d1dca93a55a227322c5466e89ea12ec3e99559278daf27bb5dcf723d95200b6d

Analysis

max time kernel
120s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
10/10/2024, 03:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d1dca93a55a227322c5466e89ea12ec3e99559278daf27bb5dcf723d95200b6dN.exe
Size

468KB
MD5

f6b1319a682aa2ce0ce5ada3cd22a4f0
SHA1

fd8b6a81397d273565a45f5891c386ec0f37aafe
SHA256

d1dca93a55a227322c5466e89ea12ec3e99559278daf27bb5dcf723d95200b6d
SHA512

ac885a835492bb9979a293bda8868a305393b3a8aac27b64967c7809ef3a9109473da25267cdeb0b5d66af53ccfd151edce461e60c61c75ae816998d0ec9cdbf
SSDEEP

3072:4belogxaIU57tbYtPzcfmbfD/nHDnsIH/QmyeQVqAv5Ykzi3uxulj:4b4oCc7t+P4fmbf0a1wv5B+3ux

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2256	Unicorn-31058.exe
2576	Unicorn-39169.exe
2916	Unicorn-63351.exe
2888	Unicorn-42925.exe
2832	Unicorn-49055.exe
2764	Unicorn-45142.exe
2908	Unicorn-41131.exe
1732	Unicorn-24338.exe
2872	Unicorn-44146.exe
1944	Unicorn-37824.exe
1520	Unicorn-7368.exe
2160	Unicorn-59906.exe
2984	Unicorn-24414.exe
2944	Unicorn-56053.exe
2196	Unicorn-59390.exe
1168	Unicorn-6468.exe
1856	Unicorn-35571.exe
2584	Unicorn-6084.exe
664	Unicorn-875.exe
1332	Unicorn-25950.exe
1604	Unicorn-25950.exe
1812	Unicorn-2249.exe
672	Unicorn-28672.exe
1660	Unicorn-59167.exe
2468	Unicorn-46209.exe
1156	Unicorn-65519.exe
1396	Unicorn-9996.exe
1500	Unicorn-29810.exe
2548	Unicorn-49292.exe
1652	Unicorn-45763.exe
2532	Unicorn-51788.exe
1564	Unicorn-29129.exe
1716	Unicorn-35260.exe
2344	Unicorn-36137.exe
2408	Unicorn-36137.exe
2452	Unicorn-27206.exe
3032	Unicorn-61418.exe
2404	Unicorn-1746.exe
592	Unicorn-2011.exe
2716	Unicorn-64896.exe
2960	Unicorn-50636.exe
2612	Unicorn-51705.exe
2916	Unicorn-12783.exe
2464	Unicorn-38249.exe
1908	Unicorn-50672.exe
1616	Unicorn-1663.exe
2784	Unicorn-26952.exe
2828	Unicorn-26568.exe
340	Unicorn-20437.exe
2868	Unicorn-6702.exe
892	Unicorn-58856.exe
2152	Unicorn-38798.exe
2472	Unicorn-42328.exe
2176	Unicorn-58015.exe
2148	Unicorn-58280.exe
2572	Unicorn-54838.exe
968	Unicorn-45701.exe
1688	Unicorn-55523.exe
1196	Unicorn-28597.exe
2704	Unicorn-19682.exe
2804	Unicorn-65353.exe
1916	Unicorn-3345.exe
2516	Unicorn-34985.exe
1492	Unicorn-15384.exe

Loads dropped DLL 64 IoCs

pid	Process
2096	d1dca93a55a227322c5466e89ea12ec3e99559278daf27bb5dcf723d95200b6dN.exe
2096	d1dca93a55a227322c5466e89ea12ec3e99559278daf27bb5dcf723d95200b6dN.exe
2256	Unicorn-31058.exe
2096	d1dca93a55a227322c5466e89ea12ec3e99559278daf27bb5dcf723d95200b6dN.exe
2256	Unicorn-31058.exe
2096	d1dca93a55a227322c5466e89ea12ec3e99559278daf27bb5dcf723d95200b6dN.exe
2876	WerFault.exe
2876	WerFault.exe
2876	WerFault.exe
2876	WerFault.exe
2096	d1dca93a55a227322c5466e89ea12ec3e99559278daf27bb5dcf723d95200b6dN.exe
2096	d1dca93a55a227322c5466e89ea12ec3e99559278daf27bb5dcf723d95200b6dN.exe
2576	Unicorn-39169.exe
2576	Unicorn-39169.exe
2256	Unicorn-31058.exe
2256	Unicorn-31058.exe
2876	WerFault.exe
2888	Unicorn-42925.exe
2888	Unicorn-42925.exe
2096	d1dca93a55a227322c5466e89ea12ec3e99559278daf27bb5dcf723d95200b6dN.exe
2096	d1dca93a55a227322c5466e89ea12ec3e99559278daf27bb5dcf723d95200b6dN.exe
2764	Unicorn-45142.exe
2764	Unicorn-45142.exe
2256	Unicorn-31058.exe
2256	Unicorn-31058.exe
2576	Unicorn-39169.exe
2576	Unicorn-39169.exe
2832	Unicorn-49055.exe
2832	Unicorn-49055.exe
2908	Unicorn-41131.exe
2908	Unicorn-41131.exe
2888	Unicorn-42925.exe
2888	Unicorn-42925.exe
2160	Unicorn-59906.exe
2160	Unicorn-59906.exe
2832	Unicorn-49055.exe
2832	Unicorn-49055.exe
1732	Unicorn-24338.exe
1732	Unicorn-24338.exe
2764	Unicorn-45142.exe
2096	d1dca93a55a227322c5466e89ea12ec3e99559278daf27bb5dcf723d95200b6dN.exe
2764	Unicorn-45142.exe
2096	d1dca93a55a227322c5466e89ea12ec3e99559278daf27bb5dcf723d95200b6dN.exe
1944	Unicorn-37824.exe
1520	Unicorn-7368.exe
1520	Unicorn-7368.exe
1944	Unicorn-37824.exe
2256	Unicorn-31058.exe
2256	Unicorn-31058.exe
2576	Unicorn-39169.exe
2576	Unicorn-39169.exe
2984	Unicorn-24414.exe
2984	Unicorn-24414.exe
2908	Unicorn-41131.exe
2908	Unicorn-41131.exe
2944	Unicorn-56053.exe
2944	Unicorn-56053.exe
2888	Unicorn-42925.exe
2888	Unicorn-42925.exe
2872	Unicorn-44146.exe
2872	Unicorn-44146.exe
2196	Unicorn-59390.exe
2196	Unicorn-59390.exe
2160	Unicorn-59906.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2876	2916	WerFault.exe	32

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45778.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25761.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29130.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12310.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53723.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62207.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31587.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25955.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33808.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59509.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56523.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38097.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24414.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63867.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42208.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53723.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29833.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37642.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58933.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36924.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54233.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34123.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42789.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5642.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36924.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34866.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6445.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61046.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44137.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58125.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42789.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27869.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3645.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62388.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6445.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63952.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63406.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34654.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3645.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36415.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35777.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6445.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19682.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38248.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61311.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25456.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40302.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3897.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4906.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42925.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61311.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59509.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30932.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34123.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61340.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36137.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34985.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20609.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23931.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43105.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43532.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27206.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2096	d1dca93a55a227322c5466e89ea12ec3e99559278daf27bb5dcf723d95200b6dN.exe
2256	Unicorn-31058.exe
2916	Unicorn-63351.exe
2576	Unicorn-39169.exe
2888	Unicorn-42925.exe
2832	Unicorn-49055.exe
2764	Unicorn-45142.exe
2908	Unicorn-41131.exe
2160	Unicorn-59906.exe
1944	Unicorn-37824.exe
1732	Unicorn-24338.exe
1520	Unicorn-7368.exe
2872	Unicorn-44146.exe
2984	Unicorn-24414.exe
2944	Unicorn-56053.exe
2196	Unicorn-59390.exe
1168	Unicorn-6468.exe
1856	Unicorn-35571.exe
2584	Unicorn-6084.exe
1332	Unicorn-25950.exe
1812	Unicorn-2249.exe
664	Unicorn-875.exe
1604	Unicorn-25950.exe
672	Unicorn-28672.exe
1660	Unicorn-59167.exe
2468	Unicorn-46209.exe
1156	Unicorn-65519.exe
1396	Unicorn-9996.exe
1500	Unicorn-29810.exe
2548	Unicorn-49292.exe
1652	Unicorn-45763.exe
2532	Unicorn-51788.exe
1716	Unicorn-35260.exe
1564	Unicorn-29129.exe
2452	Unicorn-27206.exe
2344	Unicorn-36137.exe
2408	Unicorn-36137.exe
2404	Unicorn-1746.exe
3032	Unicorn-61418.exe
592	Unicorn-2011.exe
2716	Unicorn-64896.exe
2960	Unicorn-50636.exe
2612	Unicorn-51705.exe
2916	Unicorn-12783.exe
2464	Unicorn-38249.exe
1908	Unicorn-50672.exe
1616	Unicorn-1663.exe
2784	Unicorn-26952.exe
2868	Unicorn-6702.exe
2828	Unicorn-26568.exe
340	Unicorn-20437.exe
892	Unicorn-58856.exe
2152	Unicorn-38798.exe
2472	Unicorn-42328.exe
2176	Unicorn-58015.exe
2148	Unicorn-58280.exe
2572	Unicorn-54838.exe
968	Unicorn-45701.exe
1688	Unicorn-55523.exe
1196	Unicorn-28597.exe
1916	Unicorn-3345.exe
2804	Unicorn-65353.exe
2704	Unicorn-19682.exe
2516	Unicorn-34985.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2096 wrote to memory of 2256	2096	d1dca93a55a227322c5466e89ea12ec3e99559278daf27bb5dcf723d95200b6dN.exe	30
PID 2096 wrote to memory of 2256	2096	d1dca93a55a227322c5466e89ea12ec3e99559278daf27bb5dcf723d95200b6dN.exe	30
PID 2096 wrote to memory of 2256	2096	d1dca93a55a227322c5466e89ea12ec3e99559278daf27bb5dcf723d95200b6dN.exe	30
PID 2096 wrote to memory of 2256	2096	d1dca93a55a227322c5466e89ea12ec3e99559278daf27bb5dcf723d95200b6dN.exe	30
PID 2256 wrote to memory of 2576	2256	Unicorn-31058.exe	31
PID 2256 wrote to memory of 2576	2256	Unicorn-31058.exe	31
PID 2256 wrote to memory of 2576	2256	Unicorn-31058.exe	31
PID 2256 wrote to memory of 2576	2256	Unicorn-31058.exe	31
PID 2096 wrote to memory of 2916	2096	d1dca93a55a227322c5466e89ea12ec3e99559278daf27bb5dcf723d95200b6dN.exe	32
PID 2096 wrote to memory of 2916	2096	d1dca93a55a227322c5466e89ea12ec3e99559278daf27bb5dcf723d95200b6dN.exe	32
PID 2096 wrote to memory of 2916	2096	d1dca93a55a227322c5466e89ea12ec3e99559278daf27bb5dcf723d95200b6dN.exe	32
PID 2096 wrote to memory of 2916	2096	d1dca93a55a227322c5466e89ea12ec3e99559278daf27bb5dcf723d95200b6dN.exe	32
PID 2916 wrote to memory of 2876	2916	Unicorn-63351.exe	34
PID 2916 wrote to memory of 2876	2916	Unicorn-63351.exe	34
PID 2916 wrote to memory of 2876	2916	Unicorn-63351.exe	34
PID 2916 wrote to memory of 2876	2916	Unicorn-63351.exe	34
PID 2096 wrote to memory of 2888	2096	d1dca93a55a227322c5466e89ea12ec3e99559278daf27bb5dcf723d95200b6dN.exe	35
PID 2096 wrote to memory of 2888	2096	d1dca93a55a227322c5466e89ea12ec3e99559278daf27bb5dcf723d95200b6dN.exe	35
PID 2096 wrote to memory of 2888	2096	d1dca93a55a227322c5466e89ea12ec3e99559278daf27bb5dcf723d95200b6dN.exe	35
PID 2096 wrote to memory of 2888	2096	d1dca93a55a227322c5466e89ea12ec3e99559278daf27bb5dcf723d95200b6dN.exe	35
PID 2576 wrote to memory of 2832	2576	Unicorn-39169.exe	36
PID 2576 wrote to memory of 2832	2576	Unicorn-39169.exe	36
PID 2576 wrote to memory of 2832	2576	Unicorn-39169.exe	36
PID 2576 wrote to memory of 2832	2576	Unicorn-39169.exe	36
PID 2256 wrote to memory of 2764	2256	Unicorn-31058.exe	37
PID 2256 wrote to memory of 2764	2256	Unicorn-31058.exe	37
PID 2256 wrote to memory of 2764	2256	Unicorn-31058.exe	37
PID 2256 wrote to memory of 2764	2256	Unicorn-31058.exe	37
PID 2888 wrote to memory of 2908	2888	Unicorn-42925.exe	38
PID 2888 wrote to memory of 2908	2888	Unicorn-42925.exe	38
PID 2888 wrote to memory of 2908	2888	Unicorn-42925.exe	38
PID 2888 wrote to memory of 2908	2888	Unicorn-42925.exe	38
PID 2096 wrote to memory of 1732	2096	d1dca93a55a227322c5466e89ea12ec3e99559278daf27bb5dcf723d95200b6dN.exe	39
PID 2096 wrote to memory of 1732	2096	d1dca93a55a227322c5466e89ea12ec3e99559278daf27bb5dcf723d95200b6dN.exe	39
PID 2096 wrote to memory of 1732	2096	d1dca93a55a227322c5466e89ea12ec3e99559278daf27bb5dcf723d95200b6dN.exe	39
PID 2096 wrote to memory of 1732	2096	d1dca93a55a227322c5466e89ea12ec3e99559278daf27bb5dcf723d95200b6dN.exe	39
PID 2764 wrote to memory of 2872	2764	Unicorn-45142.exe	40
PID 2764 wrote to memory of 2872	2764	Unicorn-45142.exe	40
PID 2764 wrote to memory of 2872	2764	Unicorn-45142.exe	40
PID 2764 wrote to memory of 2872	2764	Unicorn-45142.exe	40
PID 2256 wrote to memory of 1944	2256	Unicorn-31058.exe	41
PID 2256 wrote to memory of 1944	2256	Unicorn-31058.exe	41
PID 2256 wrote to memory of 1944	2256	Unicorn-31058.exe	41
PID 2256 wrote to memory of 1944	2256	Unicorn-31058.exe	41
PID 2576 wrote to memory of 1520	2576	Unicorn-39169.exe	42
PID 2576 wrote to memory of 1520	2576	Unicorn-39169.exe	42
PID 2576 wrote to memory of 1520	2576	Unicorn-39169.exe	42
PID 2576 wrote to memory of 1520	2576	Unicorn-39169.exe	42
PID 2832 wrote to memory of 2160	2832	Unicorn-49055.exe	43
PID 2832 wrote to memory of 2160	2832	Unicorn-49055.exe	43
PID 2832 wrote to memory of 2160	2832	Unicorn-49055.exe	43
PID 2832 wrote to memory of 2160	2832	Unicorn-49055.exe	43
PID 2908 wrote to memory of 2984	2908	Unicorn-41131.exe	44
PID 2908 wrote to memory of 2984	2908	Unicorn-41131.exe	44
PID 2908 wrote to memory of 2984	2908	Unicorn-41131.exe	44
PID 2908 wrote to memory of 2984	2908	Unicorn-41131.exe	44
PID 2888 wrote to memory of 2944	2888	Unicorn-42925.exe	45
PID 2888 wrote to memory of 2944	2888	Unicorn-42925.exe	45
PID 2888 wrote to memory of 2944	2888	Unicorn-42925.exe	45
PID 2888 wrote to memory of 2944	2888	Unicorn-42925.exe	45
PID 2160 wrote to memory of 2196	2160	Unicorn-59906.exe	46
PID 2160 wrote to memory of 2196	2160	Unicorn-59906.exe	46
PID 2160 wrote to memory of 2196	2160	Unicorn-59906.exe	46
PID 2160 wrote to memory of 2196	2160	Unicorn-59906.exe	46

C:\Users\Admin\AppData\Local\Temp\d1dca93a55a227322c5466e89ea12ec3e99559278daf27bb5dcf723d95200b6dN.exe
"C:\Users\Admin\AppData\Local\Temp\d1dca93a55a227322c5466e89ea12ec3e99559278daf27bb5dcf723d95200b6dN.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2096
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31058.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31058.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39169.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39169.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49055.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49055.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59906.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59390.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49292.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28597.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46690.exe
        9⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42789.exe
        9⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3645.exe
        9⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50151.exe
        8⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62661.exe
        8⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53723.exe
        8⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65353.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37331.exe
        8⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15300.exe
        9⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39908.exe
        9⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56523.exe
        9⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40302.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36924.exe
        8⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12310.exe
        8⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56494.exe
        7⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62207.exe
        8⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27869.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56051.exe
        8⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61942.exe
        7⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29833.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53633.exe
        7⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59628.exe
        7⤵
        
        PID:5916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45763.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45701.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17812.exe
        8⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18414.exe
        8⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43532.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10836.exe
        8⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16586.exe
        7⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58125.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42789.exe
        7⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3645.exe
        7⤵
        
        PID:5268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55523.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22978.exe
        7⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27961.exe
        8⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23931.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20735.exe
        8⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55482.exe
        7⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34123.exe
        7⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52647.exe
        7⤵
        
        PID:5292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37066.exe
        6⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54233.exe
        7⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6224.exe
        8⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28362.exe
        8⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        8⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22538.exe
        7⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42789.exe
        7⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3645.exe
        7⤵
        
        PID:5284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14851.exe
        6⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25456.exe
        7⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51379.exe
        7⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22999.exe
        7⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2226.exe
        7⤵
        
        PID:5692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65527.exe
        6⤵
        
        PID:2636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46700.exe
        6⤵
        
        PID:4688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35140.exe
        6⤵
        
        PID:5368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32762.exe
        6⤵
        
        PID:7108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6468.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51788.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20642.exe
        7⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20609.exe
        8⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1398.exe
        9⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
        9⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        9⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17386.exe
        8⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42098.exe
        8⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12310.exe
        8⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39684.exe
        7⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4112.exe
        8⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37008.exe
        8⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3933.exe
        8⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49679.exe
        7⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26453.exe
        7⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3645.exe
        7⤵
        
        PID:5544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26157.exe
        6⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61311.exe
        7⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42291.exe
        8⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12026.exe
        8⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        8⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35777.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42789.exe
        7⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3645.exe
        7⤵
        
        PID:5800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55181.exe
        6⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51453.exe
        7⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28362.exe
        7⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        7⤵
        
        PID:6372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65134.exe
        6⤵
        
        PID:3348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34123.exe
        6⤵
        
        PID:4660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37187.exe
        6⤵
        
        PID:5592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29129.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3345.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20985.exe
        7⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17735.exe
        8⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
        8⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        8⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63406.exe
        7⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36924.exe
        7⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12310.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55839.exe
        6⤵
        
        PID:1036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-992.exe
        6⤵
        
        PID:3712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42789.exe
        6⤵
        
        PID:4616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53723.exe
        6⤵
        
        PID:5300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34985.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25456.exe
        6⤵
        
        PID:3004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51379.exe
        6⤵
        
        PID:4856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29141.exe
        6⤵
        
        PID:6968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53277.exe
        5⤵
        
        PID:3140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45778.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5161.exe
        5⤵
        
        PID:5332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38097.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7368.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25950.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2011.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49972.exe
        7⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44137.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5901.exe
        8⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42789.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3645.exe
        8⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34367.exe
        7⤵
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1398.exe
        8⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
        8⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        8⤵
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11604.exe
        7⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47963.exe
        7⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5642.exe
        7⤵
        
        PID:7060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36567.exe
        6⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13478.exe
        7⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31587.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25761.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12310.exe
        7⤵
        
        PID:6284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10145.exe
        6⤵
        
        PID:2544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17171.exe
        6⤵
        
        PID:3888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39298.exe
        6⤵
        
        PID:5552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52647.exe
        6⤵
        
        PID:5124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64896.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62551.exe
        6⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64215.exe
        7⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63108.exe
        7⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36924.exe
        7⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12310.exe
        7⤵
        
        PID:6324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63867.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63304.exe
        6⤵
        
        PID:3692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42789.exe
        6⤵
        
        PID:5004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3645.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39509.exe
        5⤵
        
        PID:2816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61311.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62270.exe
        7⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
        7⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        7⤵
        
        PID:6500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53017.exe
        6⤵
        
        PID:3204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20587.exe
        6⤵
        
        PID:5152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62388.exe
        6⤵
        
        PID:6212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35411.exe
        5⤵
        
        PID:1880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35117.exe
        6⤵
        
        PID:3544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28362.exe
        6⤵
        
        PID:5476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        6⤵
        
        PID:6172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25716.exe
        5⤵
        
        PID:3512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1252.exe
        5⤵
        
        PID:5252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4175.exe
        5⤵
        
        PID:5604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28672.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36137.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19682.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43105.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3762.exe
        7⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36924.exe
        7⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62388.exe
        7⤵
        
        PID:6156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5590.exe
        6⤵
        
        PID:1896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65114.exe
        6⤵
        
        PID:4832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44132.exe
        6⤵
        
        PID:5348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59098.exe
        6⤵
        
        PID:6924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15384.exe
        5⤵
        Executes dropped EXE
        
        PID:1492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2435.exe
        6⤵
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33808.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4906.exe
        6⤵
        
        PID:5748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11681.exe
        5⤵
        
        PID:2620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61686.exe
        5⤵
        
        PID:3340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50844.exe
        5⤵
        
        PID:4488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20851.exe
        5⤵
        
        PID:6164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1746.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1746.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27134.exe
        5⤵
        
        PID:964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62207.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
        6⤵
        
        PID:4584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        6⤵
        
        PID:6460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42341.exe
        5⤵
        
        PID:3148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41797.exe
        5⤵
        
        PID:5696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61340.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26672.exe
      4⤵
      PID:2020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1891.exe
        5⤵
        
        PID:3756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
        5⤵
        
        PID:4640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        5⤵
        
        PID:6452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34702.exe
      4⤵
      PID:3808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39828.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39828.exe
      4⤵
      PID:5320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48181.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48181.exe
      4⤵
      PID:5432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45142.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45142.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44146.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44146.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29810.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58280.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61311.exe
        7⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61149.exe
        8⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
        8⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        8⤵
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35777.exe
        7⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59509.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53723.exe
        7⤵
        
        PID:5904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41445.exe
        6⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7122.exe
        7⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
        7⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56523.exe
        7⤵
        
        PID:5824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1215.exe
        6⤵
        
        PID:3288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42789.exe
        6⤵
        
        PID:2720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3645.exe
        6⤵
        
        PID:6132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54838.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54233.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11909.exe
        7⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20587.exe
        7⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12310.exe
        7⤵
        
        PID:6260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63406.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36924.exe
        6⤵
        
        PID:4792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12310.exe
        6⤵
        
        PID:6484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6879.exe
        5⤵
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42208.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
        6⤵
        
        PID:2276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56523.exe
        6⤵
        
        PID:5896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58306.exe
        5⤵
        
        PID:3800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22762.exe
        5⤵
        
        PID:5524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4175.exe
        5⤵
        
        PID:4812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6084.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36137.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46215.exe
        6⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39233.exe
        7⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42873.exe
        7⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28132.exe
        7⤵
        
        PID:6916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42341.exe
        6⤵
        
        PID:3108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13983.exe
        6⤵
        
        PID:4912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28564.exe
        6⤵
        
        PID:4796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59098.exe
        6⤵
        
        PID:6836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28653.exe
        5⤵
        
        PID:1304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30069.exe
        6⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62845.exe
        7⤵
        
        PID:5776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52794.exe
        6⤵
        
        PID:3720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42873.exe
        6⤵
        
        PID:5108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60805.exe
        6⤵
        
        PID:6796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32127.exe
        5⤵
        
        PID:2772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29170.exe
        6⤵
        
        PID:7012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28788.exe
        5⤵
        
        PID:3852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34123.exe
        5⤵
        
        PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52647.exe
        5⤵
        
        PID:5744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61418.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61418.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49972.exe
        5⤵
        
        PID:2056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27800.exe
        6⤵
        
        PID:536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38766.exe
        6⤵
        
        PID:3584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59509.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53723.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25963.exe
        5⤵
        
        PID:1268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42486.exe
        6⤵
        
        PID:3312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
        6⤵
        
        PID:5024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        6⤵
        
        PID:6356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-992.exe
        5⤵
        
        PID:3768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42789.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3645.exe
        5⤵
        
        PID:5280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34056.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34056.exe
      4⤵
      PID:1956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25456.exe
        5⤵
        
        PID:1408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3897.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
        6⤵
        
        PID:4508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56523.exe
        6⤵
        
        PID:5888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11909.exe
        5⤵
        
        PID:3324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36924.exe
        5⤵
        
        PID:5028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12310.exe
        5⤵
        
        PID:6316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50655.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50655.exe
      4⤵
      PID:3860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34654.exe
      4⤵
      PID:4620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48181.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48181.exe
      4⤵
      PID:6136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37824.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37824.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25950.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38249.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46983.exe
        6⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25456.exe
        7⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51379.exe
        7⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29141.exe
        7⤵
        
        PID:6980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42341.exe
        6⤵
        
        PID:3080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58901.exe
        6⤵
        
        PID:5628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12310.exe
        6⤵
        
        PID:6420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-776.exe
        5⤵
        
        PID:2412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4817.exe
        6⤵
        
        PID:1672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8118.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36924.exe
        6⤵
        
        PID:4960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12310.exe
        6⤵
        
        PID:6340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59237.exe
        5⤵
        
        PID:3064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18323.exe
        5⤵
        
        PID:3892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54445.exe
        5⤵
        
        PID:5720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1663.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1663.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64087.exe
        5⤵
        
        PID:2688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21772.exe
        6⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5840.exe
        7⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
        7⤵
        
        PID:304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56523.exe
        7⤵
        
        PID:5836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58933.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53644.exe
        6⤵
        
        PID:4532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12310.exe
        6⤵
        
        PID:6308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42341.exe
        5⤵
        
        PID:2616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13609.exe
        5⤵
        
        PID:4572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43532.exe
        5⤵
        
        PID:5652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37234.exe
        5⤵
        
        PID:6824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9441.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9441.exe
      4⤵
      PID:1576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55647.exe
        5⤵
        
        PID:2312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24545.exe
        6⤵
        
        PID:4540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56523.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-992.exe
        5⤵
        
        PID:3704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42789.exe
        5⤵
        
        PID:5116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4906.exe
        5⤵
        
        PID:5760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61046.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61046.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7122.exe
        5⤵
        
        PID:3820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28362.exe
        5⤵
        
        PID:5492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        5⤵
        
        PID:6276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63952.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17588.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17588.exe
      4⤵
      PID:4980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4175.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4175.exe
      4⤵
      PID:5796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2249.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2249.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35260.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35260.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18177.exe
        5⤵
        
        PID:2336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34263.exe
        6⤵
        
        PID:3576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28362.exe
        6⤵
        
        PID:5500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        6⤵
        
        PID:6292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45331.exe
        5⤵
        
        PID:3452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65114.exe
        5⤵
        
        PID:4848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44132.exe
        5⤵
        
        PID:5400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59098.exe
        5⤵
        
        PID:6840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36567.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36567.exe
      4⤵
      PID:1984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37874.exe
        5⤵
        
        PID:2292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29130.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48163.exe
        6⤵
        
        PID:7096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8118.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36924.exe
        5⤵
        
        PID:4764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12310.exe
        5⤵
        
        PID:6348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7156.exe
      4⤵
      PID:2540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51188.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51188.exe
      4⤵
      PID:3364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34123.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34123.exe
      4⤵
      PID:4444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37187.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37187.exe
      4⤵
      PID:5920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27206.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27206.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31607.exe
      4⤵
      PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25456.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51379.exe
        5⤵
        
        PID:4864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38267.exe
        5⤵
        
        PID:5392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2226.exe
        5⤵
        
        PID:5288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16872.exe
      4⤵
      PID:3100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34123.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34123.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52647.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52647.exe
      4⤵
      PID:5312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6826.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6826.exe
    3⤵
    PID:580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61311.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61311.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7122.exe
        5⤵
        
        PID:3840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
        5⤵
        
        PID:4940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45534.exe
      4⤵
      PID:3356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36924.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36924.exe
      4⤵
      PID:4784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12310.exe
      4⤵
      PID:6444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52911.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52911.exe
    3⤵
    PID:2444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3696.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3696.exe
      4⤵
      PID:896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3762.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3762.exe
      4⤵
      PID:3480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36924.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36924.exe
      4⤵
      PID:4776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12310.exe
      4⤵
      PID:6548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61061.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61061.exe
    3⤵
    PID:2432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19834.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19834.exe
    3⤵
    PID:4624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34005.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34005.exe
    3⤵
    PID:4828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9226.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9226.exe
    3⤵
    PID:7128
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63351.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63351.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2916
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2876
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42925.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42925.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41131.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41131.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24414.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24414.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59167.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26952.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48839.exe
        7⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14867.exe
        7⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42098.exe
        7⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12310.exe
        7⤵
        
        PID:6192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48107.exe
        6⤵
        
        PID:1516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47544.exe
        6⤵
        
        PID:3732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42789.exe
        6⤵
        
        PID:2180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53992.exe
        6⤵
        
        PID:6996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6702.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13231.exe
        6⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62270.exe
        7⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39908.exe
        7⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56523.exe
        7⤵
        
        PID:5852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9166.exe
        6⤵
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4906.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40075.exe
        5⤵
        
        PID:1708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1891.exe
        6⤵
        
        PID:3736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61227.exe
        6⤵
        
        PID:5404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13307.exe
        5⤵
        
        PID:3996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50844.exe
        5⤵
        
        PID:5056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37187.exe
        5⤵
        
        PID:6080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46209.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26568.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7232.exe
        6⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62207.exe
        7⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44206.exe
        7⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55475.exe
        7⤵
        
        PID:6852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42341.exe
        6⤵
        
        PID:2560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25460.exe
        6⤵
        
        PID:5704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10027.exe
        6⤵
        
        PID:6800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39748.exe
        5⤵
        
        PID:596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1699.exe
        6⤵
        
        PID:3824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39908.exe
        6⤵
        
        PID:2088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56523.exe
        6⤵
        
        PID:5884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54038.exe
        5⤵
        
        PID:3776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59509.exe
        5⤵
        
        PID:5044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53723.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20437.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20437.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35603.exe
        5⤵
        
        PID:2092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13261.exe
        6⤵
        
        PID:3536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
        6⤵
        
        PID:4456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        6⤵
        
        PID:6388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46690.exe
        5⤵
        
        PID:4004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42789.exe
        5⤵
        
        PID:4712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53723.exe
        5⤵
        
        PID:5568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37642.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62207.exe
        5⤵
        
        PID:3244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28362.exe
        5⤵
        
        PID:5336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        5⤵
        
        PID:6508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50655.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50655.exe
      4⤵
      PID:3868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18317.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18317.exe
      4⤵
      PID:5128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48181.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48181.exe
      4⤵
      PID:5232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56053.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56053.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65519.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58856.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46205.exe
        6⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12140.exe
        7⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6852.exe
        7⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        7⤵
        
        PID:6396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59244.exe
        6⤵
        
        PID:4012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36924.exe
        6⤵
        
        PID:4700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62388.exe
        6⤵
        
        PID:6220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3845.exe
        5⤵
        
        PID:2244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18205.exe
        6⤵
        
        PID:4084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
        6⤵
        
        PID:5088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        6⤵
        
        PID:6476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6857.exe
        5⤵
        
        PID:3728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17672.exe
        5⤵
        
        PID:4788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61335.exe
        5⤵
        
        PID:6828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38798.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31954.exe
        5⤵
        
        PID:632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7122.exe
        6⤵
        
        PID:3832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
        6⤵
        
        PID:5144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44631.exe
        5⤵
        
        PID:3548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34123.exe
        5⤵
        
        PID:5176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52647.exe
        5⤵
        
        PID:6100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33504.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33504.exe
      4⤵
      PID:2900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36415.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33168.exe
        5⤵
        
        PID:4984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62388.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25191.exe
      4⤵
      PID:1920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62506.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62506.exe
      4⤵
      PID:4604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34667.exe
      4⤵
      PID:5616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28663.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28663.exe
      4⤵
      PID:6892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9996.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9996.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42328.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42328.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37907.exe
        5⤵
        
        PID:1592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62207.exe
        6⤵
        
        PID:3268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44206.exe
        6⤵
        
        PID:5828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55475.exe
        6⤵
        
        PID:6876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42341.exe
        5⤵
        
        PID:3164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36924.exe
        5⤵
        
        PID:5008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12310.exe
        5⤵
        
        PID:6268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52935.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52935.exe
      4⤵
      PID:1400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25955.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6852.exe
        5⤵
        
        PID:1712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30843.exe
        5⤵
        
        PID:7044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52393.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52393.exe
      4⤵
      PID:3880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55809.exe
        5⤵
        
        PID:3132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39908.exe
        5⤵
        
        PID:4536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56523.exe
        5⤵
        
        PID:5856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38248.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38248.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34123.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34123.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37187.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37187.exe
      4⤵
      PID:6076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58015.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58015.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5590.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5590.exe
      4⤵
      PID:1364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30932.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42787.exe
        5⤵
        
        PID:2172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65114.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65114.exe
      4⤵
      PID:4840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12336.exe
      4⤵
      PID:5260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59098.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59098.exe
      4⤵
      PID:6908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56354.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56354.exe
    3⤵
    PID:2632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57508.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57508.exe
    3⤵
    PID:3412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34654.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34654.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48181.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48181.exe
    3⤵
    PID:5868
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24338.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24338.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35571.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35571.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51705.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64772.exe
        5⤵
        
        PID:2424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61311.exe
        6⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6224.exe
        7⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
        7⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        7⤵
        
        PID:6428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53017.exe
        6⤵
        
        PID:3216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36924.exe
        6⤵
        
        PID:5136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12310.exe
        6⤵
        
        PID:6332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31762.exe
        5⤵
        
        PID:2304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18205.exe
        6⤵
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28362.exe
        6⤵
        
        PID:5516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        6⤵
        
        PID:6200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28516.exe
        5⤵
        
        PID:3500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42789.exe
        5⤵
        
        PID:5168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3645.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15223.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15223.exe
      4⤵
      PID:2940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62207.exe
        5⤵
        
        PID:3260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2296.exe
        5⤵
        
        PID:5768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55475.exe
        5⤵
        
        PID:6868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46264.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46264.exe
      4⤵
      PID:3300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19282.exe
      4⤵
      PID:4588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34866.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34866.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11597.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11597.exe
      4⤵
      PID:6900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50672.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50672.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30647.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30647.exe
      4⤵
      PID:1048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65196.exe
        5⤵
        
        PID:3436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35234.exe
        5⤵
        
        PID:4668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58941.exe
        5⤵
        
        PID:6084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2226.exe
        5⤵
        
        PID:5676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42341.exe
      4⤵
      PID:3156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53926.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53926.exe
      4⤵
      PID:4896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61340.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61340.exe
      4⤵
      PID:6844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28958.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28958.exe
    3⤵
    PID:680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20609.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20609.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3762.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3762.exe
      4⤵
      PID:3016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36924.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36924.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12310.exe
      4⤵
      PID:6556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26312.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26312.exe
    3⤵
    PID:2120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14697.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14697.exe
    3⤵
    PID:4020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22762.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22762.exe
    3⤵
    PID:5352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4175.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4175.exe
    3⤵
    PID:6148
- C:\Users\Admin\AppData\Local\Temp\Unicorn-875.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-875.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50636.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50636.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64772.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64772.exe
      4⤵
      PID:1860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32119.exe
        5⤵
        
        PID:236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63108.exe
        5⤵
        
        PID:3484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42098.exe
        5⤵
        
        PID:5468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12310.exe
        5⤵
        
        PID:6532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64251.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64251.exe
      4⤵
      PID:3000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63304.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63304.exe
      4⤵
      PID:3784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47963.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47963.exe
      4⤵
      PID:5448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5642.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30106.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30106.exe
    3⤵
    PID:2080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19924.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19924.exe
      4⤵
      PID:788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18816.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18816.exe
      4⤵
      PID:3528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36924.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36924.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12310.exe
      4⤵
      PID:6540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14478.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14478.exe
    3⤵
    PID:1044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23363.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23363.exe
    3⤵
    PID:3920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34123.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34123.exe
    3⤵
    PID:4632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37187.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37187.exe
    3⤵
    PID:5908
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12783.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12783.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2001.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2001.exe
    3⤵
    PID:1488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17812.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17812.exe
      4⤵
      PID:1624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42085.exe
      4⤵
      PID:4040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20587.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20587.exe
      4⤵
      PID:5104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12310.exe
      4⤵
      PID:6236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56077.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56077.exe
    3⤵
    PID:3124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54835.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54835.exe
    3⤵
    PID:4680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56141.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56141.exe
    3⤵
    PID:6108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42562.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42562.exe
    3⤵
    PID:7148
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38583.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38583.exe
  2⤵
  PID:900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62487.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62487.exe
    3⤵
    PID:1064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48116.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48116.exe
    3⤵
    PID:3788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36924.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36924.exe
    3⤵
    PID:5192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12310.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12310.exe
    3⤵
    PID:6564
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34284.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34284.exe
  2⤵
  PID:2124
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47707.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47707.exe
  2⤵
  PID:3496
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11988.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11988.exe
  2⤵
  PID:4644
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19311.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19311.exe
  2⤵
  PID:6184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11681.exe

Filesize
468KB

MD5
8140ad03bc5083b6fd2760333194b8b2

SHA1
f71df8f07bd26d173b85946d1a4b8df839482fa2

SHA256
2ca48a5e7b31890731e48bde200e17ede2dfbacddbc286aa7af3940a01371b8c

SHA512
1c0e8e5755eced0303b03f887f0213be5637bc47ef5a9d056133b94282878148ab58762c13c763e67a9570ea3a9578309a44be56b2984938bc0beba57caa3bff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24338.exe

Filesize
468KB

MD5
b9cc0c4b7c7876e6ea55cf7a070de07d

SHA1
98683ece7e43fcdf2375485ead83a4aaf714dcd4

SHA256
52ad9564d2e87aebca127f5a8cfefbf3f9c8230d684b71f2265d85fe00814d20

SHA512
9325684a75d09b99e657c87b43c24aa46f253a13a2eeb98e4f559301080b9c47b6d746bd3e8777699109db5864d790051c9ff82bb9b2a0f92734d60e1b047977

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35571.exe

Filesize
468KB

MD5
aad0a79af80a8771dc8b50fea8132cc2

SHA1
7c63fea3f8e67e19284b6bc3b12cd7ec7c0c4a42

SHA256
b631f47027cbce6dd2a05d154ad7f25ae42b38935299aa06bb972e7296baf800

SHA512
c196ffb96e4584bbdc834c987459e9badb3be0cf89bf7a5ee8227b3205d7151f1b3ac41b4c5482936afcc379ac3f09c357e0f789ef6cda8a065defd772d26532

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39684.exe

Filesize
468KB

MD5
45f8ff926606bb352ba66002b2fc0c58

SHA1
574190b595bce495fa78ccd0e42cb16070bae9f4

SHA256
44898c39cc7e9a388a19eec5e6d40762505b5137dd0a94e6449e6c745d6fdba7

SHA512
5a34128f1982bcbf3eee98fd8e30dec4beefbd11b705cd8dc29ad324023f6fd7a380ebc3ccda187b64621200ae935a186cd6b5b29669ab4e5227e474aee2b4f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41131.exe

Filesize
468KB

MD5
94bfda14a9fb070663b6247319d39f5b

SHA1
7eac38fcbf306ab3e52d5acd0038e8db3a1186e9

SHA256
451418825bcc8b3b7ebbdf128155681e5dcb9f44421b3145ebbd9055e38b05b3

SHA512
e898e5d0f74aeda2a4bc6d0357869b2c93f3be710d57cf9a23607c80dab4e82906470d392e5ee644619b63451a927225e7584e5152dbe32e0e3e46851b2e9018

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42925.exe

Filesize
468KB

MD5
d6e2a64c20a158afca322bc7bd8db8ca

SHA1
28fb0671a9047ee39de1750f75a7133fac581357

SHA256
d9f81ff4a93ce63eff15ec0fe628ec8ff9bf2186754d7c06fedb335ac1d3a6c0

SHA512
97429e19937ca9ebd47b392f3c8f524fea2b7fdfbef88c3754dd683271f8b49a99ceeb9c0f8b2c5750399b4509bccb356df1f4ee12ed0621dc6acd493708a389

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44146.exe

Filesize
468KB

MD5
fb3c10dca773135921d76d550ad42c9e

SHA1
d0ff1c6e26fb509c59c8b515cb5e30942031f266

SHA256
f3cfe36804f8b172b0345f6b2b09762f8d210db60aff3293169a898fefae0ccc

SHA512
d052cf1860d1d825d4c96fa1389fc3828a8f958e288f87034c899ee0468c484dd0b202d7ad77b7acdf1ce5ef0ee79d1a1ff05a0365c2e0c3f6bf978c23d08010

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49055.exe

Filesize
468KB

MD5
7a5e63211498c0219acb91f77148e5f0

SHA1
888fdb1dd6ea6084eca0fb6ee4b9b41b6ba764d9

SHA256
ff6c2a98b60a7c1d10c3584a5c8c81e3ec5240148f734cc7df4b629f7f9660d5

SHA512
4d835efdec4ea2ea27d0ba3500a9aaf4bfa1f8e6dc60fcf4fee819317d765f1a846e964b7cb1849029b729c0f763e77bb414b7d064fceab491f7162d35740ee4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52647.exe

Filesize
468KB

MD5
562d3ab32c2d74a67c72d6445445922d

SHA1
7ca0312241b7899d2cdbe9e70423c55bf669100c

SHA256
d80511ee9b9309c88db39082058e320dc26b2a87d88ba61144f6f84ff17853e7

SHA512
0c902a62a1ec82c13293870ac3baa79edf0f6973e96bb5edc86e1eab68c9a8ed33b7a09f97a8e5293371f542eab42c1652cfcf2532b383d6c19b4735564bdfe4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5840.exe

Filesize
468KB

MD5
9394a53b3e300d6dd7c08eb31a87e604

SHA1
abb80384e65f2ebef760a24401f7e1cede45f5a6

SHA256
6617c699fe16afe41ffbd8686c49517da7fe0d72795eb6b9a44cfbb796c7f482

SHA512
6517e16a5094e323971af0893296f99aaea69f5ad76e004b193f831aab315378aac7d3385cd160db374133ec9a161e6536722a66f4ea869db0e38c4e57d3fc59

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7368.exe

Filesize
468KB

MD5
5e80ce57d8000328517dcc0f6601f07e

SHA1
a80203526ecc6d05600fd855061545d43d7b973e

SHA256
15c37189ec49512db01cdace1496e8ceb16997653313d70dcec4e8940ec1c4a7

SHA512
bc2356acb843b0b47e70a5c64863705e7f7715d6a018cd7888c8386e7b047fbac3954fed4dd0242e22f3a15da1b34b397b5f9d7561f7e31d2a874f310442f704

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24414.exe

Filesize
468KB

MD5
7771b8722083b077d3e336046970aef6

SHA1
dc91be545438bcaa45375f5d766e223b1daf730e

SHA256
7ab96f3be6621e5e4ac2004ed26cf7b633b2fd29cb41d5f2714ac324cf490168

SHA512
aa574fbfeaf5371255f333c37d324f589cec0bf85069cf1bf5f3c4a7e9fc3a9c1b89af7dcaa69273f1addc768c1eea42b6fad265050274155b6c95b995ead443

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31058.exe

Filesize
468KB

MD5
da740074ec118dc5cc6ea720f831f6ca

SHA1
1744c3afcd68e66b2d40db18520ddfdb00b71b57

SHA256
ed71dabaea653612d6f965409ab9119856a4b9ffa2e25a2afc1de15cd0a2a7f7

SHA512
544adbcca21286d86a6d0008f3ef1770aec82da17654c23a4116e79cd190f1d9980ea111459a48cbfcef86ef285c5a813a70baa06103ddaee7f4613ec8a21600

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37824.exe

Filesize
468KB

MD5
3cf7f62c9bc17d49fb513ad22b88942e

SHA1
66db10340e5f574c7846f6b1f6dd07f6075bc949

SHA256
120f7c29af25fc17816defba9d589d20e41a89938f6aece4975c766239254853

SHA512
2d30aba4cf466710dae9c41ca82bd7f9d18ff4951e14109e2bd68247cab92ac8ea0848e0abccb5b3634d88d1a1b91f18cee7d184a1535748be1ed43c4177f5c9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39169.exe

Filesize
468KB

MD5
db1cf2d4e65797bc8e0c5dc7f9c1a680

SHA1
42276619761aaaacac7de34eafa1c7345439b257

SHA256
847fb8fff3df9ad04fa0048e7a277c770c34132db769bb3593f105253e504290

SHA512
c9fba3c625e515bf436638e3fb8161862fe86ff441491e56187ef8d726ee90248469ca2c248f2945f7ed4d44af540b8887ebf108527e6eee16c9b49fe8c2f6f4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45142.exe

Filesize
468KB

MD5
a2445833683d191e72da1452e085d1d3

SHA1
1e22a29a95cac5f3e3a3acfb69f3de70769d1646

SHA256
7069bd5045dd50f9185c7468b338966e4cfb6c5601cd8caeb9d54516461ff0a6

SHA512
ff1b5612a5de8b12f916dc6cb141a103fd3d15f860e8a4b697542c63d7f6c11f227e7d869dec1859ef74b28ed1d2eeb769ceb8ea470a2aaa0089ed50ec5dee49

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56053.exe

Filesize
468KB

MD5
91c70989ed7113966cbebd99a3e09bbf

SHA1
f741c1f53c589c9c10b2e6b89dd61148a7e4e680

SHA256
9b2f7e8f3fffe6fbab7807a8daceacde5f309a1423f22d2f75cfb1de0f0fa46d

SHA512
d32bfad47c3288ba5859b3858242786f50a6d8c4047281cafe6e93317d17c7208d4493132806a96a7a9d7106db78322d343925249c93b72500e6f43f393be3e2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59390.exe

Filesize
468KB

MD5
fa860979c10cc3d4bc7ce7b42a1f4de8

SHA1
eb12867fe7a025c7b9b2eaea8c56dc54631245bf

SHA256
cf8c8dbd685545073b358b582def38bbca4c5a38ced15ff1043773ccdf55a378

SHA512
6f31ae14599e7974eff54a14c4a971a993dff7c9b7d5acc783a0048394a65eb3731cc94a4f53357cf6722d360032a0f5cf41ea720c77698cfbcde1f2b5927ae3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59906.exe

Filesize
468KB

MD5
e93dc8d674443958cf35ff0ff7f5b5f8

SHA1
d94d70c383a59de1192653c6b0df1362967372f6

SHA256
72dd318d1e98e3e9a053f3ec25a9de9d6cffe155a715de75ec123eb9d5220905

SHA512
600fdd351c0b34c4f71936fdb6bb7f104e281e01cfb85c512d54953cb4867b5942b70143e9a8ef12299ca3b51641d6e52bdd7f789794da7d45fe1be89abfc66e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63351.exe

Filesize
468KB

MD5
a876afb419bead84db1bb66b0f584aff

SHA1
893e0e6d86ce62fe4ad98f36ad0033c7ca7e44d9

SHA256
0d8fdaf449db9a86fe1b787c368da4fece778d88dadae0f4836990d6878c9c54

SHA512
a44bed377e670a99860bbfb57252558a82e88719f908b7d7c06c17b6d512848186b39698423961fb102aa78ba1e91b40b3dafb218e7ff678883ad8ab5ea0707b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6468.exe

Filesize
468KB

MD5
15c946316a46b5d90eefb596824b85b8

SHA1
ca15c8764b9ada01cf76ac95787f97886571c201

SHA256
ef71763ab8ffea461b0b70a7cc69b929569103be3120cde7a6e205296ab6652d

SHA512
c38a159c2b4bdcf0ccf0ec7091a3e9f50bcf1b35ada93391c93b3545dbc8ab23a4d0709010f3cffd83a1c84a4e18a2647d764d40082ffa1c0e151164f3896c03

Download Submit