040a9c5f062b8ac555f6d3ba2255558a40d5d2a83dbdf8b9bcddf11ff0b554ee

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12/10/2024, 08:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

040a9c5f062b8ac555f6d3ba2255558a40d5d2a83dbdf8b9bcddf11ff0b554eeN.exe
Size

468KB
MD5

3df6a05c8ec52341acd3918cdb0c1040
SHA1

d0ad956a9988c7c69060b2939e5453f4b7090ba2
SHA256

040a9c5f062b8ac555f6d3ba2255558a40d5d2a83dbdf8b9bcddf11ff0b554ee
SHA512

e5a26bdb5a13e0a74fed848a1df87f65c1e1ee4e2cfcb2d09df9a658d68d1a687458baad731efbc545d699082560f1e1760477d2b15dafeecc418aecd068db0f
SSDEEP

3072:37oWoEXvt05RLbYcH5uwvf8QuCy8P0pknLHewVxXixzemD6jJAlJ:37ZoQ8RLPHQwvfRYlCixa06jJ

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2156	Unicorn-38623.exe
1724	Unicorn-2032.exe
1740	Unicorn-13537.exe
2840	Unicorn-3672.exe
2884	Unicorn-6687.exe
2728	Unicorn-22046.exe
2640	Unicorn-8311.exe
2660	Unicorn-43247.exe
1320	Unicorn-48078.exe
1524	Unicorn-51607.exe
2860	Unicorn-56438.exe
920	Unicorn-27295.exe
1472	Unicorn-31060.exe
1280	Unicorn-36926.exe
1732	Unicorn-37191.exe
304	Unicorn-18354.exe
2528	Unicorn-56049.exe
1748	Unicorn-61306.exe
668	Unicorn-55560.exe
1144	Unicorn-61690.exe
3036	Unicorn-14719.exe
628	Unicorn-29018.exe
1620	Unicorn-29018.exe
2056	Unicorn-65177.exe
316	Unicorn-18743.exe
2964	Unicorn-27674.exe
964	Unicorn-52370.exe
2080	Unicorn-48841.exe
1508	Unicorn-27601.exe
328	Unicorn-36034.exe
592	Unicorn-54186.exe
1644	Unicorn-655.exe
1628	Unicorn-10551.exe
3020	Unicorn-48055.exe
1244	Unicorn-45454.exe
2552	Unicorn-56929.exe
2240	Unicorn-64775.exe
2460	Unicorn-58792.exe
2808	Unicorn-47536.exe
2744	Unicorn-56353.exe
2804	Unicorn-64521.exe
1720	Unicorn-5543.exe
2960	Unicorn-25144.exe
2748	Unicorn-25409.exe
2032	Unicorn-41745.exe
2004	Unicorn-25601.exe
1648	Unicorn-19470.exe
1992	Unicorn-63296.exe
2584	Unicorn-59726.exe
2104	Unicorn-39860.exe
2940	Unicorn-39860.exe
2920	Unicorn-59726.exe
1660	Unicorn-9373.exe
820	Unicorn-49444.exe
2996	Unicorn-60804.exe
2328	Unicorn-1397.exe
2532	Unicorn-42430.exe
2352	Unicorn-36492.exe
2788	Unicorn-65325.exe
3028	Unicorn-19654.exe
1676	Unicorn-32844.exe
1796	Unicorn-8278.exe
1540	Unicorn-35221.exe
2492	Unicorn-39135.exe

Loads dropped DLL 64 IoCs

pid	Process
1972	040a9c5f062b8ac555f6d3ba2255558a40d5d2a83dbdf8b9bcddf11ff0b554eeN.exe
1972	040a9c5f062b8ac555f6d3ba2255558a40d5d2a83dbdf8b9bcddf11ff0b554eeN.exe
2156	Unicorn-38623.exe
1972	040a9c5f062b8ac555f6d3ba2255558a40d5d2a83dbdf8b9bcddf11ff0b554eeN.exe
1972	040a9c5f062b8ac555f6d3ba2255558a40d5d2a83dbdf8b9bcddf11ff0b554eeN.exe
2156	Unicorn-38623.exe
1724	Unicorn-2032.exe
1740	Unicorn-13537.exe
1740	Unicorn-13537.exe
1724	Unicorn-2032.exe
1972	040a9c5f062b8ac555f6d3ba2255558a40d5d2a83dbdf8b9bcddf11ff0b554eeN.exe
1972	040a9c5f062b8ac555f6d3ba2255558a40d5d2a83dbdf8b9bcddf11ff0b554eeN.exe
2156	Unicorn-38623.exe
2156	Unicorn-38623.exe
2840	Unicorn-3672.exe
2840	Unicorn-3672.exe
1724	Unicorn-2032.exe
1724	Unicorn-2032.exe
2884	Unicorn-6687.exe
2884	Unicorn-6687.exe
1740	Unicorn-13537.exe
1740	Unicorn-13537.exe
2728	Unicorn-22046.exe
2728	Unicorn-22046.exe
2156	Unicorn-38623.exe
1972	040a9c5f062b8ac555f6d3ba2255558a40d5d2a83dbdf8b9bcddf11ff0b554eeN.exe
2156	Unicorn-38623.exe
1972	040a9c5f062b8ac555f6d3ba2255558a40d5d2a83dbdf8b9bcddf11ff0b554eeN.exe
2640	Unicorn-8311.exe
2640	Unicorn-8311.exe
2660	Unicorn-43247.exe
2660	Unicorn-43247.exe
2840	Unicorn-3672.exe
2840	Unicorn-3672.exe
2860	Unicorn-56438.exe
2860	Unicorn-56438.exe
1740	Unicorn-13537.exe
1740	Unicorn-13537.exe
1320	Unicorn-48078.exe
1320	Unicorn-48078.exe
1724	Unicorn-2032.exe
1724	Unicorn-2032.exe
1280	Unicorn-36926.exe
1732	Unicorn-37191.exe
1280	Unicorn-36926.exe
1732	Unicorn-37191.exe
2640	Unicorn-8311.exe
1972	040a9c5f062b8ac555f6d3ba2255558a40d5d2a83dbdf8b9bcddf11ff0b554eeN.exe
1524	Unicorn-51607.exe
2640	Unicorn-8311.exe
1972	040a9c5f062b8ac555f6d3ba2255558a40d5d2a83dbdf8b9bcddf11ff0b554eeN.exe
1524	Unicorn-51607.exe
1472	Unicorn-31060.exe
1472	Unicorn-31060.exe
2884	Unicorn-6687.exe
2884	Unicorn-6687.exe
2156	Unicorn-38623.exe
2156	Unicorn-38623.exe
920	Unicorn-27295.exe
920	Unicorn-27295.exe
2728	Unicorn-22046.exe
2728	Unicorn-22046.exe
304	Unicorn-18354.exe
304	Unicorn-18354.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1804	1992	WerFault.exe	78

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62367.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43148.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4965.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42430.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64769.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57689.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45301.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23812.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46631.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54245.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47230.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1397.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28051.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46890.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2032.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47230.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11557.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40836.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24688.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11019.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46700.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51356.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43247.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40878.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59326.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48504.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40348.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61766.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21920.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18020.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10245.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40348.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24756.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4724.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40348.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4965.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1837.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28051.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36742.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36742.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47469.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54422.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46631.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6317.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45301.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30164.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2354.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25601.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4847.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5071.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30876.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54895.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19889.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65325.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28051.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27990.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2354.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14719.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36492.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54422.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36742.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8185.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52089.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57689.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1972	040a9c5f062b8ac555f6d3ba2255558a40d5d2a83dbdf8b9bcddf11ff0b554eeN.exe
2156	Unicorn-38623.exe
1724	Unicorn-2032.exe
1740	Unicorn-13537.exe
2840	Unicorn-3672.exe
2884	Unicorn-6687.exe
2728	Unicorn-22046.exe
2640	Unicorn-8311.exe
2660	Unicorn-43247.exe
1320	Unicorn-48078.exe
1524	Unicorn-51607.exe
2860	Unicorn-56438.exe
920	Unicorn-27295.exe
1472	Unicorn-31060.exe
1280	Unicorn-36926.exe
1732	Unicorn-37191.exe
304	Unicorn-18354.exe
2528	Unicorn-56049.exe
1748	Unicorn-61306.exe
668	Unicorn-55560.exe
1144	Unicorn-61690.exe
3036	Unicorn-14719.exe
628	Unicorn-29018.exe
1620	Unicorn-29018.exe
2964	Unicorn-27674.exe
316	Unicorn-18743.exe
2056	Unicorn-65177.exe
964	Unicorn-52370.exe
2080	Unicorn-48841.exe
1508	Unicorn-27601.exe
328	Unicorn-36034.exe
592	Unicorn-54186.exe
1644	Unicorn-655.exe
1628	Unicorn-10551.exe
1244	Unicorn-45454.exe
2552	Unicorn-56929.exe
2240	Unicorn-64775.exe
2460	Unicorn-58792.exe
2808	Unicorn-47536.exe
2744	Unicorn-56353.exe
2804	Unicorn-64521.exe
2032	Unicorn-41745.exe
2960	Unicorn-25144.exe
2748	Unicorn-25409.exe
1720	Unicorn-5543.exe
2004	Unicorn-25601.exe
1648	Unicorn-19470.exe
1992	Unicorn-63296.exe
2940	Unicorn-39860.exe
2584	Unicorn-59726.exe
2104	Unicorn-39860.exe
2920	Unicorn-59726.exe
1660	Unicorn-9373.exe
820	Unicorn-49444.exe
2996	Unicorn-60804.exe
2328	Unicorn-1397.exe
2532	Unicorn-42430.exe
2352	Unicorn-36492.exe
3028	Unicorn-19654.exe
2788	Unicorn-65325.exe
1676	Unicorn-32844.exe
1796	Unicorn-8278.exe
1540	Unicorn-35221.exe
2232	Unicorn-47111.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1972 wrote to memory of 2156	1972	040a9c5f062b8ac555f6d3ba2255558a40d5d2a83dbdf8b9bcddf11ff0b554eeN.exe	30
PID 1972 wrote to memory of 2156	1972	040a9c5f062b8ac555f6d3ba2255558a40d5d2a83dbdf8b9bcddf11ff0b554eeN.exe	30
PID 1972 wrote to memory of 2156	1972	040a9c5f062b8ac555f6d3ba2255558a40d5d2a83dbdf8b9bcddf11ff0b554eeN.exe	30
PID 1972 wrote to memory of 2156	1972	040a9c5f062b8ac555f6d3ba2255558a40d5d2a83dbdf8b9bcddf11ff0b554eeN.exe	30
PID 1972 wrote to memory of 1724	1972	040a9c5f062b8ac555f6d3ba2255558a40d5d2a83dbdf8b9bcddf11ff0b554eeN.exe	32
PID 1972 wrote to memory of 1724	1972	040a9c5f062b8ac555f6d3ba2255558a40d5d2a83dbdf8b9bcddf11ff0b554eeN.exe	32
PID 1972 wrote to memory of 1724	1972	040a9c5f062b8ac555f6d3ba2255558a40d5d2a83dbdf8b9bcddf11ff0b554eeN.exe	32
PID 1972 wrote to memory of 1724	1972	040a9c5f062b8ac555f6d3ba2255558a40d5d2a83dbdf8b9bcddf11ff0b554eeN.exe	32
PID 2156 wrote to memory of 1740	2156	Unicorn-38623.exe	31
PID 2156 wrote to memory of 1740	2156	Unicorn-38623.exe	31
PID 2156 wrote to memory of 1740	2156	Unicorn-38623.exe	31
PID 2156 wrote to memory of 1740	2156	Unicorn-38623.exe	31
PID 1740 wrote to memory of 2884	1740	Unicorn-13537.exe	34
PID 1740 wrote to memory of 2884	1740	Unicorn-13537.exe	34
PID 1740 wrote to memory of 2884	1740	Unicorn-13537.exe	34
PID 1740 wrote to memory of 2884	1740	Unicorn-13537.exe	34
PID 1724 wrote to memory of 2840	1724	Unicorn-2032.exe	33
PID 1724 wrote to memory of 2840	1724	Unicorn-2032.exe	33
PID 1724 wrote to memory of 2840	1724	Unicorn-2032.exe	33
PID 1724 wrote to memory of 2840	1724	Unicorn-2032.exe	33
PID 1972 wrote to memory of 2728	1972	040a9c5f062b8ac555f6d3ba2255558a40d5d2a83dbdf8b9bcddf11ff0b554eeN.exe	35
PID 1972 wrote to memory of 2728	1972	040a9c5f062b8ac555f6d3ba2255558a40d5d2a83dbdf8b9bcddf11ff0b554eeN.exe	35
PID 1972 wrote to memory of 2728	1972	040a9c5f062b8ac555f6d3ba2255558a40d5d2a83dbdf8b9bcddf11ff0b554eeN.exe	35
PID 1972 wrote to memory of 2728	1972	040a9c5f062b8ac555f6d3ba2255558a40d5d2a83dbdf8b9bcddf11ff0b554eeN.exe	35
PID 2156 wrote to memory of 2640	2156	Unicorn-38623.exe	36
PID 2156 wrote to memory of 2640	2156	Unicorn-38623.exe	36
PID 2156 wrote to memory of 2640	2156	Unicorn-38623.exe	36
PID 2156 wrote to memory of 2640	2156	Unicorn-38623.exe	36
PID 2840 wrote to memory of 2660	2840	Unicorn-3672.exe	37
PID 2840 wrote to memory of 2660	2840	Unicorn-3672.exe	37
PID 2840 wrote to memory of 2660	2840	Unicorn-3672.exe	37
PID 2840 wrote to memory of 2660	2840	Unicorn-3672.exe	37
PID 1724 wrote to memory of 1320	1724	Unicorn-2032.exe	38
PID 1724 wrote to memory of 1320	1724	Unicorn-2032.exe	38
PID 1724 wrote to memory of 1320	1724	Unicorn-2032.exe	38
PID 1724 wrote to memory of 1320	1724	Unicorn-2032.exe	38
PID 2884 wrote to memory of 1524	2884	Unicorn-6687.exe	40
PID 2884 wrote to memory of 1524	2884	Unicorn-6687.exe	40
PID 2884 wrote to memory of 1524	2884	Unicorn-6687.exe	40
PID 2884 wrote to memory of 1524	2884	Unicorn-6687.exe	40
PID 1740 wrote to memory of 2860	1740	Unicorn-13537.exe	41
PID 1740 wrote to memory of 2860	1740	Unicorn-13537.exe	41
PID 1740 wrote to memory of 2860	1740	Unicorn-13537.exe	41
PID 1740 wrote to memory of 2860	1740	Unicorn-13537.exe	41
PID 2728 wrote to memory of 920	2728	Unicorn-22046.exe	42
PID 2728 wrote to memory of 920	2728	Unicorn-22046.exe	42
PID 2728 wrote to memory of 920	2728	Unicorn-22046.exe	42
PID 2728 wrote to memory of 920	2728	Unicorn-22046.exe	42
PID 2156 wrote to memory of 1472	2156	Unicorn-38623.exe	43
PID 2156 wrote to memory of 1472	2156	Unicorn-38623.exe	43
PID 2156 wrote to memory of 1472	2156	Unicorn-38623.exe	43
PID 2156 wrote to memory of 1472	2156	Unicorn-38623.exe	43
PID 1972 wrote to memory of 1280	1972	040a9c5f062b8ac555f6d3ba2255558a40d5d2a83dbdf8b9bcddf11ff0b554eeN.exe	44
PID 1972 wrote to memory of 1280	1972	040a9c5f062b8ac555f6d3ba2255558a40d5d2a83dbdf8b9bcddf11ff0b554eeN.exe	44
PID 1972 wrote to memory of 1280	1972	040a9c5f062b8ac555f6d3ba2255558a40d5d2a83dbdf8b9bcddf11ff0b554eeN.exe	44
PID 1972 wrote to memory of 1280	1972	040a9c5f062b8ac555f6d3ba2255558a40d5d2a83dbdf8b9bcddf11ff0b554eeN.exe	44
PID 2640 wrote to memory of 1732	2640	Unicorn-8311.exe	45
PID 2640 wrote to memory of 1732	2640	Unicorn-8311.exe	45
PID 2640 wrote to memory of 1732	2640	Unicorn-8311.exe	45
PID 2640 wrote to memory of 1732	2640	Unicorn-8311.exe	45
PID 2660 wrote to memory of 304	2660	Unicorn-43247.exe	46
PID 2660 wrote to memory of 304	2660	Unicorn-43247.exe	46
PID 2660 wrote to memory of 304	2660	Unicorn-43247.exe	46
PID 2660 wrote to memory of 304	2660	Unicorn-43247.exe	46

C:\Users\Admin\AppData\Local\Temp\040a9c5f062b8ac555f6d3ba2255558a40d5d2a83dbdf8b9bcddf11ff0b554eeN.exe
"C:\Users\Admin\AppData\Local\Temp\040a9c5f062b8ac555f6d3ba2255558a40d5d2a83dbdf8b9bcddf11ff0b554eeN.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1972
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38623.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38623.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13537.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13537.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6687.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6687.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51607.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27674.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64521.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41548.exe
        8⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32140.exe
        9⤵
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59761.exe
        9⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8043.exe
        9⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46700.exe
        9⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8185.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46631.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54422.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40348.exe
        8⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51356.exe
        8⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30042.exe
        7⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28051.exe
        8⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32895.exe
        8⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7524.exe
        8⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4965.exe
        8⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2354.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25176.exe
        7⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43831.exe
        7⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29221.exe
        7⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62367.exe
        7⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46890.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5543.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50868.exe
        7⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4480.exe
        8⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15713.exe
        8⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18659.exe
        8⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46700.exe
        8⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17012.exe
        7⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7959.exe
        7⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13908.exe
        7⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40348.exe
        7⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51356.exe
        7⤵
        
        PID:6012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25770.exe
        6⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53214.exe
        7⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51326.exe
        8⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15713.exe
        7⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18659.exe
        7⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46700.exe
        7⤵
        
        PID:6416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47277.exe
        6⤵
        
        PID:2292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26648.exe
        6⤵
        
        PID:3884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54245.exe
        6⤵
        
        PID:4780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62367.exe
        6⤵
        
        PID:5908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46890.exe
        6⤵
        
        PID:6664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48841.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9373.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14412.exe
        7⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50210.exe
        8⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60389.exe
        8⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5970.exe
        8⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55365.exe
        8⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15850.exe
        7⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5071.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58996.exe
        7⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47230.exe
        7⤵
        
        PID:6252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27603.exe
        6⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28051.exe
        7⤵
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5209.exe
        7⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11752.exe
        7⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46700.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25176.exe
        6⤵
        
        PID:3308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43831.exe
        6⤵
        
        PID:3756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29221.exe
        6⤵
        
        PID:2400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62367.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46890.exe
        6⤵
        
        PID:6172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60804.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63997.exe
        6⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21215.exe
        7⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57982.exe
        7⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64637.exe
        7⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11019.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15850.exe
        6⤵
        
        PID:3472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5071.exe
        6⤵
        
        PID:4312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58996.exe
        6⤵
        
        PID:4684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47230.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41148.exe
        5⤵
        
        PID:2160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3216.exe
        6⤵
        
        PID:5600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23533.exe
        6⤵
        
        PID:5632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26785.exe
        5⤵
        
        PID:3440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27295.exe
        5⤵
        
        PID:3692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5254.exe
        5⤵
        
        PID:4568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40836.exe
        5⤵
        
        PID:5956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41555.exe
        5⤵
        
        PID:6632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56438.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56438.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61306.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56929.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13670.exe
        7⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11339.exe
        8⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57689.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49500.exe
        8⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7959.exe
        7⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9994.exe
        7⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30164.exe
        7⤵
        
        PID:6480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26861.exe
        6⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32140.exe
        7⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27990.exe
        7⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36742.exe
        7⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40348.exe
        7⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51356.exe
        7⤵
        
        PID:5636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21920.exe
        6⤵
        
        PID:1944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52496.exe
        6⤵
        
        PID:3780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45757.exe
        6⤵
        
        PID:4436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45301.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2884.exe
        6⤵
        
        PID:7072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64775.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7723.exe
        6⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61766.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27990.exe
        7⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36742.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40348.exe
        7⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51356.exe
        7⤵
        
        PID:7140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3364.exe
        6⤵
        
        PID:1612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7959.exe
        6⤵
        
        PID:3772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13908.exe
        6⤵
        
        PID:4932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40348.exe
        6⤵
        
        PID:6136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51356.exe
        6⤵
        
        PID:5616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18313.exe
        5⤵
        
        PID:2712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32332.exe
        6⤵
        
        PID:2468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27990.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36742.exe
        6⤵
        
        PID:4532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40348.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51356.exe
        6⤵
        
        PID:7160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27786.exe
        5⤵
        
        PID:3032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51411.exe
        5⤵
        
        PID:4884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3617.exe
        5⤵
        
        PID:5204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25699.exe
        5⤵
        
        PID:6292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55560.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58792.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46727.exe
        6⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28051.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32895.exe
        7⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30876.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4965.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2354.exe
        7⤵
        
        PID:6228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8185.exe
        6⤵
        
        PID:3132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46631.exe
        6⤵
        
        PID:3768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36742.exe
        6⤵
        
        PID:4636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61837.exe
        6⤵
        
        PID:5784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51356.exe
        6⤵
        
        PID:6672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53286.exe
        5⤵
        
        PID:2812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28051.exe
        6⤵
        
        PID:2272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32895.exe
        6⤵
        
        PID:4052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14540.exe
        6⤵
        
        PID:3592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4965.exe
        6⤵
        
        PID:5640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2354.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25176.exe
        5⤵
        
        PID:3252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51411.exe
        5⤵
        
        PID:4872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10524.exe
        5⤵
        
        PID:4456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25699.exe
        5⤵
        
        PID:6268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47536.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54895.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5030.exe
        6⤵
        
        PID:2072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27990.exe
        6⤵
        
        PID:2872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46062.exe
        6⤵
        
        PID:3672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30164.exe
        6⤵
        
        PID:6260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10245.exe
        5⤵
        
        PID:1356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7959.exe
        5⤵
        
        PID:3784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9994.exe
        5⤵
        
        PID:4692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30164.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32617.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32617.exe
      4⤵
      PID:2780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30111.exe
        5⤵
        
        PID:2944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15713.exe
        5⤵
        
        PID:3960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8043.exe
        5⤵
        
        PID:5024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4965.exe
        5⤵
        
        PID:5592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2354.exe
        5⤵
        
        PID:6244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4562.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4562.exe
      4⤵
      PID:1932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5689.exe
      4⤵
      PID:3844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49779.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49779.exe
      4⤵
      PID:4940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14012.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14012.exe
      4⤵
      PID:5832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45755.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45755.exe
      4⤵
      PID:7016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8311.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8311.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37191.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29018.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21682.exe
        6⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28051.exe
        7⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32895.exe
        7⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48557.exe
        7⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4965.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2354.exe
        7⤵
        
        PID:7096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21920.exe
        6⤵
        
        PID:3084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2409.exe
        6⤵
        
        PID:4892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52089.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47230.exe
        6⤵
        
        PID:6400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39860.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47469.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37380.exe
        7⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64596.exe
        7⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49500.exe
        7⤵
        
        PID:6356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24018.exe
        6⤵
        
        PID:3500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11074.exe
        6⤵
        
        PID:4916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9994.exe
        6⤵
        
        PID:4828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30164.exe
        6⤵
        
        PID:6440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57867.exe
        5⤵
        
        PID:3056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23728.exe
        6⤵
        
        PID:2536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52218.exe
        6⤵
        
        PID:3396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24923.exe
        6⤵
        
        PID:4468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36742.exe
        6⤵
        
        PID:4540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40348.exe
        6⤵
        
        PID:6108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51356.exe
        6⤵
        
        PID:5608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52840.exe
        5⤵
        
        PID:1976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5159.exe
        5⤵
        
        PID:3864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54245.exe
        5⤵
        
        PID:4788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40878.exe
        5⤵
        
        PID:2304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50460.exe
        5⤵
        
        PID:6924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65177.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65177.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25409.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5362.exe
        6⤵
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52218.exe
        6⤵
        
        PID:3216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24923.exe
        6⤵
        
        PID:4460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44910.exe
        6⤵
        
        PID:4292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61837.exe
        6⤵
        
        PID:5792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51356.exe
        6⤵
        
        PID:6684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26913.exe
        5⤵
        
        PID:844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28051.exe
        6⤵
        
        PID:1308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13736.exe
        6⤵
        
        PID:4324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3087.exe
        6⤵
        
        PID:5236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30164.exe
        6⤵
        
        PID:6496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2586.exe
        5⤵
        
        PID:3364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43831.exe
        5⤵
        
        PID:3740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53726.exe
        5⤵
        
        PID:4584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62367.exe
        5⤵
        
        PID:5900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46890.exe
        5⤵
        
        PID:6576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19470.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5362.exe
        5⤵
        
        PID:2680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5549.exe
        6⤵
        
        PID:2848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27990.exe
        6⤵
        
        PID:3348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36742.exe
        6⤵
        
        PID:1736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40348.exe
        6⤵
        
        PID:5160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51356.exe
        6⤵
        
        PID:7136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21920.exe
        5⤵
        
        PID:3092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52496.exe
        5⤵
        
        PID:4008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45757.exe
        5⤵
        
        PID:4416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47230.exe
        5⤵
        
        PID:6316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5097.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5097.exe
      4⤵
      PID:1536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23780.exe
        5⤵
        
        PID:2172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27990.exe
        5⤵
        
        PID:3152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36742.exe
        5⤵
        
        PID:4352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40348.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51356.exe
        5⤵
        
        PID:5664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23401.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23401.exe
      4⤵
      PID:912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10113.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10113.exe
      4⤵
      PID:3900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5773.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5773.exe
      4⤵
      PID:4960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40836.exe
      4⤵
      PID:5940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41555.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41555.exe
      4⤵
      PID:6600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31060.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31060.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52370.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41745.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26529.exe
        6⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11557.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37735.exe
        7⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48157.exe
        7⤵
        
        PID:6636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-416.exe
        6⤵
        
        PID:3372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18610.exe
        6⤵
        
        PID:5084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4079.exe
        6⤵
        
        PID:5944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18491.exe
        6⤵
        
        PID:6620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48107.exe
        5⤵
        
        PID:2248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5575.exe
        6⤵
        
        PID:3336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46631.exe
        6⤵
        
        PID:3612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54422.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61837.exe
        6⤵
        
        PID:5740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51356.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21920.exe
        5⤵
        
        PID:1608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54073.exe
        5⤵
        
        PID:4332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3617.exe
        5⤵
        
        PID:5220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25699.exe
        5⤵
        
        PID:6276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63296.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1992
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 240
        5⤵
        Program crash
        
        PID:1804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1837.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1837.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34213.exe
        5⤵
        
        PID:5268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24275.exe
        5⤵
        
        PID:6248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62336.exe
      4⤵
      PID:3620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54245.exe
      4⤵
      PID:4908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40878.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40878.exe
      4⤵
      PID:692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46890.exe
      4⤵
      PID:6992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27601.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27601.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59726.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59726.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15559.exe
        5⤵
        
        PID:2720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44057.exe
        6⤵
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53445.exe
        6⤵
        
        PID:6832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52218.exe
        5⤵
        
        PID:3208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19107.exe
        5⤵
        
        PID:5068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3087.exe
        5⤵
        
        PID:5228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30164.exe
        5⤵
        
        PID:6504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59197.exe
      4⤵
      PID:1624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7959.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7959.exe
      4⤵
      PID:3792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9994.exe
      4⤵
      PID:4120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30164.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30164.exe
      4⤵
      PID:6464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56155.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56155.exe
    3⤵
    PID:1464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53512.exe
      4⤵
      PID:5976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53445.exe
      4⤵
      PID:6824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19889.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19889.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22830.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22830.exe
    3⤵
    PID:3928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1741.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1741.exe
    3⤵
    PID:720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18212.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18212.exe
    3⤵
    PID:5824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18020.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18020.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6756
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2032.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2032.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3672.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3672.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43247.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18354.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-655.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8278.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52986.exe
        8⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32895.exe
        8⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7524.exe
        8⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4965.exe
        8⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2354.exe
        8⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8185.exe
        7⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46631.exe
        7⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54422.exe
        7⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61837.exe
        7⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51356.exe
        7⤵
        
        PID:6196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35221.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52041.exe
        7⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27990.exe
        7⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54422.exe
        7⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30164.exe
        7⤵
        
        PID:6456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21920.exe
        6⤵
        
        PID:1756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52496.exe
        6⤵
        
        PID:4004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4724.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45301.exe
        6⤵
        
        PID:6028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2884.exe
        6⤵
        
        PID:6580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48055.exe
        5⤵
        Executes dropped EXE
        
        PID:3020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47111.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22310.exe
        7⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59326.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64637.exe
        7⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11019.exe
        7⤵
        
        PID:6548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8185.exe
        6⤵
        
        PID:2488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46631.exe
        6⤵
        
        PID:3428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54422.exe
        6⤵
        
        PID:2036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61837.exe
        6⤵
        
        PID:5448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51356.exe
        6⤵
        
        PID:6188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41173.exe
        5⤵
        
        PID:780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14089.exe
        6⤵
        
        PID:3812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59845.exe
        6⤵
        
        PID:4852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55365.exe
        6⤵
        
        PID:6348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16510.exe
        5⤵
        
        PID:3324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27295.exe
        5⤵
        
        PID:3684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46287.exe
        5⤵
        
        PID:4392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40836.exe
        5⤵
        
        PID:5868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41555.exe
        5⤵
        
        PID:7048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56049.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56049.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10551.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39135.exe
        6⤵
        Executes dropped EXE
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28051.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32895.exe
        7⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48557.exe
        7⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49013.exe
        7⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2354.exe
        7⤵
        
        PID:7112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19310.exe
        6⤵
        
        PID:3236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52496.exe
        6⤵
        
        PID:3668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45757.exe
        6⤵
        
        PID:4388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45301.exe
        6⤵
        
        PID:5860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2884.exe
        6⤵
        
        PID:7008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1589.exe
        5⤵
        
        PID:884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53063.exe
        6⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43158.exe
        7⤵
        
        PID:6872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5464.exe
        6⤵
        
        PID:3616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5243.exe
        6⤵
        
        PID:4964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47230.exe
        6⤵
        
        PID:6340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64769.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61863.exe
        6⤵
        
        PID:4704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41217.exe
        6⤵
        
        PID:5704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42292.exe
        6⤵
        
        PID:6648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6281.exe
        5⤵
        
        PID:3380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2075.exe
        5⤵
        
        PID:5096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3617.exe
        5⤵
        
        PID:5212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25699.exe
        5⤵
        
        PID:6284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45454.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45454.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29623.exe
        5⤵
        
        PID:1316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33546.exe
        6⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1739.exe
        7⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7663.exe
        7⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42484.exe
        7⤵
        
        PID:6772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52908.exe
        6⤵
        
        PID:3596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46631.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36742.exe
        6⤵
        
        PID:4552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40348.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51356.exe
        6⤵
        
        PID:6220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51034.exe
        5⤵
        
        PID:1164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63202.exe
        6⤵
        
        PID:4424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23755.exe
        6⤵
        
        PID:5176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49500.exe
        6⤵
        
        PID:6376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-416.exe
        5⤵
        
        PID:3344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14452.exe
        5⤵
        
        PID:4336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3380.exe
        5⤵
        
        PID:4744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23812.exe
        5⤵
        
        PID:5716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2884.exe
        5⤵
        
        PID:7088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13405.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13405.exe
      4⤵
      PID:1908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46395.exe
        5⤵
        
        PID:1480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52218.exe
        5⤵
        
        PID:3260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19107.exe
        5⤵
        
        PID:5076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9994.exe
        5⤵
        
        PID:4656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30164.exe
        5⤵
        
        PID:6472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36696.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36696.exe
      4⤵
      PID:1780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46617.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46617.exe
      4⤵
      PID:3356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6317.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6317.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24756.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35501.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35501.exe
      4⤵
      PID:5700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45755.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45755.exe
      4⤵
      PID:7024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48078.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48078.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61690.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61690.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25601.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20407.exe
        6⤵
        
        PID:3052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15713.exe
        6⤵
        
        PID:3984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8043.exe
        6⤵
        
        PID:5056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4965.exe
        6⤵
        
        PID:5840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2354.exe
        6⤵
        
        PID:5196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3914.exe
        5⤵
        
        PID:2724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29448.exe
        5⤵
        
        PID:3916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13908.exe
        5⤵
        
        PID:5104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61837.exe
        5⤵
        
        PID:5768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51356.exe
        5⤵
        
        PID:6696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39860.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39860.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5362.exe
        5⤵
        
        PID:1468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61863.exe
        6⤵
        
        PID:4696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17141.exe
        6⤵
        
        PID:4212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55365.exe
        6⤵
        
        PID:6384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52218.exe
        5⤵
        
        PID:3224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8587.exe
        5⤵
        
        PID:4364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36742.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61837.exe
        5⤵
        
        PID:5776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51356.exe
        5⤵
        
        PID:6716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64769.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64769.exe
      4⤵
      PID:1196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5139.exe
        5⤵
        
        PID:888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15713.exe
        5⤵
        
        PID:3944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8043.exe
        5⤵
        
        PID:4972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4965.exe
        5⤵
        
        PID:5644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2354.exe
        5⤵
        
        PID:6516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31875.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31875.exe
      4⤵
      PID:1816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26648.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26648.exe
      4⤵
      PID:3892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54245.exe
      4⤵
      PID:4864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40878.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40878.exe
      4⤵
      PID:5932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46890.exe
      4⤵
      PID:6224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14719.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14719.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56353.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51034.exe
        5⤵
        
        PID:2732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28051.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32895.exe
        6⤵
        
        PID:4040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48557.exe
        6⤵
        
        PID:4452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4965.exe
        6⤵
        
        PID:5660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2354.exe
        6⤵
        
        PID:6532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21920.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52496.exe
        5⤵
        
        PID:4104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11740.exe
        5⤵
        
        PID:4204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45301.exe
        5⤵
        
        PID:6000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2884.exe
        5⤵
        
        PID:6608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31194.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31194.exe
      4⤵
      PID:1640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54842.exe
        5⤵
        
        PID:4232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57689.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49500.exe
        5⤵
        
        PID:6408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52938.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52938.exe
      4⤵
      PID:3560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28449.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28449.exe
      4⤵
      PID:5004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52089.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52089.exe
      4⤵
      PID:5244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47230.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25144.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25144.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39182.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39182.exe
      4⤵
      PID:1672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15713.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15713.exe
      4⤵
      PID:3952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18659.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18659.exe
      4⤵
      PID:4860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46700.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46700.exe
      4⤵
      PID:6488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14299.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14299.exe
    3⤵
    PID:1744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10113.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10113.exe
    3⤵
    PID:3908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5773.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5773.exe
    3⤵
    PID:5060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40836.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40836.exe
    3⤵
    PID:5964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41555.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41555.exe
    3⤵
    PID:6560
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22046.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22046.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27295.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27295.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36034.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36034.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42430.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49581.exe
        6⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14089.exe
        7⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59845.exe
        7⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43148.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11259.exe
        7⤵
        
        PID:6912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24018.exe
        6⤵
        
        PID:3492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46631.exe
        6⤵
        
        PID:3432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54422.exe
        6⤵
        
        PID:4228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40348.exe
        6⤵
        
        PID:6068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51356.exe
        6⤵
        
        PID:7000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13488.exe
        5⤵
        
        PID:2548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19501.exe
        6⤵
        
        PID:5320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28556.exe
        6⤵
        
        PID:6612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29585.exe
        5⤵
        
        PID:3464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52496.exe
        5⤵
        
        PID:3996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45757.exe
        5⤵
        
        PID:2276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45301.exe
        5⤵
        
        PID:6020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2884.exe
        5⤵
        
        PID:6160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65325.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65325.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5362.exe
        5⤵
        
        PID:576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56691.exe
        6⤵
        
        PID:3404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46631.exe
        6⤵
        
        PID:3832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36742.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40348.exe
        6⤵
        
        PID:6092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51356.exe
        6⤵
        
        PID:7128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19310.exe
        5⤵
        
        PID:3244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52496.exe
        5⤵
        
        PID:3660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45757.exe
        5⤵
        
        PID:4300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23812.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2884.exe
        5⤵
        
        PID:7080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64769.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64769.exe
      4⤵
      PID:2644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11987.exe
        5⤵
        
        PID:6180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8655.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8655.exe
      4⤵
      PID:4088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46287.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46287.exe
      4⤵
      PID:4380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40836.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41555.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41555.exe
      4⤵
      PID:7056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54186.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54186.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1397.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1397.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2534.exe
        5⤵
        
        PID:2776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15713.exe
        5⤵
        
        PID:3964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8043.exe
        5⤵
        
        PID:4948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4965.exe
        5⤵
        
        PID:5316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2354.exe
        5⤵
        
        PID:6540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56950.exe
      4⤵
      PID:1008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7959.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7959.exe
      4⤵
      PID:3724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13908.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13908.exe
      4⤵
      PID:4880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40348.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40348.exe
      4⤵
      PID:5132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51356.exe
      4⤵
      PID:5624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36492.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36492.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39301.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39301.exe
      4⤵
      PID:1912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61095.exe
        5⤵
        
        PID:4792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53763.exe
        5⤵
        
        PID:4712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43148.exe
        5⤵
        
        PID:5688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11019.exe
        5⤵
        
        PID:7064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5435.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5435.exe
      4⤵
      PID:3604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46631.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46631.exe
      4⤵
      PID:3648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36742.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36742.exe
      4⤵
      PID:4612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61837.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61837.exe
      4⤵
      PID:5800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51356.exe
      4⤵
      PID:6704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49316.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49316.exe
    3⤵
    PID:2524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5230.exe
      4⤵
      PID:5984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56956.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56956.exe
      4⤵
      PID:6760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34953.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34953.exe
    3⤵
    PID:3508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27295.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27295.exe
    3⤵
    PID:3140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46287.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46287.exe
    3⤵
    PID:4296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20364.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20364.exe
    3⤵
    PID:6300
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36926.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36926.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29018.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29018.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19654.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5030.exe
        5⤵
        
        PID:2100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15713.exe
        5⤵
        
        PID:3976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8043.exe
        5⤵
        
        PID:5016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4965.exe
        5⤵
        
        PID:5968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2354.exe
        5⤵
        
        PID:7104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10245.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33856.exe
      4⤵
      PID:4072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36244.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36244.exe
      4⤵
      PID:4644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45301.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45301.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2884.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2884.exe
      4⤵
      PID:6656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32844.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32844.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7967.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7967.exe
      4⤵
      PID:1692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52218.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52218.exe
      4⤵
      PID:3332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54245.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40878.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40878.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7892.exe
      4⤵
      PID:6864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18557.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18557.exe
    3⤵
    PID:2196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6281.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6281.exe
    3⤵
    PID:3392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5787.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5787.exe
    3⤵
    PID:4344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52382.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52382.exe
    3⤵
    PID:932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62367.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62367.exe
    3⤵
    PID:5912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46890.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46890.exe
    3⤵
    PID:6568
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18743.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18743.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59726.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59726.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24688.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24688.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60201.exe
        5⤵
        
        PID:6140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
        5⤵
        
        PID:6732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52218.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52218.exe
      4⤵
      PID:3188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24923.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24923.exe
      4⤵
      PID:4476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44910.exe
      4⤵
      PID:4220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61837.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61837.exe
      4⤵
      PID:5760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51356.exe
      4⤵
      PID:6712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45087.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45087.exe
    3⤵
    PID:2892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4847.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4847.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35781.exe
      4⤵
      PID:4664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43148.exe
      4⤵
      PID:5676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13824.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13824.exe
    3⤵
    PID:3632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5243.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5243.exe
    3⤵
    PID:5036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45301.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45301.exe
    3⤵
    PID:6036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2884.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2884.exe
    3⤵
    PID:6556
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49444.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49444.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24636.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24636.exe
    3⤵
    PID:1528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65164.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65164.exe
      4⤵
      PID:4560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48504.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48504.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42484.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42484.exe
      4⤵
      PID:6780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41288.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41288.exe
    3⤵
    PID:3876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46631.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46631.exe
    3⤵
    PID:3808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60321.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60321.exe
    3⤵
    PID:5816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23148.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23148.exe
    3⤵
    PID:6788
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7164.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7164.exe
  2⤵
  PID:2792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28051.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28051.exe
    3⤵
    PID:2096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22492.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22492.exe
    3⤵
    PID:4492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18399.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18399.exe
    3⤵
    PID:6044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31854.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31854.exe
    3⤵
    PID:6584
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11462.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11462.exe
  2⤵
  PID:3196
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17495.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17495.exe
  2⤵
  PID:3708
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18468.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18468.exe
  2⤵
  PID:4528
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56013.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56013.exe
  2⤵
  PID:5696
- C:\Users\Admin\AppData\Local\Temp\Unicorn-65356.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-65356.exe
  2⤵
  PID:7040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14012.exe

Filesize
468KB

MD5
b78348e84d66df2c799789902206714d

SHA1
c3320fe71e6e82eb6eea65d5de8bdc26c29f2ee9

SHA256
62664b88637edcbf0178cb2435314e65c6afc14085e4200f972f6a7d62803ee1

SHA512
712441533388aa1ad9d7b1fef84d543c4eee1867b20afc93620424c51e890a89223128c201d5d53e66c39352b32237d74c800727b09fa5b4d4cb80bccea074b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2032.exe

Filesize
468KB

MD5
de3ca26f3917dd528772a0b519fee9d4

SHA1
2bc2c3deae36a5974584a889f42a796683b56315

SHA256
7b114ea0ea126c3ffc83f7fb1374662f8722fb7ac7497a6ab300522c23e56786

SHA512
ba02ab97cea741cdeebfabe1c872d75f98484f6e5d3d5a6275a55068a8f8a731f713e560e608587345d2ed79d6cf72bb2be2be9f2f6b67e9a7f29b39671ef938

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27295.exe

Filesize
468KB

MD5
f98bd0d31690ff6a186802f0f70c14e2

SHA1
6baa580bdd1f07fc4bd962dd3285e5cf77ed4d9b

SHA256
63e60ddad3ffec8446f1d0f1718d3c41fac550d04bf5264a4a0c998a69631940

SHA512
bf0845adda8c680ed1732c09a7278c802df885c1c546abc7ca028129fa28a86777b37ca346cf691303b5b6496c6f4299b761925322b1e95a4506c660aefced2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31060.exe

Filesize
468KB

MD5
80911c14ca682c863de5be4a4192bfa3

SHA1
d253e71023ccc92476f0ae041314d5f5519f0acf

SHA256
375006f025d1736d3eb122e86a6d91bb89c983fae259063d2281e01b5a2b7c52

SHA512
74fd5f71cbdc1faf4d4bee6265c1b8b99ca5daff7635f87b2aae226ecdd2f47f4e75d6327520632ae4d3937c764fa477f04d77af00f92bf4ae347c4ab0c248c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36926.exe

Filesize
468KB

MD5
b99d23a1c348bcac107ec406c139386c

SHA1
55910bc3b1fe2aaa85630c62b813dc1be0741149

SHA256
82904d4590f098348504be8bba84548d7cf9b6d869a9b69a53d171c9c67596ee

SHA512
a9562f9702dd167975679ed195c319d0f8841eab3478d167f359c98de78a7a41ee9030ba2b812dd1acf0d2fc99444d0252469ca5e33c91c3d14c32c16a9c75fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43247.exe

Filesize
468KB

MD5
3f70e3b215403649e21b93a114e5035e

SHA1
1ed0b46a5ff29ad1dd7fbcf89058122f3d738128

SHA256
5f9e630c56e5f93df0bee4cb756d946d23d3c719c7987f917989f7f2a38bef16

SHA512
81e3ce16aecd1005f4ceeb946a3c39f56c32c516e69e5c3f731836424a1ca9dc20d8f44d82c7e3a12f93c3871c8d84611080bf37ec57c8d246fa02795ba787b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47469.exe

Filesize
468KB

MD5
6084463ab07e47ee101899941a2ad597

SHA1
ce29acbb783953446902752ea121e6eba6c66a02

SHA256
70863b9afc8da612b07326307718063835ee1c46427f5fb26992647240a8e048

SHA512
4ef0f651d8a1c12c184751514588b63fa513c11a90c6a513377a03a47d850ca91149bfe190aaf58cefb01cd19ac313bc4e4769c68acec4d04d9f06f6e2af7fe9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52840.exe

Filesize
468KB

MD5
b85000a824f316a0b658a777b6514f79

SHA1
bed56f96cab6f2cfa2b32cf07a267265b9f4094c

SHA256
6c7ca7f64ea0bc11c8a0b3054809cd46af3fa9b3a3c471d6e255e949485a6462

SHA512
0bd54acfedfb17e6595c9f081357daffc32bedfbb3f588a337b482bcde75c76e351e769432a3c3b020f741ca25312e965e1d83e830fc83203f46c94c5eaba6e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56049.exe

Filesize
468KB

MD5
38310a57e648e3c5c0b0033af8eae8ee

SHA1
45e8d21e9819d4767baedd7b24148723b59e2477

SHA256
e2d3e7e550810395892b6db1b20d249496e223bd5f0ab796e71cedefe6dc216b

SHA512
60025c4c87c74721b65b285af0f1a283e599336ada7e8c943a739134186e5e230f456ada19c9fa1e05d7e1250d3baa026e8a58f2db9a403d5cc861cebf0ae170

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56438.exe

Filesize
468KB

MD5
80578cfeda41bfeacd52c08d6c2a87d3

SHA1
abf1590c7d98fae5fe83d3007b3e380fea01d71f

SHA256
a1a44f465289499fde67990c2c08cb5b7e824af3551ef4d98e934bb222762d80

SHA512
4827e3ed2c2c95f270a433eeb2cc8ed71cd43591f674abb77fba67c96c447b7ebf898b40b7a1f2da5edda951929a01b40adbfde67e856928bfd8c9efb197430d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6687.exe

Filesize
468KB

MD5
5a50d00943029fbe5119b072788f67a1

SHA1
0abbeed7a5bcc565f3e0269dbae108b6ac295292

SHA256
6be0f565d87636205ab795b3c8d00dce4c283007cfecfccaa1331bfc0ce3f43b

SHA512
6db483c3f57ccfe118f0a5602d67aea1466d79ebc7d23f16a80fa396b00ef3c2d845aaf025827201f598e8f6bdf18701ad1744647c7f8e6ad1894851237e3495

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8278.exe

Filesize
468KB

MD5
b02b2fbf8b45fe8bc4ded35b01f0ff60

SHA1
7d500e40a78bfda1983172d215c2fbcec0918f05

SHA256
7acf892433db421d729c64c2a19705de72829be8a037221d53ebe93c76583668

SHA512
6556cbe8fe32dfa8848b281c239cc004c2a4dd0fb9f9ea27be9671bcda065eb2fe74f38b7ca1c7aa202b39c4826b04430e1e93e6d8eb5f6d6e33384349c4a4a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8311.exe

Filesize
468KB

MD5
28223bc76f1d5edc7fd1a89f11f734db

SHA1
21d8476c57fb33574ccbd6688a73939eb2da542a

SHA256
d6e03d18f2bb5813baf94a59646d0657d4108ac1fabb032aa687722c9dde822d

SHA512
77debb1d6626ee04dc3e488e2c23b190069d85b74da981548b17d627a798c7a4b4573011479e97664e013bb4490bb3096ab15c4f18fab5f643378a92f8d0e249

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13537.exe

Filesize
468KB

MD5
27adc251bfb4d7baec351203c7b8d45a

SHA1
23f2e55b45a191d454a5cfb7a717aa63dbf347e5

SHA256
88b0646449b763e489618d0dcc3462d56a070fcfb3e8443e5dbc2dd51cc637e1

SHA512
9b2b857ee01bf968e52f57cffaf886a55b3141dbaf6e96519ba531c36b867900b6b33c2cbabc7c4f5d0ebb01dfc8100fb15f9db86a2e9d6676ed77df7894f221

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18354.exe

Filesize
468KB

MD5
a2805a78580bfc96fc985f7129569370

SHA1
ce3bf5157ffe61a2a295e0caa22b614e5be5e891

SHA256
be1a6007c1ec77d5cf191764368c9de8dd5c7c9a9689b71c649c2ee8104d198e

SHA512
27a2fd99a2192f1980b61d99eec7f35619650fe42873c19d67ac859ca841157101141680c51222398a7d093baadbef7c06df8c5805f71ac3ec4dc47a006b867b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22046.exe

Filesize
468KB

MD5
aaf68eaab724a3c9acce37339dfcd1a2

SHA1
f9bcd9f72fd0af1cae70f9bec0bc07016a96c9c1

SHA256
0156db8040282d30439eacb9ef68b7c8f54834d9a90b5b63fac2c2008fed8cdc

SHA512
354b91e93113481783ba5d49229bf07e3c6bb17b36a6db152bf7e7d62c2de0560918434b3da3645c20efb5ac88379ff79e18d8d200cf495c3c556a2a43987c11

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3672.exe

Filesize
468KB

MD5
9b95cbe0748acfcc32b7e74c54f90624

SHA1
099149cb3653b324ed0180be627d40fa06aebaac

SHA256
47d92f70dd1916245b29545bf3dc8fc53d124c8e1786439209a0e1a3da5245ff

SHA512
6d765ea4f6ba7824e0caf00a2edcc5860cb2eba86466fe41bf42c4ead6310d8b12430f9775d87466cffb3dccfc4a42f9b6115c6f07e941f3a0aefb4b5d82b338

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37191.exe

Filesize
468KB

MD5
e4c16e1db7f0edeac6e15bfe067bbfdb

SHA1
af44cdf606d43823f76692808847b2192be3f5d6

SHA256
3fd41094393f8882d7b704ac9f33a6696a4aceb06828cff4a5469a59594e17dd

SHA512
eae52179308d7dbaa8f976ea1aa32e540aac9801ae4c8ba9a6491e2a232b49ba6c47dde217e8673b5118270d297dff74a333c6b76985634765cdbcf0ad2ab9ef

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38623.exe

Filesize
468KB

MD5
d23d194dab59338763de9aa161765d63

SHA1
d0e8b50dad2404d39ebd6fba1c775e7fa2e56a7c

SHA256
7827f05f2b2bb14b44698961f6d5b6389eb0d8238a2d405aaf8eec206418e18d

SHA512
24fc277ef53deac84d61384a04739dfedebb8c9001cd1bbe54f34df24c25333814f4b67c9b9e18fedd76b456087fd0f0f7af72c3080fef79bd41ef5098e836e2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48078.exe

Filesize
468KB

MD5
5f499685117f88c4aeb464bdcd66dc11

SHA1
d0c902c551136a9d3d61bee31f75494af322b973

SHA256
06e37e28553ec026977b2eb184f59b3ebf9fc80a4b3d7b9f4b76fc1c4d8c58fc

SHA512
1abcd6da5b8779483caf28215cabe6892182828dade353b2b46f53afdfe00e8098313ed8a7771a59949d2bfe04ecce68ee99b9e9d504a421ae61b743e4fb27d1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51607.exe

Filesize
468KB

MD5
af4bdc7b29ab8d4222cca961f2564c6c

SHA1
d8119aa54c4d225c2754d0ff05dedf98972475c2

SHA256
cb7344a9c749f745763b7aea51b838ec865fcd4e6a0f3426c18ef6ca508604ab

SHA512
933f00f8bda58e65c872671a8455374da767adb63bf8c41cacfec2d93d2ff6093e5986ea400bc43e0bbc1f502e13de9dda2b8c11d502ee5df76cdf9f4ad9c5e8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61306.exe

Filesize
468KB

MD5
d7a9eb7e71802199620ad214b10c7a28

SHA1
1daebbd83e324eb2cbb93ba0567990d0d03f54a4

SHA256
9ed8347ef54dbfa6483e01cbd42e354ecdf9a2a4005b997d966dc4adcc3325c7

SHA512
354a85ed51844751425414c1dda71bd1de5dfddd041afb9085ea5be793edb11507e7d05acd6f283d54dda3e347c21735738d5a708ee6ad2d06f3ab3cfe26c471

Download Submit