f4e8e8f9227b884adcd51410ec625f73dac028b4502db0b2903e4e9aed0bddcd

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
09/10/2024, 15:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f4e8e8f9227b884adcd51410ec625f73dac028b4502db0b2903e4e9aed0bddcdN.exe
Size

468KB
MD5

9b46ad08a8e752dab89811ec600e8f70
SHA1

b2602ee174f2b7571fbc386cb232f473c9f944e0
SHA256

f4e8e8f9227b884adcd51410ec625f73dac028b4502db0b2903e4e9aed0bddcd
SHA512

65bc751cc27e6f08998e95630d770edd9fae35badb203d10b012e6991f0560195e5be0cf3c0381f99a9c8b016a8d6619d1ae9db920fc0362702965a841d46733
SSDEEP

3072:dUCIogBRjq8U2bY9Pz3y2f8boChjyIplPmHxpTHf4t8+fJ7NrFlR:dUZoiTU2+PDy2ff0cJ4t7h7Nr

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2824	Unicorn-46586.exe
2796	Unicorn-63773.exe
2880	Unicorn-39823.exe
2588	Unicorn-43483.exe
2632	Unicorn-56674.exe
580	Unicorn-11002.exe
2940	Unicorn-62241.exe
2372	Unicorn-65522.exe
2856	Unicorn-37488.exe
2820	Unicorn-9305.exe
2384	Unicorn-42724.exe
2524	Unicorn-58506.exe
1892	Unicorn-58506.exe
2468	Unicorn-56076.exe
576	Unicorn-61941.exe
1088	Unicorn-35009.exe
2188	Unicorn-30925.exe
2436	Unicorn-15335.exe
108	Unicorn-29070.exe
2084	Unicorn-29472.exe
1436	Unicorn-35262.exe
1912	Unicorn-26732.exe
2508	Unicorn-1465.exe
2412	Unicorn-2035.exe
708	Unicorn-35454.exe
2072	Unicorn-55320.exe
2516	Unicorn-38962.exe
908	Unicorn-52698.exe
1548	Unicorn-58563.exe
2780	Unicorn-58828.exe
2744	Unicorn-64147.exe
1732	Unicorn-55958.exe
592	Unicorn-18647.exe
1464	Unicorn-14562.exe
2108	Unicorn-37021.exe
448	Unicorn-42886.exe
620	Unicorn-39067.exe
2676	Unicorn-28329.exe
2112	Unicorn-28329.exe
1640	Unicorn-48195.exe
1800	Unicorn-15715.exe
1760	Unicorn-54701.exe
2192	Unicorn-32051.exe
2132	Unicorn-61002.exe
2484	Unicorn-29097.exe
1864	Unicorn-8314.exe
976	Unicorn-25205.exe
588	Unicorn-40987.exe
1288	Unicorn-40088.exe
1680	Unicorn-59954.exe
272	Unicorn-59954.exe
2440	Unicorn-59954.exe
2936	Unicorn-47629.exe
3028	Unicorn-22428.exe
1560	Unicorn-47894.exe
2104	Unicorn-41764.exe
2800	Unicorn-19114.exe
2776	Unicorn-64785.exe
2740	Unicorn-3737.exe
2840	Unicorn-34363.exe
3016	Unicorn-11143.exe
1532	Unicorn-44770.exe
2204	Unicorn-36772.exe
1376	Unicorn-40110.exe

Loads dropped DLL 64 IoCs

pid	Process
2704	f4e8e8f9227b884adcd51410ec625f73dac028b4502db0b2903e4e9aed0bddcdN.exe
2704	f4e8e8f9227b884adcd51410ec625f73dac028b4502db0b2903e4e9aed0bddcdN.exe
2824	Unicorn-46586.exe
2824	Unicorn-46586.exe
2704	f4e8e8f9227b884adcd51410ec625f73dac028b4502db0b2903e4e9aed0bddcdN.exe
2704	f4e8e8f9227b884adcd51410ec625f73dac028b4502db0b2903e4e9aed0bddcdN.exe
2796	Unicorn-63773.exe
2796	Unicorn-63773.exe
2824	Unicorn-46586.exe
2824	Unicorn-46586.exe
2880	Unicorn-39823.exe
2880	Unicorn-39823.exe
2704	f4e8e8f9227b884adcd51410ec625f73dac028b4502db0b2903e4e9aed0bddcdN.exe
2704	f4e8e8f9227b884adcd51410ec625f73dac028b4502db0b2903e4e9aed0bddcdN.exe
2588	Unicorn-43483.exe
2588	Unicorn-43483.exe
2796	Unicorn-63773.exe
2796	Unicorn-63773.exe
580	Unicorn-11002.exe
580	Unicorn-11002.exe
2880	Unicorn-39823.exe
2880	Unicorn-39823.exe
2632	Unicorn-56674.exe
2940	Unicorn-62241.exe
2940	Unicorn-62241.exe
2632	Unicorn-56674.exe
2824	Unicorn-46586.exe
2704	f4e8e8f9227b884adcd51410ec625f73dac028b4502db0b2903e4e9aed0bddcdN.exe
2824	Unicorn-46586.exe
2704	f4e8e8f9227b884adcd51410ec625f73dac028b4502db0b2903e4e9aed0bddcdN.exe
2856	Unicorn-37488.exe
2372	Unicorn-65522.exe
2856	Unicorn-37488.exe
2372	Unicorn-65522.exe
2588	Unicorn-43483.exe
2588	Unicorn-43483.exe
2796	Unicorn-63773.exe
2796	Unicorn-63773.exe
2820	Unicorn-9305.exe
2820	Unicorn-9305.exe
580	Unicorn-11002.exe
580	Unicorn-11002.exe
576	Unicorn-61941.exe
576	Unicorn-61941.exe
2704	f4e8e8f9227b884adcd51410ec625f73dac028b4502db0b2903e4e9aed0bddcdN.exe
2704	f4e8e8f9227b884adcd51410ec625f73dac028b4502db0b2903e4e9aed0bddcdN.exe
1892	Unicorn-58506.exe
1892	Unicorn-58506.exe
2632	Unicorn-56674.exe
2468	Unicorn-56076.exe
2632	Unicorn-56674.exe
2468	Unicorn-56076.exe
2880	Unicorn-39823.exe
2940	Unicorn-62241.exe
2880	Unicorn-39823.exe
2940	Unicorn-62241.exe
2824	Unicorn-46586.exe
2824	Unicorn-46586.exe
2384	Unicorn-42724.exe
2384	Unicorn-42724.exe
2188	Unicorn-30925.exe
2188	Unicorn-30925.exe
2856	Unicorn-37488.exe
2856	Unicorn-37488.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
3052	2784	WerFault.exe	105
4508	2576	WerFault.exe	109

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63395.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37346.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65522.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39537.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32308.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5993.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1721.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18647.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22277.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58810.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43438.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43438.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37488.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13081.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5993.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59075.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52698.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28910.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64596.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39209.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8997.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31710.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37576.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63773.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28607.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52130.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59075.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1843.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60844.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8997.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10221.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8296.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7013.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59075.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53596.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56396.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61088.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22732.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62865.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37877.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52945.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27648.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28910.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42108.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15373.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24597.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32682.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8997.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10386.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5993.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37877.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11002.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39067.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49796.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32682.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8997.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26816.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62774.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58582.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5993.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1721.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40922.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39209.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50723.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2704	f4e8e8f9227b884adcd51410ec625f73dac028b4502db0b2903e4e9aed0bddcdN.exe
2824	Unicorn-46586.exe
2796	Unicorn-63773.exe
2880	Unicorn-39823.exe
2588	Unicorn-43483.exe
2632	Unicorn-56674.exe
580	Unicorn-11002.exe
2940	Unicorn-62241.exe
2372	Unicorn-65522.exe
2856	Unicorn-37488.exe
2820	Unicorn-9305.exe
2524	Unicorn-58506.exe
2384	Unicorn-42724.exe
1892	Unicorn-58506.exe
576	Unicorn-61941.exe
2468	Unicorn-56076.exe
2188	Unicorn-30925.exe
2436	Unicorn-15335.exe
1088	Unicorn-35009.exe
108	Unicorn-29070.exe
2084	Unicorn-29472.exe
1436	Unicorn-35262.exe
1912	Unicorn-26732.exe
708	Unicorn-35454.exe
2412	Unicorn-2035.exe
908	Unicorn-52698.exe
2508	Unicorn-1465.exe
1548	Unicorn-58563.exe
2072	Unicorn-55320.exe
2516	Unicorn-38962.exe
2780	Unicorn-58828.exe
2744	Unicorn-64147.exe
1732	Unicorn-55958.exe
592	Unicorn-18647.exe
1464	Unicorn-14562.exe
2676	Unicorn-28329.exe
1640	Unicorn-48195.exe
448	Unicorn-42886.exe
2112	Unicorn-28329.exe
2108	Unicorn-37021.exe
620	Unicorn-39067.exe
1760	Unicorn-54701.exe
1800	Unicorn-15715.exe
2192	Unicorn-32051.exe
2132	Unicorn-61002.exe
2484	Unicorn-29097.exe
976	Unicorn-25205.exe
588	Unicorn-40987.exe
1864	Unicorn-8314.exe
1680	Unicorn-59954.exe
1288	Unicorn-40088.exe
2440	Unicorn-59954.exe
272	Unicorn-59954.exe
2936	Unicorn-47629.exe
3028	Unicorn-22428.exe
2740	Unicorn-3737.exe
1560	Unicorn-47894.exe
2104	Unicorn-41764.exe
2776	Unicorn-64785.exe
2800	Unicorn-19114.exe
2840	Unicorn-34363.exe
3016	Unicorn-11143.exe
1532	Unicorn-44770.exe
2204	Unicorn-36772.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2704 wrote to memory of 2824	2704	f4e8e8f9227b884adcd51410ec625f73dac028b4502db0b2903e4e9aed0bddcdN.exe	30
PID 2704 wrote to memory of 2824	2704	f4e8e8f9227b884adcd51410ec625f73dac028b4502db0b2903e4e9aed0bddcdN.exe	30
PID 2704 wrote to memory of 2824	2704	f4e8e8f9227b884adcd51410ec625f73dac028b4502db0b2903e4e9aed0bddcdN.exe	30
PID 2704 wrote to memory of 2824	2704	f4e8e8f9227b884adcd51410ec625f73dac028b4502db0b2903e4e9aed0bddcdN.exe	30
PID 2824 wrote to memory of 2796	2824	Unicorn-46586.exe	31
PID 2824 wrote to memory of 2796	2824	Unicorn-46586.exe	31
PID 2824 wrote to memory of 2796	2824	Unicorn-46586.exe	31
PID 2824 wrote to memory of 2796	2824	Unicorn-46586.exe	31
PID 2704 wrote to memory of 2880	2704	f4e8e8f9227b884adcd51410ec625f73dac028b4502db0b2903e4e9aed0bddcdN.exe	32
PID 2704 wrote to memory of 2880	2704	f4e8e8f9227b884adcd51410ec625f73dac028b4502db0b2903e4e9aed0bddcdN.exe	32
PID 2704 wrote to memory of 2880	2704	f4e8e8f9227b884adcd51410ec625f73dac028b4502db0b2903e4e9aed0bddcdN.exe	32
PID 2704 wrote to memory of 2880	2704	f4e8e8f9227b884adcd51410ec625f73dac028b4502db0b2903e4e9aed0bddcdN.exe	32
PID 2796 wrote to memory of 2588	2796	Unicorn-63773.exe	33
PID 2796 wrote to memory of 2588	2796	Unicorn-63773.exe	33
PID 2796 wrote to memory of 2588	2796	Unicorn-63773.exe	33
PID 2796 wrote to memory of 2588	2796	Unicorn-63773.exe	33
PID 2824 wrote to memory of 2632	2824	Unicorn-46586.exe	34
PID 2824 wrote to memory of 2632	2824	Unicorn-46586.exe	34
PID 2824 wrote to memory of 2632	2824	Unicorn-46586.exe	34
PID 2824 wrote to memory of 2632	2824	Unicorn-46586.exe	34
PID 2880 wrote to memory of 580	2880	Unicorn-39823.exe	35
PID 2880 wrote to memory of 580	2880	Unicorn-39823.exe	35
PID 2880 wrote to memory of 580	2880	Unicorn-39823.exe	35
PID 2880 wrote to memory of 580	2880	Unicorn-39823.exe	35
PID 2704 wrote to memory of 2940	2704	f4e8e8f9227b884adcd51410ec625f73dac028b4502db0b2903e4e9aed0bddcdN.exe	36
PID 2704 wrote to memory of 2940	2704	f4e8e8f9227b884adcd51410ec625f73dac028b4502db0b2903e4e9aed0bddcdN.exe	36
PID 2704 wrote to memory of 2940	2704	f4e8e8f9227b884adcd51410ec625f73dac028b4502db0b2903e4e9aed0bddcdN.exe	36
PID 2704 wrote to memory of 2940	2704	f4e8e8f9227b884adcd51410ec625f73dac028b4502db0b2903e4e9aed0bddcdN.exe	36
PID 2588 wrote to memory of 2372	2588	Unicorn-43483.exe	37
PID 2588 wrote to memory of 2372	2588	Unicorn-43483.exe	37
PID 2588 wrote to memory of 2372	2588	Unicorn-43483.exe	37
PID 2588 wrote to memory of 2372	2588	Unicorn-43483.exe	37
PID 2796 wrote to memory of 2856	2796	Unicorn-63773.exe	38
PID 2796 wrote to memory of 2856	2796	Unicorn-63773.exe	38
PID 2796 wrote to memory of 2856	2796	Unicorn-63773.exe	38
PID 2796 wrote to memory of 2856	2796	Unicorn-63773.exe	38
PID 580 wrote to memory of 2820	580	Unicorn-11002.exe	39
PID 580 wrote to memory of 2820	580	Unicorn-11002.exe	39
PID 580 wrote to memory of 2820	580	Unicorn-11002.exe	39
PID 580 wrote to memory of 2820	580	Unicorn-11002.exe	39
PID 2880 wrote to memory of 2384	2880	Unicorn-39823.exe	40
PID 2880 wrote to memory of 2384	2880	Unicorn-39823.exe	40
PID 2880 wrote to memory of 2384	2880	Unicorn-39823.exe	40
PID 2880 wrote to memory of 2384	2880	Unicorn-39823.exe	40
PID 2940 wrote to memory of 2524	2940	Unicorn-62241.exe	42
PID 2940 wrote to memory of 2524	2940	Unicorn-62241.exe	42
PID 2940 wrote to memory of 2524	2940	Unicorn-62241.exe	42
PID 2940 wrote to memory of 2524	2940	Unicorn-62241.exe	42
PID 2632 wrote to memory of 1892	2632	Unicorn-56674.exe	41
PID 2632 wrote to memory of 1892	2632	Unicorn-56674.exe	41
PID 2632 wrote to memory of 1892	2632	Unicorn-56674.exe	41
PID 2632 wrote to memory of 1892	2632	Unicorn-56674.exe	41
PID 2824 wrote to memory of 2468	2824	Unicorn-46586.exe	43
PID 2824 wrote to memory of 2468	2824	Unicorn-46586.exe	43
PID 2824 wrote to memory of 2468	2824	Unicorn-46586.exe	43
PID 2824 wrote to memory of 2468	2824	Unicorn-46586.exe	43
PID 2704 wrote to memory of 576	2704	f4e8e8f9227b884adcd51410ec625f73dac028b4502db0b2903e4e9aed0bddcdN.exe	44
PID 2704 wrote to memory of 576	2704	f4e8e8f9227b884adcd51410ec625f73dac028b4502db0b2903e4e9aed0bddcdN.exe	44
PID 2704 wrote to memory of 576	2704	f4e8e8f9227b884adcd51410ec625f73dac028b4502db0b2903e4e9aed0bddcdN.exe	44
PID 2704 wrote to memory of 576	2704	f4e8e8f9227b884adcd51410ec625f73dac028b4502db0b2903e4e9aed0bddcdN.exe	44
PID 2372 wrote to memory of 1088	2372	Unicorn-65522.exe	46
PID 2372 wrote to memory of 1088	2372	Unicorn-65522.exe	46
PID 2372 wrote to memory of 1088	2372	Unicorn-65522.exe	46
PID 2372 wrote to memory of 1088	2372	Unicorn-65522.exe	46

C:\Users\Admin\AppData\Local\Temp\f4e8e8f9227b884adcd51410ec625f73dac028b4502db0b2903e4e9aed0bddcdN.exe
"C:\Users\Admin\AppData\Local\Temp\f4e8e8f9227b884adcd51410ec625f73dac028b4502db0b2903e4e9aed0bddcdN.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2704
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46586.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46586.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63773.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63773.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43483.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43483.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65522.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35009.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48195.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-84.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-84.exe
        8⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12209.exe
        9⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42660.exe
        9⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9978.exe
        9⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5771.exe
        9⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8296.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56396.exe
        8⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3102.exe
        8⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62865.exe
        8⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37877.exe
        8⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41863.exe
        7⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23886.exe
        8⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42660.exe
        8⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9978.exe
        8⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59056.exe
        8⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53292.exe
        8⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17755.exe
        7⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62261.exe
        7⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59974.exe
        7⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46329.exe
        7⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16346.exe
        7⤵
        
        PID:5440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28329.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17381.exe
        7⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54368.exe
        8⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14041.exe
        8⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5993.exe
        8⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62982.exe
        8⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39209.exe
        7⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22732.exe
        7⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37576.exe
        7⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1721.exe
        7⤵
        
        PID:5540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14950.exe
        6⤵
        
        PID:284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39537.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42660.exe
        7⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62774.exe
        7⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5993.exe
        7⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1721.exe
        7⤵
        
        PID:5868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44316.exe
        6⤵
        
        PID:2388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53596.exe
        6⤵
        
        PID:3780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43438.exe
        6⤵
        
        PID:5048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10110.exe
        6⤵
        
        PID:5900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37897.exe
        6⤵
        
        PID:5832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15335.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14562.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62964.exe
        7⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49241.exe
        8⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52303.exe
        8⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62865.exe
        8⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37877.exe
        8⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65255.exe
        7⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50492.exe
        7⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60738.exe
        7⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37643.exe
        7⤵
        
        PID:7060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2834.exe
        6⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24597.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14555.exe
        7⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5993.exe
        7⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1721.exe
        7⤵
        
        PID:5672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63583.exe
        6⤵
        
        PID:4076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34156.exe
        6⤵
        
        PID:5100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7421.exe
        6⤵
        
        PID:5308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37877.exe
        6⤵
        
        PID:6464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37021.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34568.exe
        6⤵
        
        PID:2400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2676.exe
        6⤵
        
        PID:2228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56396.exe
        6⤵
        
        PID:3824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3102.exe
        6⤵
        
        PID:4852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62865.exe
        6⤵
        
        PID:6004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37877.exe
        6⤵
        
        PID:6508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54915.exe
        5⤵
        
        PID:1580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59075.exe
        6⤵
        
        PID:3692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe
        6⤵
        
        PID:4276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31710.exe
        6⤵
        
        PID:4480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37346.exe
        6⤵
        
        PID:6348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50145.exe
        5⤵
        
        PID:3408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3397.exe
        5⤵
        
        PID:4356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7951.exe
        5⤵
        
        PID:5292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37488.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37488.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30925.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64147.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44770.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15416.exe
        8⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42660.exe
        8⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9978.exe
        8⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59056.exe
        8⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42108.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64596.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40658.exe
        7⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28910.exe
        7⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54807.exe
        7⤵
        
        PID:5452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36772.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43757.exe
        7⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21782.exe
        7⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34156.exe
        7⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28910.exe
        7⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37877.exe
        7⤵
        
        PID:6428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11141.exe
        6⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59075.exe
        7⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe
        7⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31710.exe
        7⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37346.exe
        7⤵
        
        PID:6444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58810.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24016.exe
        6⤵
        
        PID:4068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63395.exe
        6⤵
        
        PID:6072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11011.exe
        6⤵
        
        PID:5636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55958.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40110.exe
        6⤵
        Executes dropped EXE
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61493.exe
        7⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21057.exe
        7⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10221.exe
        7⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6110.exe
        7⤵
        
        PID:6376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45904.exe
        6⤵
        
        PID:2492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38877.exe
        6⤵
        
        PID:3468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37576.exe
        6⤵
        
        PID:4520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1721.exe
        6⤵
        
        PID:5528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9475.exe
        5⤵
        
        PID:1876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53133.exe
        6⤵
        
        PID:2064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42660.exe
        6⤵
        
        PID:3884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62774.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5993.exe
        6⤵
        
        PID:5256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62982.exe
        6⤵
        
        PID:6612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3283.exe
        5⤵
        
        PID:1744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53596.exe
        5⤵
        
        PID:3812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43438.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63395.exe
        5⤵
        
        PID:5996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29070.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29070.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18647.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56830.exe
        6⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62964.exe
        7⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54991.exe
        8⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10221.exe
        8⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10386.exe
        8⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43485.exe
        7⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22732.exe
        7⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37576.exe
        7⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1721.exe
        7⤵
        
        PID:5632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17228.exe
        6⤵
        
        PID:2872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27648.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25490.exe
        6⤵
        
        PID:5056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56423.exe
        6⤵
        
        PID:5192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2251.exe
        6⤵
        
        PID:5828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42164.exe
        5⤵
        
        PID:2212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4124.exe
        6⤵
        
        PID:2096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21057.exe
        6⤵
        
        PID:4028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5993.exe
        6⤵
        
        PID:6104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63723.exe
        5⤵
        
        PID:1940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44742.exe
        5⤵
        
        PID:3424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28910.exe
        5⤵
        
        PID:1008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34194.exe
        5⤵
        
        PID:5432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42886.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43098.exe
        5⤵
        
        PID:2544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29672.exe
        6⤵
        
        PID:1920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe
        6⤵
        
        PID:4188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37269.exe
        6⤵
        
        PID:5488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37346.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52945.exe
        5⤵
        
        PID:3388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28598.exe
        5⤵
        
        PID:4268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28910.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50723.exe
        5⤵
        
        PID:5592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64859.exe
      4⤵
      PID:1380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32988.exe
        5⤵
        
        PID:2264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2718.exe
        5⤵
        
        PID:4400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62865.exe
        5⤵
        
        PID:6052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50723.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23474.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23474.exe
      4⤵
      PID:2380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20462.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20462.exe
      4⤵
      PID:4252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51957.exe
      4⤵
      PID:5284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40922.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40922.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56674.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56674.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58506.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58506.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2035.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40987.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52985.exe
        7⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25396.exe
        8⤵
        
        PID:1908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 212
        8⤵
        Program crash
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39209.exe
        7⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22732.exe
        7⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16086.exe
        7⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62982.exe
        7⤵
        
        PID:6644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38355.exe
        6⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57684.exe
        7⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5873.exe
        7⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31710.exe
        7⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10386.exe
        7⤵
        
        PID:5944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52130.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32682.exe
        6⤵
        
        PID:3500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28910.exe
        6⤵
        
        PID:5064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54597.exe
        6⤵
        
        PID:6928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40088.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28354.exe
        6⤵
        
        PID:2456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42660.exe
        6⤵
        
        PID:3944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62774.exe
        6⤵
        
        PID:4872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5993.exe
        6⤵
        
        PID:5304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17070.exe
        5⤵
        
        PID:2580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62261.exe
        5⤵
        
        PID:3844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59974.exe
        5⤵
        
        PID:4868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58582.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63512.exe
        5⤵
        
        PID:6364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35454.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35454.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59954.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44773.exe
        6⤵
        
        PID:2556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42660.exe
        6⤵
        
        PID:3968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62774.exe
        6⤵
        
        PID:4824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5993.exe
        6⤵
        
        PID:5252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20811.exe
        6⤵
        
        PID:6556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20439.exe
        5⤵
        
        PID:2732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15363.exe
        5⤵
        
        PID:4000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3102.exe
        5⤵
        
        PID:4752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16788.exe
        5⤵
        
        PID:5700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37877.exe
        5⤵
        
        PID:6436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41764.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41764.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51981.exe
        5⤵
        
        PID:1444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42660.exe
        5⤵
        
        PID:3872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62774.exe
        5⤵
        
        PID:4884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5993.exe
        5⤵
        
        PID:5220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1721.exe
        5⤵
        
        PID:5912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60844.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53596.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53596.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43438.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43438.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63395.exe
      4⤵
      PID:6020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56076.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56076.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55320.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55320.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47894.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62964.exe
        6⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59075.exe
        7⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe
        7⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31710.exe
        7⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10386.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39209.exe
        6⤵
        
        PID:3352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22732.exe
        6⤵
        
        PID:4308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62865.exe
        6⤵
        
        PID:5948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46446.exe
        6⤵
        
        PID:6336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38438.exe
        5⤵
        
        PID:1812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-123.exe
        6⤵
        
        PID:1616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13081.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31710.exe
        6⤵
        
        PID:1256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37346.exe
        6⤵
        
        PID:6280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42810.exe
        5⤵
        
        PID:2196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32682.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28910.exe
        5⤵
        
        PID:2244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50723.exe
        5⤵
        
        PID:5460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64785.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34568.exe
        5⤵
        
        PID:2584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41457.exe
        6⤵
        
        PID:276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44627.exe
        6⤵
        
        PID:4964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62865.exe
        6⤵
        
        PID:6080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37877.exe
        6⤵
        
        PID:6412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49796.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34792.exe
        5⤵
        
        PID:3992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37576.exe
        5⤵
        
        PID:4984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1721.exe
        5⤵
        
        PID:5520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49050.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49050.exe
      4⤵
      PID:2952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59075.exe
        5⤵
        
        PID:3724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28290.exe
        5⤵
        
        PID:4108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16086.exe
        5⤵
        
        PID:5396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20278.exe
        5⤵
        
        PID:6708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58810.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58810.exe
      4⤵
      PID:3288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19932.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19932.exe
      4⤵
      PID:4064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12375.exe
      4⤵
      PID:4408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2251.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2251.exe
      4⤵
      PID:5748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58563.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58563.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3737.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3737.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18149.exe
        5⤵
        
        PID:860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59075.exe
        6⤵
        
        PID:3668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10221.exe
        6⤵
        
        PID:5364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37346.exe
        6⤵
        
        PID:6240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39209.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26816.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37576.exe
        5⤵
        
        PID:2896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1721.exe
        5⤵
        
        PID:5524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50115.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50115.exe
      4⤵
      PID:1808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36797.exe
        5⤵
        
        PID:1304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44627.exe
        5⤵
        
        PID:4996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16086.exe
        5⤵
        
        PID:5388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62982.exe
        5⤵
        
        PID:6628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14413.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14413.exe
      4⤵
      PID:2004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41827.exe
      4⤵
      PID:4956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25679.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25679.exe
      4⤵
      PID:5664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41981.exe
      4⤵
      PID:6304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11143.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11143.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15141.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15141.exe
      4⤵
      PID:2724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42660.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42660.exe
      4⤵
      PID:3580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62774.exe
      4⤵
      PID:4804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5993.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5993.exe
      4⤵
      PID:5232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20811.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20811.exe
      4⤵
      PID:6492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51321.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51321.exe
    3⤵
    PID:324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54126.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54126.exe
    3⤵
    PID:3856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38973.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38973.exe
    3⤵
    PID:4972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36529.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36529.exe
    3⤵
    PID:5988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40846.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40846.exe
    3⤵
    PID:5480
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39823.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39823.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11002.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11002.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9305.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29472.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39067.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16338.exe
        7⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16268.exe
        8⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe
        8⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5993.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62982.exe
        8⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34502.exe
        7⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26816.exe
        7⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37576.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20619.exe
        7⤵
        
        PID:6956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-748.exe
        6⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45432.exe
        7⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe
        7⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31710.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2026.exe
        7⤵
        
        PID:6284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7013.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25490.exe
        6⤵
        
        PID:5108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63395.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46257.exe
        6⤵
        
        PID:5696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28329.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16037.exe
        6⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32329.exe
        7⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42660.exe
        7⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62774.exe
        7⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5993.exe
        7⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20811.exe
        7⤵
        
        PID:6540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28607.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56396.exe
        6⤵
        
        PID:3536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3102.exe
        6⤵
        
        PID:4860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9580.exe
        6⤵
        
        PID:5876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50723.exe
        6⤵
        
        PID:5916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31862.exe
        5⤵
        
        PID:2032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64534.exe
        6⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19512.exe
        7⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31125.exe
        7⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52954.exe
        7⤵
        
        PID:6512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42660.exe
        6⤵
        
        PID:3952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62774.exe
        6⤵
        
        PID:4828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5993.exe
        6⤵
        
        PID:5180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20811.exe
        6⤵
        
        PID:6500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11944.exe
        5⤵
        
        PID:2272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53596.exe
        5⤵
        
        PID:3764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1843.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38055.exe
        5⤵
        
        PID:5236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32308.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35262.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35262.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15715.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20614.exe
        6⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54176.exe
        7⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe
        7⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10221.exe
        7⤵
        
        PID:5380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25758.exe
        6⤵
        
        PID:2340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22732.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37576.exe
        6⤵
        
        PID:4428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58898.exe
        6⤵
        
        PID:6328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45756.exe
        5⤵
        
        PID:2788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48940.exe
        6⤵
        
        PID:2736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe
        6⤵
        
        PID:4228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31710.exe
        6⤵
        
        PID:4516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10386.exe
        6⤵
        
        PID:5500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15373.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28598.exe
        5⤵
        
        PID:3444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28910.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50723.exe
        5⤵
        
        PID:6068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54701.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54701.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57370.exe
        5⤵
        
        PID:3068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41073.exe
        6⤵
        
        PID:2600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16973.exe
        6⤵
        
        PID:3880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5993.exe
        6⤵
        
        PID:5260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1721.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4762.exe
        5⤵
        
        PID:1952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22732.exe
        5⤵
        
        PID:3520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37576.exe
        5⤵
        
        PID:4328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1721.exe
        5⤵
        
        PID:5640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16072.exe
      4⤵
      PID:980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3548.exe
        5⤵
        
        PID:568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42660.exe
        5⤵
        
        PID:3896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62774.exe
        5⤵
        
        PID:4900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5993.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62982.exe
        5⤵
        
        PID:6620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44971.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44971.exe
      4⤵
      PID:2400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15457.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15457.exe
      4⤵
      PID:4016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29441.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29441.exe
      4⤵
      PID:5096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46257.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46257.exe
      4⤵
      PID:5732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42724.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42724.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58828.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58828.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8314.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16294.exe
        6⤵
        
        PID:2960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42660.exe
        6⤵
        
        PID:3932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62774.exe
        6⤵
        
        PID:4836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18245.exe
        6⤵
        
        PID:5892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20811.exe
        6⤵
        
        PID:6472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61088.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56396.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3102.exe
        5⤵
        
        PID:4768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57821.exe
        5⤵
        
        PID:5764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37877.exe
        5⤵
        
        PID:6176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25205.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25205.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53753.exe
        5⤵
        
        PID:2016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16294.exe
        6⤵
        
        PID:2060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42660.exe
        6⤵
        
        PID:3928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62774.exe
        6⤵
        
        PID:4932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5993.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39176.exe
        6⤵
        
        PID:6564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61088.exe
        5⤵
        
        PID:1004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56396.exe
        5⤵
        
        PID:3740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3102.exe
        5⤵
        
        PID:4908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62865.exe
        5⤵
        
        PID:6044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37877.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52859.exe
      4⤵
      PID:2080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59075.exe
        5⤵
        
        PID:3716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28290.exe
        5⤵
        
        PID:4324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62865.exe
        5⤵
        
        PID:5972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50723.exe
        5⤵
        
        PID:5936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58810.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58810.exe
      4⤵
      PID:3360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16808.exe
      4⤵
      PID:4368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12375.exe
      4⤵
      PID:5128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59428.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59428.exe
      4⤵
      PID:6320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52698.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52698.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59954.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64918.exe
        5⤵
        
        PID:1740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42660.exe
        5⤵
        
        PID:3612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62774.exe
        5⤵
        
        PID:4796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5993.exe
        5⤵
        
        PID:5224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20811.exe
        5⤵
        
        PID:6548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40200.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40200.exe
      4⤵
      PID:2752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56396.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56396.exe
      4⤵
      PID:3256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3102.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3102.exe
      4⤵
      PID:4924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62865.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62865.exe
      4⤵
      PID:5964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37877.exe
      4⤵
      PID:6452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47629.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47629.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58989.exe
      4⤵
      PID:2332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59075.exe
        5⤵
        
        PID:3700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23630.exe
        5⤵
        
        PID:4488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37576.exe
        5⤵
        
        PID:5144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62982.exe
        5⤵
        
        PID:6588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39209.exe
      4⤵
      PID:3300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22732.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22732.exe
      4⤵
      PID:4236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62865.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62865.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42362.exe
      4⤵
      PID:6248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8341.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8341.exe
    3⤵
    PID:1228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59075.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59075.exe
      4⤵
      PID:3684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe
      4⤵
      PID:4244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10221.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10221.exe
      4⤵
      PID:5340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37346.exe
      4⤵
      PID:6480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33609.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33609.exe
    3⤵
    PID:3416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20462.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20462.exe
    3⤵
    PID:4024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7910.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7910.exe
    3⤵
    PID:4944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40922.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40922.exe
    3⤵
    PID:1296
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62241.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62241.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58506.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58506.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61002.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61002.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50603.exe
        5⤵
        
        PID:308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65416.exe
        5⤵
        
        PID:3960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28290.exe
        5⤵
        
        PID:4128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37576.exe
        5⤵
        
        PID:4724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1721.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16987.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16987.exe
      4⤵
      PID:1928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62261.exe
      4⤵
      PID:3832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59974.exe
      4⤵
      PID:4780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-253.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-253.exe
      4⤵
      PID:5716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22095.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22095.exe
      4⤵
      PID:6296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38962.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38962.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19114.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19114.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65255.exe
        5⤵
        
        PID:2648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26624.exe
        5⤵
        
        PID:3436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43672.exe
        5⤵
        
        PID:5784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59174.exe
        5⤵
        
        PID:7052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25016.exe
      4⤵
      PID:2560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56396.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56396.exe
      4⤵
      PID:3748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3102.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3102.exe
      4⤵
      PID:4760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16788.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16788.exe
      4⤵
      PID:5708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37877.exe
      4⤵
      PID:6524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34363.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34363.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55647.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55647.exe
      4⤵
      PID:1124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57248.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57248.exe
      4⤵
      PID:4008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28290.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28290.exe
      4⤵
      PID:5088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37576.exe
      4⤵
      PID:4992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1721.exe
      4⤵
      PID:5688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22277.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22277.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53596.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53596.exe
    3⤵
    PID:2156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43438.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43438.exe
    3⤵
    PID:5044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63395.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63395.exe
    3⤵
    PID:6028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11011.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11011.exe
    3⤵
    PID:6168
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61941.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61941.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26732.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26732.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32051.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32051.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57453.exe
        5⤵
        
        PID:2784
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 236
        6⤵
        Program crash
        
        PID:3052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39209.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26816.exe
        5⤵
        
        PID:4036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37576.exe
        5⤵
        
        PID:2536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1721.exe
        5⤵
        
        PID:4432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61708.exe
      4⤵
      PID:2844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59075.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe
        5⤵
        
        PID:4156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31710.exe
        5⤵
        
        PID:4736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58644.exe
        5⤵
        
        PID:7020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52945.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52945.exe
      4⤵
      PID:3280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25490.exe
      4⤵
      PID:4100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63395.exe
      4⤵
      PID:6088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46257.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46257.exe
      4⤵
      PID:5336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29097.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29097.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3493.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3493.exe
      4⤵
      PID:1872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59075.exe
        5⤵
        
        PID:3604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe
        5⤵
        
        PID:4220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31710.exe
        5⤵
        
        PID:5160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10386.exe
        5⤵
        
        PID:5428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52945.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52945.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32682.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32682.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28910.exe
      4⤵
      PID:4540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37877.exe
      4⤵
      PID:6404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16569.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16569.exe
    3⤵
    PID:2344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59075.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59075.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe
      4⤵
      PID:4204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5993.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5993.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20811.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20811.exe
      4⤵
      PID:6532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58810.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58810.exe
    3⤵
    PID:3324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24016.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24016.exe
    3⤵
    PID:3732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16459.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16459.exe
    3⤵
    PID:4464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2251.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2251.exe
    3⤵
    PID:5860
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1465.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1465.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59954.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59954.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37692.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37692.exe
      4⤵
      PID:1936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49708.exe
        5⤵
        
        PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31710.exe
        5⤵
        
        PID:4436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37346.exe
        5⤵
        
        PID:6212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39209.exe
      4⤵
      PID:3308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22732.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22732.exe
      4⤵
      PID:3476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37576.exe
      4⤵
      PID:2120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1721.exe
      4⤵
      PID:5660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43098.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43098.exe
    3⤵
    PID:2452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59075.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59075.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5993.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5993.exe
      4⤵
      PID:5328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20811.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20811.exe
      4⤵
      PID:6396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52945.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52945.exe
    3⤵
    PID:3344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28598.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28598.exe
    3⤵
    PID:4292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28910.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28910.exe
    3⤵
    PID:4456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37877.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37877.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6420
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22428.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22428.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62964.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62964.exe
    3⤵
    PID:3056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65224.exe
      4⤵
      PID:3792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28290.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28290.exe
      4⤵
      PID:4124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16086.exe
      4⤵
      PID:5420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62982.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62982.exe
      4⤵
      PID:6596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57248.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57248.exe
    3⤵
    PID:3980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28290.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28290.exe
    3⤵
    PID:5116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16086.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16086.exe
    3⤵
    PID:5404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20811.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20811.exe
    3⤵
    PID:6460
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49904.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49904.exe
  2⤵
  PID:2996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59075.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59075.exe
    3⤵
    PID:3636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe
    3⤵
    PID:4172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10221.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10221.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10386.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10386.exe
    3⤵
    PID:1428
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33420.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33420.exe
  2⤵
  PID:3568
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59133.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59133.exe
  2⤵
  PID:3576
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6775.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6775.exe
  2⤵
  PID:2968
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17387.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17387.exe
  2⤵
  PID:5740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11002.exe

Filesize
468KB

MD5
123a8753f73516334593d45451c47236

SHA1
013255e60e6b68f95c26ccde2b244050730b685e

SHA256
9ff6c38a8af2bd3f17fb1c5f3b80bb2cc0a111a8bfefc4424408f90729a4202a

SHA512
85b284c9dda8819c34bea47aee69f02fa642877d6acd9cf6a6e17f72c3305f9ec93d722f179fa3c0aa87de208acff29be4e2270b711f0233a6b141b9ac925531

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30925.exe

Filesize
468KB

MD5
0eabc60e635227c8ad458831092a7c70

SHA1
57c20dbf19abcb977c64deef70d876f59408e0ac

SHA256
9192a7f1f62baa6f9d0bf55762f6665bd3f98967974e29a4f0339436e1e432f7

SHA512
bb109ed640b93c13c2b63ca0d344a93cd472bdaf7dcb71c49664f0a927da46a2f2afbbd19932fde192a0f7f361d200c8c50d5d52843b1f74e4c261ae7685aa05

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40088.exe

Filesize
468KB

MD5
55766f9f22dbe0fc360857ebb37cc4a6

SHA1
f65fa06ba653f2f418a0a6e2808dd408b36119b8

SHA256
708d0220ff8f65c92ed3bc1f7acd25fdd223860193d8ba91b2f9745b8b7100dc

SHA512
e48fec8c315943e85bec98dbe13323bd12df52b2e5a36a163aeb55d6b6de15a7f8d9abc4bf3e55d6a8f7a0f21e0b31a955c0f16b42aca31d1057a48f8ac7b02f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42724.exe

Filesize
468KB

MD5
c6515a5253652cef74ecd309786989ba

SHA1
c6ce8557b97d1cc3d7445e7cfc46d0ce2a1bf8c4

SHA256
2adcfe0eda706cce27121e58823a6ef21e1b62888b8c532d3b9c5b771b2195e4

SHA512
260a7ad71d393fdd679ae2f0de86c85a9a9c30c41525f60510492dda1fe626dd3adf94165edda89f49d4ae9510fd664e4db0a9f0685012a6eefe48cd2e29ac5e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15335.exe

Filesize
468KB

MD5
0ab112f714ee86cf60e4d7bbdd68a0ed

SHA1
ac439e69a1cd26bb0a403b47c4595feeaab87ec3

SHA256
1dfa542acc6c462d9d94031d8459c0e94456c665b9f0b2d1927483cc5d334d31

SHA512
405a88626d5c0184f3545702cf1ed46ae957e263796bbc3edf18ad2c2f319157740018217c9e2bb8abd3a9ac32bdae7041adcb3d82ed9ebd579571956d2510ff

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35009.exe

Filesize
468KB

MD5
1d24611fce707171da8cf70d5eb8b33b

SHA1
5ff9ab03ab12d05af81621a2e2a594cabbe461a6

SHA256
02638494879d5cb90502d87f90fb84853dd664ffee2cb8404b4b91c16265f5e1

SHA512
52a44d8229a986f7e61c329f73fd98deac48b26595b9e59b30543341b4e504a21f80b006b92c47cd257a289a125e759aa6befa3414804e5507b7b1f3751b70ba

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37488.exe

Filesize
468KB

MD5
a540fc1c5e1f25890daee6cdfb99d50b

SHA1
1ef038a0f1581706b83c3d63fe1b0f68a78712e8

SHA256
f5e71a85b7c24a4135f6686777df23ba1cad06f4e1a9304ec5a7f6ea03c14538

SHA512
c39ed1d409852721a6a368fe648261a03b3913bb7467b48bb8251459e1ac86944a230d5352006802af5b78f1e41f94f0a7db7ff068c282266a9e80c3417a1f2f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39823.exe

Filesize
468KB

MD5
5632109360f53086713fc5b19e0b5399

SHA1
dc69eb16210861182281db6630c6c4dcfe7890c0

SHA256
65027b985ee89a8a23175a90708dcfe442cac240659b9c51224a7c21754beeee

SHA512
9e02727d83a82e465648e95db88d528d6b0b9b76a7593d1694471b3303942f8bd8721606f5afe8c918cd61d03e17096bbe20cd86e732ae612f2164b165b7cc35

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43483.exe

Filesize
468KB

MD5
69bbcccece16808c8ef2a28eb69802f0

SHA1
b83919818104e8900cdfb13c33914e31b72592cd

SHA256
9ad4c1ebf6e0ca7e4ec4f2b39a2b7dd1717161dc53a863ad9fd2aebc60f2d6fb

SHA512
fb2d61de80c32d30762b08cca4ff356300854fd41a586becfbd06b8c19116b5aa4c285d85374b474067bc1d769bc0bd63bcf7e88c1b57c01b83178420049aa81

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46586.exe

Filesize
468KB

MD5
558fe681666c57737e5168350442bd9e

SHA1
440ca0f27435290bb156a3891da61a4a7c1adeb1

SHA256
0573f990a9bc947abe5ba03f6ae32dd29991c221622031ba5c7b0d0269a41be9

SHA512
c9ac5f68db6aa7c377108125507ecd6f2b31c9c7a30c7f9fd1a601d5a0051c40ae675dfa2dadbb230e836054755eac72f0187dc55d3e28756a05f75d903e1d1a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56076.exe

Filesize
468KB

MD5
a42683cc6d70ff4487b5c9272597bd89

SHA1
366bf4ba29d7d237eeac47ec9aeb1be24337d980

SHA256
b83e26611ae12d8e97bb98e7453d1b988d2b9244109c7ceb9c309c314594fcdf

SHA512
93762cc9b74bd40f19ad8f3674f2f4922f8d479adc2272cdee551caa6d196ae39c3cbf74ec6399bead81129c3b018054eebc03b611019affe7e2a635cd8b6027

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56674.exe

Filesize
468KB

MD5
2c2fe708dde5a10047e50a89e702e48b

SHA1
e7c0c907da85f615a449a13213fc5fe6e32ee11c

SHA256
fdfe8745a832cb79bf0a278ef65fef17a5dddbd4351113202c0e28f91f0902b6

SHA512
2181de2ade76a9e969329f169afaed846a6b1382bc2947f6f4b1b29cbaee39562c5305345f14c24b4134eb7ed750116a0e06831205b9d3dc17a77ff0daff365b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58506.exe

Filesize
468KB

MD5
28f725bbd4a149d43bdcee9b3c3f6278

SHA1
cc386a213a0cdf2959f79fa2994152d81785a414

SHA256
391dafec682a12419c86dfad83bc0e8638820688c744b8d013cdb2331dd26657

SHA512
ff07189a3ac45d7a2f3b4b5b46dca2658c36461ee78270e981b202bc0e4fecaf96e86f9eb3e7b442ad2e5dfb114eaa79c43330937ec6568170eaa5557f2334ab

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61941.exe

Filesize
468KB

MD5
f8636e85d2d03b655d22907bba2a5831

SHA1
1e258fc1ad9e8f7c1bf687abcbd62b4b5a2b25f9

SHA256
51dd8db47ca8a2dca0ab427019352f3783a4aba17110bbe3c703e2b3decf5cbd

SHA512
79c96c151826d18167d6924d33f11a34ee7c68efb73ca53b2e7f364612589d1f6e8890432e186ef7439c2af8bedd20f78f81a2bf6582c300b27e3b7c14091952

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62241.exe

Filesize
468KB

MD5
6a0f76ea1d558c6259bd7e64a892f8fb

SHA1
4c88119bea7618e72e1e5f3a2558d939195489f2

SHA256
88cf3357b3182304571368d9041482c3bcd77e81b40f5c92bc0b6094474b3069

SHA512
43f9c6cac454a5a857c100792d091cf67c7b72153d63ab31780ef779968eac16c4767cb91a50db31d8c6a852e77e48252a8fb444db77c5959dcfd18df655c4a4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63773.exe

Filesize
468KB

MD5
781686d05b36e234cf0cdbf1ffaf0bab

SHA1
18dfc2ed785af430279549539237589df554e685

SHA256
d6f4f5c4a0f8fe7c875ff2121e725c39b1b146b713bb86c55d88a3c2391a678e

SHA512
996b81a9e2c0bf7b7fc55d3552a1edaa3f05902652e3fc5404310bae9ac764943d735700e9eb4c31d868ab82218b6fc148f6d023358aa1158b334e4adf820d35

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65522.exe

Filesize
468KB

MD5
8285828db5fa0bfd88618f9d180cec07

SHA1
91d2ec840a45870079d4a5f4ca0af313a5876306

SHA256
780764f0b57aa406913968a83f48a03075d579e1a2115049f9d7416c1395b269

SHA512
52dddd38d4d860394849bfe4b20ac36d4bc940b93c909970778c3d234e618f21d20fcdee362cbc743667832605f33e9db5b310fefe9647cad409f095cd6d3b26

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9305.exe

Filesize
468KB

MD5
23deddadf1988353e606a760a89d37d5

SHA1
a736457432ffb613b607b2189bdc35cd7d3e60e0

SHA256
8e4467228daa995a71c11a730a895d6c1f4d91e9947dbe090be342a851b595f7

SHA512
26d17534afc84f03c0dfa215f0cf0f494d853f705c7ee8b54e5c4028473c81f8bf917649deda8cfa806dbe083fd9f7efe9e96ad131cb7496a8c7389ad0afe29b

Download Submit
memory/108-373-0x0000000001EB0000-0x0000000001F25000-memory.dmp

Filesize
468KB

Download
memory/108-226-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/108-377-0x0000000001EB0000-0x0000000001F25000-memory.dmp

Filesize
468KB

Download
memory/448-397-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/576-257-0x0000000002680000-0x00000000026F5000-memory.dmp

Filesize
468KB

Download
memory/576-258-0x0000000002680000-0x00000000026F5000-memory.dmp

Filesize
468KB

Download
memory/576-170-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/580-114-0x00000000025E0000-0x0000000002655000-memory.dmp

Filesize
468KB

Download
memory/580-246-0x00000000025E0000-0x0000000002655000-memory.dmp

Filesize
468KB

Download
memory/580-120-0x00000000025E0000-0x0000000002655000-memory.dmp

Filesize
468KB

Download
memory/580-70-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/580-247-0x00000000025E0000-0x0000000002655000-memory.dmp

Filesize
468KB

Download
memory/592-375-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/620-407-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/708-290-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/908-318-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1088-201-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1436-249-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1464-376-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1548-321-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1732-358-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1892-273-0x0000000001E30000-0x0000000001EA5000-memory.dmp

Filesize
468KB

Download
memory/1912-259-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2072-291-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2084-234-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2108-396-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2188-350-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2188-205-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2372-97-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2372-199-0x0000000002760000-0x00000000027D5000-memory.dmp

Filesize
468KB

Download
memory/2372-204-0x0000000002560000-0x00000000025D5000-memory.dmp

Filesize
468KB

Download
memory/2384-322-0x0000000002D90000-0x0000000002E05000-memory.dmp

Filesize
468KB

Download
memory/2384-323-0x0000000002D90000-0x0000000002E05000-memory.dmp

Filesize
468KB

Download
memory/2384-134-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2412-275-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2436-218-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2436-378-0x0000000001DA0000-0x0000000001E15000-memory.dmp

Filesize
468KB

Download
memory/2436-379-0x0000000001DA0000-0x0000000001E15000-memory.dmp

Filesize
468KB

Download
memory/2468-288-0x0000000000370000-0x00000000003E5000-memory.dmp

Filesize
468KB

Download
memory/2468-289-0x0000000000370000-0x00000000003E5000-memory.dmp

Filesize
468KB

Download
memory/2468-168-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2508-274-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2516-317-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2524-144-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2588-216-0x0000000002370000-0x00000000023E5000-memory.dmp

Filesize
468KB

Download
memory/2588-217-0x0000000002370000-0x00000000023E5000-memory.dmp

Filesize
468KB

Download
memory/2588-395-0x0000000002370000-0x00000000023E5000-memory.dmp

Filesize
468KB

Download
memory/2588-394-0x0000000002370000-0x00000000023E5000-memory.dmp

Filesize
468KB

Download
memory/2632-64-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2632-147-0x0000000002660000-0x00000000026D5000-memory.dmp

Filesize
468KB

Download
memory/2632-286-0x0000000002660000-0x00000000026D5000-memory.dmp

Filesize
468KB

Download
memory/2632-287-0x0000000002660000-0x00000000026D5000-memory.dmp

Filesize
468KB

Download
memory/2704-262-0x00000000024D0000-0x0000000002545000-memory.dmp

Filesize
468KB

Download
memory/2704-324-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2704-5-0x00000000024D0000-0x0000000002545000-memory.dmp

Filesize
468KB

Download
memory/2704-268-0x00000000024D0000-0x0000000002545000-memory.dmp

Filesize
468KB

Download
memory/2704-405-0x00000000024D0000-0x0000000002545000-memory.dmp

Filesize
468KB

Download
memory/2704-74-0x00000000024D0000-0x0000000002545000-memory.dmp

Filesize
468KB

Download
memory/2704-169-0x00000000024D0000-0x0000000002545000-memory.dmp

Filesize
468KB

Download
memory/2704-347-0x00000000024D0000-0x0000000002545000-memory.dmp

Filesize
468KB

Download
memory/2704-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2704-156-0x00000000024D0000-0x0000000002545000-memory.dmp

Filesize
468KB

Download
memory/2744-351-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2780-325-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2796-225-0x0000000002720000-0x0000000002795000-memory.dmp

Filesize
468KB

Download
memory/2796-26-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2796-220-0x0000000002720000-0x0000000002795000-memory.dmp

Filesize
468KB

Download
memory/2796-43-0x0000000002720000-0x0000000002795000-memory.dmp

Filesize
468KB

Download
memory/2796-401-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2796-392-0x0000000002720000-0x0000000002795000-memory.dmp

Filesize
468KB

Download
memory/2820-228-0x0000000002660000-0x00000000026D5000-memory.dmp

Filesize
468KB

Download
memory/2820-233-0x0000000002660000-0x00000000026D5000-memory.dmp

Filesize
468KB

Download
memory/2824-400-0x0000000002960000-0x00000000029D5000-memory.dmp

Filesize
468KB

Download
memory/2824-393-0x0000000003A90000-0x0000000003B05000-memory.dmp

Filesize
468KB

Download
memory/2824-22-0x0000000003A90000-0x0000000003B05000-memory.dmp

Filesize
468KB

Download
memory/2824-24-0x0000000002960000-0x00000000029D5000-memory.dmp

Filesize
468KB

Download
memory/2824-60-0x0000000002960000-0x00000000029D5000-memory.dmp

Filesize
468KB

Download
memory/2824-319-0x0000000002960000-0x00000000029D5000-memory.dmp

Filesize
468KB

Download
memory/2824-366-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2824-153-0x0000000002960000-0x00000000029D5000-memory.dmp

Filesize
468KB

Download
memory/2824-320-0x0000000002960000-0x00000000029D5000-memory.dmp

Filesize
468KB

Download
memory/2824-166-0x0000000002960000-0x00000000029D5000-memory.dmp

Filesize
468KB

Download
memory/2856-105-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2856-357-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2856-197-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2856-200-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2880-315-0x0000000002390000-0x0000000002405000-memory.dmp

Filesize
468KB

Download
memory/2880-35-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2880-132-0x0000000002390000-0x0000000002405000-memory.dmp

Filesize
468KB

Download
memory/2880-310-0x0000000002390000-0x0000000002405000-memory.dmp

Filesize
468KB

Download
memory/2880-131-0x0000000002390000-0x0000000002405000-memory.dmp

Filesize
468KB

Download
memory/2940-142-0x00000000026D0000-0x0000000002745000-memory.dmp

Filesize
468KB

Download
memory/2940-80-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2940-311-0x00000000026D0000-0x0000000002745000-memory.dmp

Filesize
468KB

Download
memory/2940-140-0x00000000026D0000-0x0000000002745000-memory.dmp

Filesize
468KB

Download
memory/2940-316-0x00000000026D0000-0x0000000002745000-memory.dmp

Filesize
468KB

Download