID:6448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30155.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30155.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25649.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25649.exe
    3⤵
    PID:4304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27412.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27412.exe
    3⤵
    PID:5124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6317.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6317.exe
    3⤵
    PID:6596
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35048.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35048.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44140.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44140.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19875.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19875.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26839.exe
        5⤵
        
        PID:1660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32048.exe
        5⤵
        
        PID:3688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44985.exe
        5⤵
        
        PID:4348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12988.exe
        5⤵
        
        PID:292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56098.exe
        5⤵
        
        PID:5980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17087.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17087.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30233.exe
        5⤵
        
        PID:3380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31249.exe
        5⤵
        
        PID:4496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29681.exe
        5⤵
        
        PID:4688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1172.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45784.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45784.exe
      4⤵
      PID:3828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50850.exe
      4⤵
      PID:4472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26881.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26881.exe
      4⤵
      PID:1704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39562.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39562.exe
      4⤵
      PID:5936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49210.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49210.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28074.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28074.exe
      4⤵
      PID:3000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25499.exe
      4⤵
      PID:3964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12971.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12971.exe
      4⤵
      PID:4580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11618.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11618.exe
      4⤵
      PID:5696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10789.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10789.exe
      4⤵
      PID:6896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48394.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48394.exe
    3⤵
    PID:2496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36932.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36932.exe
    3⤵
    PID:4016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24369.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24369.exe
    3⤵
    PID:4712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41072.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41072.exe
    3⤵
    PID:5312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13457.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13457.exe
    3⤵
    PID:6276
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10513.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10513.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5100.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5100.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54057.exe
      4⤵
      PID:1936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30166.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47493.exe
        5⤵
        
        PID:6692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39235.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39235.exe
      4⤵
      PID:3924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18836.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2953.exe
      4⤵
      PID:5616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59791.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59791.exe
      4⤵
      PID:6840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23505.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23505.exe
    3⤵
    PID:1684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45100.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45100.exe
    3⤵
    PID:3792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10171.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10171.exe
    3⤵
    PID:4560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41072.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41072.exe
    3⤵
    PID:5292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31932.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31932.exe
    3⤵
    PID:6588
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64222.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64222.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54166.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54166.exe
    3⤵
    PID:404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18967.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18967.exe
      4⤵
      PID:2760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56849.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56849.exe
      4⤵
      PID:1760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29598.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29598.exe
      4⤵
      PID:4756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16390.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16390.exe
      4⤵
      PID:7008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45784.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45784.exe
    3⤵
    PID:3812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50850.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50850.exe
    3⤵
    PID:4464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26881.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26881.exe
    3⤵
    PID:4776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39562.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39562.exe
    3⤵
    PID:5912
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41298.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41298.exe
  2⤵
  PID:2172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15495.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15495.exe
    3⤵
    PID:6036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33738.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33738.exe
    3⤵
    PID:6636
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21983.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21983.exe
  2⤵
  PID:3760
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15849.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15849.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4336
- C:\Users\Admin\AppData\Local\Temp\Unicorn-662.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-662.exe
  2⤵
  PID:5320
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51151.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51151.exe
  2⤵
  PID:6524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13719.exe

Filesize
468KB

MD5
980990d8fa1a0132ef9dfcb8e1ee34cb

SHA1
d001597e97269394acc7f437f36a5f40ce425997

SHA256
73d24489af18d6ab8271ba2e4de8f1cbdd7a020366ff7e45de146ccfd068c874

SHA512
56d207af2558e789d225c8950236a52a08215eaa0e696280d96b7dd5fdd56e1477b396690e6e9c76c4b564714a5ebb79787d374a4f863e4d2109813a1f87316d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21052.exe

Filesize
468KB

MD5
ab2fda7749790bd1d8aab8f574e30984

SHA1
c81e6b0cf02ff045f0e360a10a875fba830d3c0c

SHA256
140010d5da39366587caf0b400c25b3adddc6b907b922dfba04381c24fb8b2d8

SHA512
db01cfdce642f30bf9c6d38a479f8cda88685db1db782cd7975d937d259b45e0e189220080d9282907ed2017e08039e21408bd5041ff2195a5741a1f1a5630ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23807.exe

Filesize
468KB

MD5
bdab57c7061d39e3b71376b67e9313a7

SHA1
c30c0995d339584480b41d341c9f5ef786e34346

SHA256
14d8dcd38e3e4eceafe5f6def8bb9b6f6253c6b09235e3b6d13d11be84743f4e

SHA512
9f2ab009f87df46f7146c47c9b7d5a3ef37bb4f2bf5e0ff0093159183d162213e8842ee73bf3344ddbd2c963ca59066e9a653bc006fdc8776f3f0fbb3f9d6abf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32110.exe

Filesize
468KB

MD5
ccdfa645172a25fd92b9e872b8fc56a6

SHA1
b7c20f308222fa1fe3c8e06617e385a98a9bd3c8

SHA256
24477411d51788f093176bc32ab36f000a5624b032c1dbebccb27ec8d0ec6101

SHA512
d168564dda824f52092cb8fb990c9c3da5761b159db4bb7c91a2c46be66f4c705b98fb0e88e9c804fef6e4e3a38063f69d0fc4fc3f0dad815c9bbf46371fd86d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35048.exe

Filesize
468KB

MD5
7f2728178225cd98ec14c9ceab763114

SHA1
b8ba6d18fd09e98cd7abad73c726e82c3bbc225b

SHA256
12000c22dd745e564c6a26e10c8c0e88c971c8d811c954ec47c55ffea7f6c310

SHA512
b24b986d8b65020b8f765cb9175adbd4d87b6f64bdc70fb52264975ce39bc8d83d39ddb03beb0af21dd31ca0c177044b828449e65898a65a8ee407aef45aef95

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47757.exe

Filesize
468KB

MD5
5a7dce357f4d9a0471600ab7190f8493

SHA1
da0e99e2907cbac7db93cd2e1f8e0aa7972860e4

SHA256
892ab99e42e5d3c87e822f80d82480a46d7ca8e15f4eabfe8077ccd1dcb8f12d

SHA512
27146390072f78d95ceb3bf4f5a677c5a450d1bd03eab140aa37748a092b5553779734e32a6d8a311bd2864165caa6d9db73539af6d64923216db725977f6131

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47878.exe

Filesize
468KB

MD5
3a185e96839d226c90f74cdc99cae56d

SHA1
b581bbea41453a6d7f93068180ad6811e70bdf5c

SHA256
bc5133896e3331c0430563edc7423db9f27de2446d4b9999d86ce320e17d9a0e

SHA512
f50ee132d54293b0c10571940c6ca620fd85d83d3ecd1235618d9d9eade0c18b64fc7397bbdab4e6a855649d80913cf6f45acb7f7e8650855c951a7092938d48

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53211.exe

Filesize
468KB

MD5
16f6533d7329a46afb3568b91efcc32d

SHA1
caf16b59bf19e3271b13e12c672a0d189741d9ef

SHA256
975fc68284869e5130f4a1e92de562ba0dafc799cd3904752bddda4406970cf7

SHA512
e73d0f7a6b6fccc1dc5df61d970033a22b9d0a4485a87fb3922d48006c0c1f06810984507aba0948a502c17f8c99ad46784580ebca1c1829ebfe362f65621365

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54948.exe

Filesize
468KB

MD5
b4c49e53eb3f0367f50b126acd39da7d

SHA1
a94f8f021dee9b610f890dcc64c22da5273377bb

SHA256
2fa269b7688a5c472d2c09e3309fda8866278413232d0d1690b8ab29bcb5c773

SHA512
be20d0d621f3bfeabf7f99908f4b8f7edd8cfb45cfb00dace5628c8fcae28c3fd06a1b5c696571e34a653c3e5f362e3165e270ddbe100b86efba0a4ff8cecfcd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58701.exe

Filesize
468KB

MD5
07aaf1b5c28323131c4a3bbc0db1b659

SHA1
c663ebeb95dc49dd6ce93c8498421c0457f88a5f

SHA256
6d7add21439c2bbf8cb97d058188a13095390281fbbf45832a43d2ac66e7fb57

SHA512
7dc3d0d007da0e83c7b1112666ca97b08fe64f92d6f67ea7b65dd39864eb5ca0063750127e8db4d0323d40c93694ca2cf54baa7e390805206da707ae70b1f13c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61078.exe

Filesize
468KB

MD5
194fd054952ce7e5b71f1d9bb6cf7c4d

SHA1
5f16451a7de4dd29fc4e6a154ab7ba0f19dff684

SHA256
dba07be9202b7fbffa1949b3e022700e19e8d95d5e43a4215bf6236a8f13b794

SHA512
d78bc016ab596325e10a6cfad1a3bae62888ccd500f73f13d98a839123c6792a2654ee3e2fe52144d2c4c107b1cf1a33bd3a845dfdd525fdd2b4198be78d68af

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23144.exe

Filesize
468KB

MD5
0cd8cba1c487eadf679ad2e9306bac97

SHA1
bbb71d675800e5ab080d9c0ea0a194c7865416c9

SHA256
31033098b1c57661721be135a6629200ac19097a414b5faafa649e91ddcaaf59

SHA512
4f06e2fe7fc89f01407d15ad72f949854f09f22ea93f6bbf8a48328a0ad4cbda2eb1d8ed855515e733160c3e35627c3e0776b63cb8e41474cf3d51d9f54a18d8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25526.exe

Filesize
468KB

MD5
4d5a67eeb4d176b337b088b736fab838

SHA1
1961f4a072ee4a0c79f302d7e769f3c145f55681

SHA256
55f3919a2de0fdc6dfda348b4b348c5924755324e129a8b762ece0de8c12afa4

SHA512
70d50e44102c33c043f967dd2b983abe8bce5a0a9cf79854f64b7237ee291c3249ad7d0b42395ac735bf52801c2a6780bba37e7d5a964fba09c0f30aa9e7fd68

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27454.exe

Filesize
468KB

MD5
88ac31f3a5475fb39fc69a80d32c4a52

SHA1
89a5778a1db6cd7d953895bea157e126d3ff24b2

SHA256
2434e249c7d04a1122965266e459e18a05edf32cc3096a73e5d24fca9a035f52

SHA512
327022e706b003bf118e0da19a16954fb6d5a0089c4582917e507db8f59f56c3c808daf6fa00fc466399b7e6c28f2a32f9c6c0088a01ffb3eb0c9a9ab3ea5d25

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28790.exe

Filesize
468KB

MD5
7a16217d7914d96200aac182ccf9f392

SHA1
d8417da0c494c23b96508c64c4aaad22d3dfe3ea

SHA256
95e69d3148be953c22924b243670ee1513b594225536f91d6275229ac02fbec7

SHA512
6a89a0043c488325f3f398149b39eeb4bdccd351fe4a0138a32a585e8d085478fbc89493840abcd343c8a9a2bdc13c9b12a9aca35efaf08a05b0d292f5a20913

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33585.exe

Filesize
468KB

MD5
023996a064b1aa557f6890bc047c735f

SHA1
58425a5f39d31a86ab2133fcf5165bd3a62a8dd5

SHA256
633449733c3b9f2c8c1c750bf4cb539df6f30c0b36a27d7be311a29c10a22b31

SHA512
86df3f806a300cd60f14542116ae139362e930a9be6a57e629239c5c5f22421ffeaa9e6a2cc49051da4c5146c27ba550b5a1e040d5c676bbee7d54b1627d5fae

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39677.exe

Filesize
468KB

MD5
7466e03315ce88c4813f944105f88276

SHA1
587c078cbdd950df4eb3ca9366197481016ccd81

SHA256
2ea33b7f8932b2c6f9175817185c510e93f7aac92da81ad5f0b7a99a4011c5b3

SHA512
7a1dac91ae48d10f1f7a624d67b1b80eac512e4036ea6e23dbde0b40e8eea7554ce7d9e6c57b890eb400ec604b06bf05e212419f0c364726bf63499bef2bb5db

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40143.exe

Filesize
468KB

MD5
cd25ffbc01ecfe4697e39db719a48d3f

SHA1
9eebf9bbf87db2601a906ff4072a3213daf25865

SHA256
9a32ff1360792dbda8093c30ea8beab104d335f117165490330b3a1770dec01c

SHA512
7c2b013250dcf59f3cdf6540e44f10d38991a2913ac3221dca2b50a863e40a4faaf2cb39f6a271378a128d18908eea64a2220bb4a38f073b05e46f526f3c14cb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46029.exe

Filesize
468KB

MD5
ea5fbd46caec0665e9aeaf945049adb1

SHA1
8f686629cf0c079018e9224cf5772772ab07b3dd

SHA256
28aa14832b6f4fe255cbe83097c7271c4531b83756a1df36a9062cda91ff78d4

SHA512
b16b14dc7ea8a7fffddce16aad76aee0be5f9aaaab9525dbc0120933c2446ae22478613eaef6ce39a01a1affec8f87d855ecc671712cd9af837c04e5b1c54696

Download Submit
memory/264-261-0x0000000001CE0000-0x0000000001D55000-memory.dmp

Filesize
468KB

Download
memory/264-171-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/264-262-0x0000000001CE0000-0x0000000001D55000-memory.dmp

Filesize
468KB

Download
memory/604-242-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/604-374-0x0000000002610000-0x0000000002685000-memory.dmp

Filesize
468KB

Download
memory/604-377-0x0000000002610000-0x0000000002685000-memory.dmp

Filesize
468KB

Download
memory/748-263-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/888-307-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1136-255-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1268-352-0x0000000002990000-0x0000000002A05000-memory.dmp

Filesize
468KB

Download
memory/1268-353-0x0000000002990000-0x0000000002A05000-memory.dmp

Filesize
468KB

Download
memory/1268-211-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1464-375-0x0000000001D20000-0x0000000001D95000-memory.dmp

Filesize
468KB

Download
memory/1464-376-0x0000000001D20000-0x0000000001D95000-memory.dmp

Filesize
468KB

Download
memory/1464-233-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1492-306-0x0000000002880000-0x00000000028F5000-memory.dmp

Filesize
468KB

Download
memory/1492-172-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1492-298-0x0000000002880000-0x00000000028F5000-memory.dmp

Filesize
468KB

Download
memory/1504-308-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1508-230-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1508-398-0x00000000025D0000-0x0000000002645000-memory.dmp

Filesize
468KB

Download
memory/1512-378-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1540-325-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1596-173-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1780-33-0x00000000025E0000-0x0000000002655000-memory.dmp

Filesize
468KB

Download
memory/1780-27-0x0000000003350000-0x00000000033C5000-memory.dmp

Filesize
468KB

Download
memory/1780-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1780-164-0x00000000025E0000-0x0000000002655000-memory.dmp

Filesize
468KB

Download
memory/1780-324-0x00000000025E0000-0x0000000002655000-memory.dmp

Filesize
468KB

Download
memory/1780-319-0x0000000003350000-0x00000000033C5000-memory.dmp

Filesize
468KB

Download
memory/1780-161-0x00000000025E0000-0x0000000002655000-memory.dmp

Filesize
468KB

Download
memory/1912-320-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2052-282-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2168-397-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2180-231-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2180-393-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2180-49-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2180-110-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2180-37-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2180-232-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2240-373-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2276-76-0x0000000001DF0000-0x0000000001E65000-memory.dmp

Filesize
468KB

Download
memory/2276-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2276-163-0x0000000001DF0000-0x0000000001E65000-memory.dmp

Filesize
468KB

Download
memory/2276-294-0x0000000001DF0000-0x0000000001E65000-memory.dmp

Filesize
468KB

Download
memory/2276-295-0x0000000001DF0000-0x0000000001E65000-memory.dmp

Filesize
468KB

Download
memory/2276-71-0x0000000001DF0000-0x0000000001E65000-memory.dmp

Filesize
468KB

Download
memory/2276-11-0x0000000001DF0000-0x0000000001E65000-memory.dmp

Filesize
468KB

Download
memory/2276-162-0x0000000001DF0000-0x0000000001E65000-memory.dmp

Filesize
468KB

Download
memory/2276-6-0x0000000001DF0000-0x0000000001E65000-memory.dmp

Filesize
468KB

Download
memory/2280-209-0x0000000003470000-0x00000000034E5000-memory.dmp

Filesize
468KB

Download
memory/2280-372-0x0000000002940000-0x00000000029B5000-memory.dmp

Filesize
468KB

Download
memory/2280-51-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2280-99-0x0000000002940000-0x00000000029B5000-memory.dmp

Filesize
468KB

Download
memory/2280-366-0x0000000002940000-0x00000000029B5000-memory.dmp

Filesize
468KB

Download
memory/2280-210-0x0000000002940000-0x00000000029B5000-memory.dmp

Filesize
468KB

Download
memory/2372-351-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2440-296-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2456-396-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2504-112-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2504-395-0x0000000001D40000-0x0000000001DB5000-memory.dmp

Filesize
468KB

Download
memory/2504-223-0x0000000001D40000-0x0000000001DB5000-memory.dmp

Filesize
468KB

Download
memory/2504-225-0x0000000001D40000-0x0000000001DB5000-memory.dmp

Filesize
468KB

Download
memory/2576-241-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2576-240-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2576-394-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2576-140-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2640-362-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2652-82-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2652-274-0x0000000003420000-0x0000000003495000-memory.dmp

Filesize
468KB

Download
memory/2652-159-0x00000000028F0000-0x0000000002965000-memory.dmp

Filesize
468KB

Download
memory/2652-273-0x0000000003420000-0x0000000003495000-memory.dmp

Filesize
468KB

Download
memory/2668-347-0x0000000002630000-0x00000000026A5000-memory.dmp

Filesize
468KB

Download
memory/2668-197-0x0000000002630000-0x00000000026A5000-memory.dmp

Filesize
468KB

Download
memory/2668-350-0x0000000002630000-0x00000000026A5000-memory.dmp

Filesize
468KB

Download
memory/2668-196-0x0000000002630000-0x00000000026A5000-memory.dmp

Filesize
468KB

Download
memory/2668-100-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2680-83-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2680-318-0x0000000003200000-0x0000000003275000-memory.dmp

Filesize
468KB

Download
memory/2680-160-0x0000000003200000-0x0000000003275000-memory.dmp

Filesize
468KB

Download
memory/2724-297-0x0000000001C60000-0x0000000001CD5000-memory.dmp

Filesize
468KB

Download
memory/2724-305-0x0000000001C60000-0x0000000001CD5000-memory.dmp

Filesize
468KB

Download
memory/2724-77-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2724-165-0x0000000001C60000-0x0000000001CD5000-memory.dmp

Filesize
468KB

Download
memory/2724-158-0x0000000001C60000-0x0000000001CD5000-memory.dmp

Filesize
468KB

Download
memory/2732-174-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2732-280-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2732-281-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2908-358-0x0000000001CD0000-0x0000000001D45000-memory.dmp

Filesize
468KB

Download
memory/2908-198-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2908-359-0x0000000001CD0000-0x0000000001D45000-memory.dmp

Filesize
468KB

Download
memory/2956-275-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2964-254-0x00000000026B0000-0x0000000002725000-memory.dmp

Filesize
468KB

Download
memory/2964-138-0x00000000026B0000-0x0000000002725000-memory.dmp

Filesize
468KB

Download
memory/2964-139-0x00000000026B0000-0x0000000002725000-memory.dmp

Filesize
468KB

Download
memory/2964-38-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download