fc54173baf7799c3ed0b1ae8d23a4a04e73d17da2b6fd2e2bc86b2fc63fc86c0

Analysis

max time kernel
118s
max time network
17s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13/10/2024, 13:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fc54173baf7799c3ed0b1ae8d23a4a04e73d17da2b6fd2e2bc86b2fc63fc86c0N.exe
Size

468KB
MD5

a95597be068bf7c7096f9841b2e624b0
SHA1

4b97b6094f529bfa2f51467a71293dae36443c9a
SHA256

fc54173baf7799c3ed0b1ae8d23a4a04e73d17da2b6fd2e2bc86b2fc63fc86c0
SHA512

09d4a6f12d8b5af412ef99043462a1eab2b2012114179a0e2a94f04ac1c211c45aa72463e93c3de6a901795dfbdebea7bc7b2755f0568caa8dd94d7b527813b0
SSDEEP

3072:VoA3ogM+Ig5UtbYFXz5jcf8/q942PgpucmHmGVsOhYk8Fpp9AAl9:VosobQUt+Xtjcf3cDChYNTp9A

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2432	Unicorn-55396.exe
3048	Unicorn-55718.exe
2012	Unicorn-31768.exe
2848	Unicorn-42371.exe
1744	Unicorn-23988.exe
2796	Unicorn-10253.exe
2876	Unicorn-30119.exe
2652	Unicorn-33492.exe
2244	Unicorn-29770.exe
1212	Unicorn-37384.exe
1784	Unicorn-37384.exe
1740	Unicorn-5863.exe
540	Unicorn-5598.exe
1424	Unicorn-65270.exe
2460	Unicorn-51535.exe
2292	Unicorn-33814.exe
2724	Unicorn-53528.exe
2252	Unicorn-45874.exe
2964	Unicorn-55386.exe
1060	Unicorn-49256.exe
3040	Unicorn-51665.exe
1964	Unicorn-59278.exe
2464	Unicorn-18992.exe
1992	Unicorn-38858.exe
1676	Unicorn-38858.exe
1980	Unicorn-30306.exe
848	Unicorn-22138.exe
1256	Unicorn-5039.exe
1872	Unicorn-1452.exe
2092	Unicorn-40704.exe
588	Unicorn-26968.exe
1412	Unicorn-16383.exe
1776	Unicorn-51285.exe
564	Unicorn-42231.exe
1520	Unicorn-59314.exe
1496	Unicorn-13642.exe
2904	Unicorn-42977.exe
2776	Unicorn-50591.exe
3028	Unicorn-59122.exe
2832	Unicorn-13185.exe
2860	Unicorn-9366.exe
2980	Unicorn-31632.exe
2912	Unicorn-58375.exe
2692	Unicorn-9537.exe
2420	Unicorn-21235.exe
2756	Unicorn-27217.exe
2600	Unicorn-22579.exe
1736	Unicorn-22579.exe
868	Unicorn-22579.exe
2376	Unicorn-22941.exe
1840	Unicorn-24424.exe
1848	Unicorn-18303.exe
1552	Unicorn-63974.exe
1228	Unicorn-1966.exe
2812	Unicorn-59642.exe
2944	Unicorn-34447.exe
2824	Unicorn-22195.exe
2196	Unicorn-55167.exe
2456	Unicorn-59563.exe
2932	Unicorn-29193.exe
2616	Unicorn-19756.exe
1288	Unicorn-25702.exe
968	Unicorn-21064.exe
912	Unicorn-21426.exe

Loads dropped DLL 64 IoCs

pid	Process
2424	fc54173baf7799c3ed0b1ae8d23a4a04e73d17da2b6fd2e2bc86b2fc63fc86c0N.exe
2424	fc54173baf7799c3ed0b1ae8d23a4a04e73d17da2b6fd2e2bc86b2fc63fc86c0N.exe
2432	Unicorn-55396.exe
2432	Unicorn-55396.exe
2424	fc54173baf7799c3ed0b1ae8d23a4a04e73d17da2b6fd2e2bc86b2fc63fc86c0N.exe
2424	fc54173baf7799c3ed0b1ae8d23a4a04e73d17da2b6fd2e2bc86b2fc63fc86c0N.exe
2012	Unicorn-31768.exe
2012	Unicorn-31768.exe
2424	fc54173baf7799c3ed0b1ae8d23a4a04e73d17da2b6fd2e2bc86b2fc63fc86c0N.exe
2424	fc54173baf7799c3ed0b1ae8d23a4a04e73d17da2b6fd2e2bc86b2fc63fc86c0N.exe
2432	Unicorn-55396.exe
2432	Unicorn-55396.exe
3048	Unicorn-55718.exe
3048	Unicorn-55718.exe
2848	Unicorn-42371.exe
2848	Unicorn-42371.exe
2012	Unicorn-31768.exe
2012	Unicorn-31768.exe
2796	Unicorn-10253.exe
2876	Unicorn-30119.exe
2796	Unicorn-10253.exe
2876	Unicorn-30119.exe
2424	fc54173baf7799c3ed0b1ae8d23a4a04e73d17da2b6fd2e2bc86b2fc63fc86c0N.exe
1744	Unicorn-23988.exe
2432	Unicorn-55396.exe
3048	Unicorn-55718.exe
2424	fc54173baf7799c3ed0b1ae8d23a4a04e73d17da2b6fd2e2bc86b2fc63fc86c0N.exe
1744	Unicorn-23988.exe
2432	Unicorn-55396.exe
3048	Unicorn-55718.exe
2652	Unicorn-33492.exe
2652	Unicorn-33492.exe
2848	Unicorn-42371.exe
2848	Unicorn-42371.exe
2244	Unicorn-29770.exe
2244	Unicorn-29770.exe
1784	Unicorn-37384.exe
1784	Unicorn-37384.exe
2012	Unicorn-31768.exe
2012	Unicorn-31768.exe
2876	Unicorn-30119.exe
2876	Unicorn-30119.exe
1740	Unicorn-5863.exe
1740	Unicorn-5863.exe
1744	Unicorn-23988.exe
1744	Unicorn-23988.exe
1424	Unicorn-65270.exe
540	Unicorn-5598.exe
1424	Unicorn-65270.exe
540	Unicorn-5598.exe
2460	Unicorn-51535.exe
2460	Unicorn-51535.exe
1212	Unicorn-37384.exe
1212	Unicorn-37384.exe
2424	fc54173baf7799c3ed0b1ae8d23a4a04e73d17da2b6fd2e2bc86b2fc63fc86c0N.exe
2424	fc54173baf7799c3ed0b1ae8d23a4a04e73d17da2b6fd2e2bc86b2fc63fc86c0N.exe
2432	Unicorn-55396.exe
2432	Unicorn-55396.exe
3048	Unicorn-55718.exe
3048	Unicorn-55718.exe
2796	Unicorn-10253.exe
2796	Unicorn-10253.exe
2724	Unicorn-53528.exe
2724	Unicorn-53528.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3084	1760	WerFault.exe	101

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43075.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38679.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52712.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40202.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59122.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50586.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63532.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61606.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44047.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61343.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62171.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16062.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56401.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31715.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47731.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19300.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43340.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61343.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5299.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40747.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58631.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58330.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52941.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45111.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6237.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27123.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18457.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13874.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33575.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52911.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22941.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35078.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7522.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44047.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25103.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8986.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51681.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19615.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58557.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29491.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11455.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52712.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33575.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37659.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30306.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21235.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35707.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53175.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21426.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22367.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39925.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62701.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42371.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58823.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37222.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63974.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29041.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62701.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40342.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31039.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10760.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18457.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21257.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56998.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2424	fc54173baf7799c3ed0b1ae8d23a4a04e73d17da2b6fd2e2bc86b2fc63fc86c0N.exe
2432	Unicorn-55396.exe
2012	Unicorn-31768.exe
3048	Unicorn-55718.exe
2848	Unicorn-42371.exe
2876	Unicorn-30119.exe
1744	Unicorn-23988.exe
2796	Unicorn-10253.exe
2652	Unicorn-33492.exe
2244	Unicorn-29770.exe
1212	Unicorn-37384.exe
1784	Unicorn-37384.exe
1740	Unicorn-5863.exe
2460	Unicorn-51535.exe
1424	Unicorn-65270.exe
540	Unicorn-5598.exe
2724	Unicorn-53528.exe
2292	Unicorn-33814.exe
2252	Unicorn-45874.exe
2964	Unicorn-55386.exe
1060	Unicorn-49256.exe
3040	Unicorn-51665.exe
1964	Unicorn-59278.exe
2464	Unicorn-18992.exe
1676	Unicorn-38858.exe
1992	Unicorn-38858.exe
1980	Unicorn-30306.exe
848	Unicorn-22138.exe
1256	Unicorn-5039.exe
1872	Unicorn-1452.exe
588	Unicorn-26968.exe
2092	Unicorn-40704.exe
1412	Unicorn-16383.exe
1776	Unicorn-51285.exe
564	Unicorn-42231.exe
1496	Unicorn-13642.exe
2904	Unicorn-42977.exe
1520	Unicorn-59314.exe
2776	Unicorn-50591.exe
2832	Unicorn-13185.exe
2860	Unicorn-9366.exe
3028	Unicorn-59122.exe
2980	Unicorn-31632.exe
2912	Unicorn-58375.exe
2692	Unicorn-9537.exe
2420	Unicorn-21235.exe
2756	Unicorn-27217.exe
2600	Unicorn-22579.exe
868	Unicorn-22579.exe
1736	Unicorn-22579.exe
1840	Unicorn-24424.exe
1848	Unicorn-18303.exe
1552	Unicorn-63974.exe
2376	Unicorn-22941.exe
1228	Unicorn-1966.exe
2812	Unicorn-59642.exe
2944	Unicorn-34447.exe
2824	Unicorn-22195.exe
2196	Unicorn-55167.exe
2456	Unicorn-59563.exe
2932	Unicorn-29193.exe
2616	Unicorn-19756.exe
1288	Unicorn-25702.exe
968	Unicorn-21064.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2424 wrote to memory of 2432	2424	fc54173baf7799c3ed0b1ae8d23a4a04e73d17da2b6fd2e2bc86b2fc63fc86c0N.exe	31
PID 2424 wrote to memory of 2432	2424	fc54173baf7799c3ed0b1ae8d23a4a04e73d17da2b6fd2e2bc86b2fc63fc86c0N.exe	31
PID 2424 wrote to memory of 2432	2424	fc54173baf7799c3ed0b1ae8d23a4a04e73d17da2b6fd2e2bc86b2fc63fc86c0N.exe	31
PID 2424 wrote to memory of 2432	2424	fc54173baf7799c3ed0b1ae8d23a4a04e73d17da2b6fd2e2bc86b2fc63fc86c0N.exe	31
PID 2432 wrote to memory of 3048	2432	Unicorn-55396.exe	32
PID 2432 wrote to memory of 3048	2432	Unicorn-55396.exe	32
PID 2432 wrote to memory of 3048	2432	Unicorn-55396.exe	32
PID 2432 wrote to memory of 3048	2432	Unicorn-55396.exe	32
PID 2424 wrote to memory of 2012	2424	fc54173baf7799c3ed0b1ae8d23a4a04e73d17da2b6fd2e2bc86b2fc63fc86c0N.exe	33
PID 2424 wrote to memory of 2012	2424	fc54173baf7799c3ed0b1ae8d23a4a04e73d17da2b6fd2e2bc86b2fc63fc86c0N.exe	33
PID 2424 wrote to memory of 2012	2424	fc54173baf7799c3ed0b1ae8d23a4a04e73d17da2b6fd2e2bc86b2fc63fc86c0N.exe	33
PID 2424 wrote to memory of 2012	2424	fc54173baf7799c3ed0b1ae8d23a4a04e73d17da2b6fd2e2bc86b2fc63fc86c0N.exe	33
PID 2012 wrote to memory of 2848	2012	Unicorn-31768.exe	34
PID 2012 wrote to memory of 2848	2012	Unicorn-31768.exe	34
PID 2012 wrote to memory of 2848	2012	Unicorn-31768.exe	34
PID 2012 wrote to memory of 2848	2012	Unicorn-31768.exe	34
PID 2424 wrote to memory of 1744	2424	fc54173baf7799c3ed0b1ae8d23a4a04e73d17da2b6fd2e2bc86b2fc63fc86c0N.exe	35
PID 2424 wrote to memory of 1744	2424	fc54173baf7799c3ed0b1ae8d23a4a04e73d17da2b6fd2e2bc86b2fc63fc86c0N.exe	35
PID 2424 wrote to memory of 1744	2424	fc54173baf7799c3ed0b1ae8d23a4a04e73d17da2b6fd2e2bc86b2fc63fc86c0N.exe	35
PID 2424 wrote to memory of 1744	2424	fc54173baf7799c3ed0b1ae8d23a4a04e73d17da2b6fd2e2bc86b2fc63fc86c0N.exe	35
PID 2432 wrote to memory of 2796	2432	Unicorn-55396.exe	36
PID 2432 wrote to memory of 2796	2432	Unicorn-55396.exe	36
PID 2432 wrote to memory of 2796	2432	Unicorn-55396.exe	36
PID 2432 wrote to memory of 2796	2432	Unicorn-55396.exe	36
PID 3048 wrote to memory of 2876	3048	Unicorn-55718.exe	37
PID 3048 wrote to memory of 2876	3048	Unicorn-55718.exe	37
PID 3048 wrote to memory of 2876	3048	Unicorn-55718.exe	37
PID 3048 wrote to memory of 2876	3048	Unicorn-55718.exe	37
PID 2848 wrote to memory of 2652	2848	Unicorn-42371.exe	38
PID 2848 wrote to memory of 2652	2848	Unicorn-42371.exe	38
PID 2848 wrote to memory of 2652	2848	Unicorn-42371.exe	38
PID 2848 wrote to memory of 2652	2848	Unicorn-42371.exe	38
PID 2012 wrote to memory of 2244	2012	Unicorn-31768.exe	39
PID 2012 wrote to memory of 2244	2012	Unicorn-31768.exe	39
PID 2012 wrote to memory of 2244	2012	Unicorn-31768.exe	39
PID 2012 wrote to memory of 2244	2012	Unicorn-31768.exe	39
PID 2796 wrote to memory of 1212	2796	Unicorn-10253.exe	40
PID 2796 wrote to memory of 1212	2796	Unicorn-10253.exe	40
PID 2796 wrote to memory of 1212	2796	Unicorn-10253.exe	40
PID 2796 wrote to memory of 1212	2796	Unicorn-10253.exe	40
PID 2876 wrote to memory of 1784	2876	Unicorn-30119.exe	41
PID 2876 wrote to memory of 1784	2876	Unicorn-30119.exe	41
PID 2876 wrote to memory of 1784	2876	Unicorn-30119.exe	41
PID 2876 wrote to memory of 1784	2876	Unicorn-30119.exe	41
PID 2424 wrote to memory of 540	2424	fc54173baf7799c3ed0b1ae8d23a4a04e73d17da2b6fd2e2bc86b2fc63fc86c0N.exe	42
PID 2424 wrote to memory of 540	2424	fc54173baf7799c3ed0b1ae8d23a4a04e73d17da2b6fd2e2bc86b2fc63fc86c0N.exe	42
PID 2424 wrote to memory of 540	2424	fc54173baf7799c3ed0b1ae8d23a4a04e73d17da2b6fd2e2bc86b2fc63fc86c0N.exe	42
PID 2424 wrote to memory of 540	2424	fc54173baf7799c3ed0b1ae8d23a4a04e73d17da2b6fd2e2bc86b2fc63fc86c0N.exe	42
PID 1744 wrote to memory of 1740	1744	Unicorn-23988.exe	43
PID 1744 wrote to memory of 1740	1744	Unicorn-23988.exe	43
PID 1744 wrote to memory of 1740	1744	Unicorn-23988.exe	43
PID 1744 wrote to memory of 1740	1744	Unicorn-23988.exe	43
PID 2432 wrote to memory of 1424	2432	Unicorn-55396.exe	44
PID 2432 wrote to memory of 1424	2432	Unicorn-55396.exe	44
PID 2432 wrote to memory of 1424	2432	Unicorn-55396.exe	44
PID 2432 wrote to memory of 1424	2432	Unicorn-55396.exe	44
PID 3048 wrote to memory of 2460	3048	Unicorn-55718.exe	45
PID 3048 wrote to memory of 2460	3048	Unicorn-55718.exe	45
PID 3048 wrote to memory of 2460	3048	Unicorn-55718.exe	45
PID 3048 wrote to memory of 2460	3048	Unicorn-55718.exe	45
PID 2652 wrote to memory of 2292	2652	Unicorn-33492.exe	46
PID 2652 wrote to memory of 2292	2652	Unicorn-33492.exe	46
PID 2652 wrote to memory of 2292	2652	Unicorn-33492.exe	46
PID 2652 wrote to memory of 2292	2652	Unicorn-33492.exe	46

C:\Users\Admin\AppData\Local\Temp\fc54173baf7799c3ed0b1ae8d23a4a04e73d17da2b6fd2e2bc86b2fc63fc86c0N.exe
"C:\Users\Admin\AppData\Local\Temp\fc54173baf7799c3ed0b1ae8d23a4a04e73d17da2b6fd2e2bc86b2fc63fc86c0N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2424
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55396.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55396.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55718.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55718.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30119.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30119.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37384.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55386.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21426.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63400.exe
        8⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43075.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44047.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29491.exe
        8⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64871.exe
        7⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43744.exe
        7⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52941.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36639.exe
        7⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46557.exe
        7⤵
        
        PID:6280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59122.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56149.exe
        7⤵
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53168.exe
        8⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7522.exe
        8⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46847.exe
        8⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5299.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58330.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27123.exe
        7⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44047.exe
        7⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29491.exe
        7⤵
        
        PID:6360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8986.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48744.exe
        7⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14273.exe
        7⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32525.exe
        7⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3398.exe
        7⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33575.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58292.exe
        6⤵
        
        PID:1008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35078.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36405.exe
        6⤵
        
        PID:4524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57789.exe
        6⤵
        
        PID:5644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29110.exe
        6⤵
        
        PID:6592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51665.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9366.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26444.exe
        7⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41233.exe
        8⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53916.exe
        8⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52911.exe
        8⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25190.exe
        7⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52941.exe
        7⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36639.exe
        7⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54725.exe
        7⤵
        
        PID:6688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39215.exe
        6⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8627.exe
        7⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7522.exe
        7⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46847.exe
        7⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5299.exe
        7⤵
        
        PID:6180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44508.exe
        6⤵
        
        PID:1472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34907.exe
        6⤵
        
        PID:4332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44047.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29491.exe
        6⤵
        
        PID:6376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31632.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50586.exe
        6⤵
        
        PID:1528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8632.exe
        6⤵
        
        PID:3308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5798.exe
        6⤵
        
        PID:4716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52712.exe
        6⤵
        
        PID:5300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54195.exe
        6⤵
        
        PID:6772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50321.exe
        5⤵
        
        PID:1016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43340.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58576.exe
        6⤵
        
        PID:5824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52911.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19567.exe
        5⤵
        
        PID:3332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31195.exe
        5⤵
        
        PID:4384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        5⤵
        
        PID:5420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23775.exe
        5⤵
        
        PID:6564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51535.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51535.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30306.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21235.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46886.exe
        7⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44917.exe
        8⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36795.exe
        8⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50931.exe
        8⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54692.exe
        8⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44896.exe
        7⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50531.exe
        7⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56796.exe
        7⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46027.exe
        7⤵
        
        PID:6320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27020.exe
        6⤵
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28965.exe
        7⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7522.exe
        7⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46847.exe
        7⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5299.exe
        7⤵
        
        PID:5708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8362.exe
        6⤵
        
        PID:3688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18457.exe
        6⤵
        
        PID:4836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23427.exe
        6⤵
        
        PID:4744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62701.exe
        6⤵
        
        PID:6164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27217.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5085.exe
        6⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39925.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42005.exe
        7⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60059.exe
        7⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58776.exe
        7⤵
        
        PID:6664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11455.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29041.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52712.exe
        6⤵
        
        PID:5284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54195.exe
        6⤵
        
        PID:6796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20719.exe
        5⤵
        
        PID:2712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14527.exe
        5⤵
        
        PID:3600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47731.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31595.exe
        5⤵
        
        PID:5480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46557.exe
        5⤵
        
        PID:6268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40704.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40704.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34447.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63829.exe
        6⤵
        
        PID:1720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4490.exe
        6⤵
        
        PID:4164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52712.exe
        6⤵
        
        PID:5292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54195.exe
        6⤵
        
        PID:6788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18271.exe
        5⤵
        
        PID:2636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37879.exe
        5⤵
        
        PID:4040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61606.exe
        5⤵
        
        PID:4576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57259.exe
        5⤵
        
        PID:5676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59232.exe
        5⤵
        
        PID:7000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59563.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59563.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51681.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63400.exe
        6⤵
        
        PID:3236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10355.exe
        6⤵
        
        PID:4204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53175.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33575.exe
        6⤵
        
        PID:6636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12027.exe
        5⤵
        
        PID:2588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38944.exe
        5⤵
        
        PID:4136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39963.exe
        5⤵
        
        PID:4648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45635.exe
        5⤵
        
        PID:6008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19590.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19590.exe
      4⤵
      PID:972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8051.exe
        5⤵
        
        PID:3612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7522.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38679.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5299.exe
        5⤵
        
        PID:5516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1003.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1003.exe
      4⤵
      PID:3160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56429.exe
      4⤵
      PID:4508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44410.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44410.exe
      4⤵
      PID:5444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53631.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53631.exe
      4⤵
      PID:6932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10253.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10253.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37384.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37384.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22138.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22579.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49818.exe
        7⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11144.exe
        8⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51133.exe
        8⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41804.exe
        8⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46027.exe
        8⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26809.exe
        7⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27123.exe
        7⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48131.exe
        7⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29491.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30720.exe
        6⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-200.exe
        7⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8991.exe
        7⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52911.exe
        7⤵
        
        PID:6572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22367.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56396.exe
        6⤵
        
        PID:4344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44047.exe
        6⤵
        
        PID:5204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29491.exe
        6⤵
        
        PID:6368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63974.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50586.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47766.exe
        7⤵
        
        PID:408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7522.exe
        7⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42763.exe
        7⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1215.exe
        7⤵
        
        PID:6032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8632.exe
        6⤵
        
        PID:3292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29041.exe
        6⤵
        
        PID:4252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48628.exe
        6⤵
        
        PID:4132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62171.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44456.exe
        5⤵
        
        PID:2476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25103.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28233.exe
        5⤵
        
        PID:3344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55899.exe
        5⤵
        
        PID:4552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5739.exe
        5⤵
        
        PID:5488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54766.exe
        5⤵
        
        PID:6924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26968.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22195.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48744.exe
        6⤵
        
        PID:1884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14273.exe
        6⤵
        
        PID:3352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21257.exe
        6⤵
        
        PID:5032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5209.exe
        6⤵
        
        PID:1264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33575.exe
        6⤵
        
        PID:6484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38691.exe
        5⤵
        
        PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37879.exe
        5⤵
        
        PID:3152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61606.exe
        5⤵
        
        PID:4516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57259.exe
        5⤵
        
        PID:5628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37659.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29193.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29193.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63829.exe
        5⤵
        
        PID:2224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37210.exe
        5⤵
        
        PID:4432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52712.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40202.exe
        5⤵
        
        PID:6656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43300.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43300.exe
      4⤵
      PID:2508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58476.exe
      4⤵
      PID:3156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5386.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5386.exe
      4⤵
      PID:4808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
      4⤵
      PID:5972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65270.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65270.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38858.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38858.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22579.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11032.exe
        6⤵
        
        PID:352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47955.exe
        7⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57252.exe
        8⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7522.exe
        8⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46847.exe
        8⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5299.exe
        8⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65316.exe
        7⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21257.exe
        7⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52712.exe
        7⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54195.exe
        7⤵
        
        PID:6764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37601.exe
        6⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24305.exe
        7⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57600.exe
        7⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46847.exe
        7⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5299.exe
        7⤵
        
        PID:5432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58823.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27123.exe
        6⤵
        
        PID:3488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44047.exe
        6⤵
        
        PID:5196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45635.exe
        6⤵
        
        PID:6156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33159.exe
        5⤵
        
        PID:1108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27329.exe
        6⤵
        
        PID:5924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32675.exe
        5⤵
        
        PID:696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18457.exe
        5⤵
        
        PID:5072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27511.exe
        5⤵
        
        PID:5140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62701.exe
        5⤵
        
        PID:6200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22941.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22941.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15303.exe
        5⤵
        
        PID:336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9649.exe
        5⤵
        
        PID:3952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21257.exe
        5⤵
        
        PID:4196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52712.exe
        5⤵
        
        PID:5308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40202.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10325.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10325.exe
      4⤵
      PID:2040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8445.exe
      4⤵
      PID:3128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18457.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18457.exe
      4⤵
      PID:5080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27511.exe
      4⤵
      PID:4932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62701.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62701.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1452.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1452.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18303.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18303.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31837.exe
        5⤵
        
        PID:2624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44009.exe
        6⤵
        
        PID:3444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42005.exe
        6⤵
        
        PID:4392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64143.exe
        6⤵
        
        PID:5768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18895.exe
        6⤵
        
        PID:6916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52597.exe
        5⤵
        
        PID:1920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61606.exe
        5⤵
        
        PID:4604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57259.exe
        5⤵
        
        PID:5620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59232.exe
        5⤵
        
        PID:6976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48344.exe
      4⤵
      PID:1640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51658.exe
        5⤵
        
        PID:1072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32218.exe
        5⤵
        
        PID:4504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46847.exe
        5⤵
        
        PID:4944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5299.exe
        5⤵
        
        PID:5960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31715.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31715.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18457.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18457.exe
      4⤵
      PID:4864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27511.exe
      4⤵
      PID:936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62701.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62701.exe
      4⤵
      PID:6040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59642.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59642.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50586.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50586.exe
      4⤵
      PID:1432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8632.exe
      4⤵
      PID:3300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4490.exe
      4⤵
      PID:4188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5209.exe
      4⤵
      PID:5376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33575.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33575.exe
      4⤵
      PID:6580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-232.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-232.exe
    3⤵
    PID:2304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-350.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-350.exe
      4⤵
      PID:4016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7522.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7522.exe
      4⤵
      PID:4848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13874.exe
      4⤵
      PID:5548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50111.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50111.exe
      4⤵
      PID:6424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20097.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20097.exe
    3⤵
    PID:3316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26605.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26605.exe
    3⤵
    PID:4396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31039.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31039.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-239.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-239.exe
    3⤵
    PID:6600
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31768.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31768.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42371.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42371.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33492.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33492.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33814.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42231.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55573.exe
        7⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37810.exe
        8⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21257.exe
        8⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48628.exe
        8⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62171.exe
        8⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-795.exe
        7⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52941.exe
        7⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40723.exe
        7⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10760.exe
        7⤵
        
        PID:6888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43683.exe
        6⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37810.exe
        7⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21257.exe
        7⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44544.exe
        7⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62171.exe
        7⤵
        
        PID:4892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55530.exe
        6⤵
        
        PID:4076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        6⤵
        
        PID:3440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44577.exe
        6⤵
        
        PID:4272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41170.exe
        6⤵
        
        PID:6148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59314.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16788.exe
        6⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6808.exe
        7⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24143.exe
        7⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55741.exe
        7⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-387.exe
        7⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50111.exe
        7⤵
        
        PID:6416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17944.exe
        6⤵
        
        PID:1644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12274.exe
        6⤵
        
        PID:3212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13521.exe
        6⤵
        
        PID:4824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16312.exe
        6⤵
        
        PID:5744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59666.exe
        5⤵
        
        PID:1584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37810.exe
        6⤵
        
        PID:2492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64076.exe
        6⤵
        
        PID:3528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7656.exe
        6⤵
        
        PID:4120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24978.exe
        6⤵
        
        PID:5732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63532.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52000.exe
        5⤵
        
        PID:4672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44577.exe
        5⤵
        
        PID:4628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41170.exe
        5⤵
        
        PID:5344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53528.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16383.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19756.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24437.exe
        7⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27290.exe
        8⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44651.exe
        8⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6603.exe
        7⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50531.exe
        7⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52712.exe
        7⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41943.exe
        7⤵
        
        PID:6312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4379.exe
        6⤵
        
        PID:236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33785.exe
        7⤵
        
        PID:6696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20338.exe
        6⤵
        
        PID:3172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64564.exe
        6⤵
        
        PID:4484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44047.exe
        6⤵
        
        PID:5188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37659.exe
        6⤵
        
        PID:6720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25702.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37810.exe
        6⤵
        
        PID:1908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64076.exe
        6⤵
        
        PID:3408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7656.exe
        6⤵
        
        PID:4888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20893.exe
        6⤵
        
        PID:5720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6660.exe
        5⤵
        
        PID:2948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1690.exe
        5⤵
        
        PID:4216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5739.exe
        5⤵
        
        PID:5424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29110.exe
        5⤵
        
        PID:6620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51285.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51285.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21064.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40747.exe
        6⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7147.exe
        7⤵
        
        PID:6960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19300.exe
        6⤵
        
        PID:3872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27123.exe
        6⤵
        
        PID:4976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44047.exe
        6⤵
        
        PID:4268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45635.exe
        6⤵
        
        PID:6016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6237.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50930.exe
        5⤵
        
        PID:3472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27123.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44047.exe
        5⤵
        
        PID:5244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29491.exe
        5⤵
        
        PID:6352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45111.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45111.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63829.exe
        5⤵
        
        PID:2096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4490.exe
        5⤵
        
        PID:4172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52712.exe
        5⤵
        
        PID:5468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50111.exe
        5⤵
        
        PID:6544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29206.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29206.exe
      4⤵
      PID:2956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18543.exe
      4⤵
      PID:3204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53471.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53471.exe
      4⤵
      PID:4400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40342.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49431.exe
      4⤵
      PID:6904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29770.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29770.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45874.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13642.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16788.exe
        6⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38137.exe
        7⤵
        
        PID:476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24143.exe
        7⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55741.exe
        7⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-387.exe
        7⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10230.exe
        7⤵
        
        PID:6940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19615.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13802.exe
        7⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6934.exe
        7⤵
        
        PID:6216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37879.exe
        6⤵
        
        PID:3984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61606.exe
        6⤵
        
        PID:4592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61343.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59232.exe
        6⤵
        
        PID:6968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13066.exe
        5⤵
        
        PID:716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40747.exe
        6⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28141.exe
        7⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54952.exe
        7⤵
        
        PID:3512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19300.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27123.exe
        6⤵
        
        PID:5008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54211.exe
        6⤵
        
        PID:5576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50641.exe
        6⤵
        
        PID:6628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63781.exe
        5⤵
        
        PID:2584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20038.exe
        5⤵
        
        PID:3380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18457.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27511.exe
        5⤵
        
        PID:5148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62701.exe
        5⤵
        
        PID:6188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42977.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42977.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16788.exe
        5⤵
        
        PID:568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40000.exe
        6⤵
        
        PID:2120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37879.exe
        6⤵
        
        PID:3976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61606.exe
        6⤵
        
        PID:4608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61343.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59232.exe
        6⤵
        
        PID:7008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60975.exe
        5⤵
        
        PID:1416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23384.exe
        5⤵
        
        PID:3980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23859.exe
        5⤵
        
        PID:4728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52400.exe
        5⤵
        
        PID:5944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50641.exe
        5⤵
        
        PID:6432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36860.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36860.exe
      4⤵
      PID:2416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40146.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40146.exe
      4⤵
      PID:3220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18987.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18987.exe
      4⤵
      PID:4908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23046.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23046.exe
      4⤵
      PID:5156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35835.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35835.exe
      4⤵
      PID:6208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49256.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49256.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50591.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50591.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55573.exe
        5⤵
        
        PID:1356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29969.exe
        6⤵
        
        PID:2444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24143.exe
        6⤵
        
        PID:2644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56998.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37222.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59232.exe
        6⤵
        
        PID:6984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52480.exe
        5⤵
        
        PID:2488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37879.exe
        5⤵
        
        PID:4004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61606.exe
        5⤵
        
        PID:4544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57259.exe
        5⤵
        
        PID:5636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59232.exe
        5⤵
        
        PID:6992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19179.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19179.exe
      4⤵
      PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56401.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44964.exe
        5⤵
        
        PID:4584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46847.exe
        5⤵
        
        PID:5132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5299.exe
        5⤵
        
        PID:6172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40616.exe
      4⤵
      PID:1580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52941.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52941.exe
      4⤵
      PID:4500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48891.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48891.exe
      4⤵
      PID:5808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10760.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10760.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13185.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13185.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10072.exe
      4⤵
      PID:2028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40747.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4819.exe
        6⤵
        
        PID:6048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40135.exe
        6⤵
        
        PID:7092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45088.exe
        5⤵
        
        PID:3900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21257.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5209.exe
        5⤵
        
        PID:5532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33575.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54130.exe
      4⤵
      PID:2728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14173.exe
      4⤵
      PID:3388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27123.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27123.exe
      4⤵
      PID:5088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44047.exe
      4⤵
      PID:5236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41743.exe
      4⤵
      PID:6808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22906.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22906.exe
    3⤵
    PID:1660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49107.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49107.exe
      4⤵
      PID:876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9099.exe
      4⤵
      PID:3956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21257.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21257.exe
      4⤵
      PID:5048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48628.exe
      4⤵
      PID:2396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62171.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62171.exe
      4⤵
      PID:5368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63927.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63927.exe
    3⤵
    PID:1240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-227.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-227.exe
    3⤵
    PID:3712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62994.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62994.exe
    3⤵
    PID:4104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17711.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17711.exe
    3⤵
    PID:4660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40035.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40035.exe
    3⤵
    PID:6104
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23988.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23988.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5863.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5863.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59278.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59278.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4706.exe
        5⤵
        
        PID:2372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39481.exe
        6⤵
        
        PID:2760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24143.exe
        6⤵
        
        PID:3104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55741.exe
        6⤵
        
        PID:4472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-387.exe
        6⤵
        
        PID:5684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10230.exe
        6⤵
        
        PID:6872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31679.exe
        5⤵
        
        PID:3044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18139.exe
        5⤵
        
        PID:3860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4856.exe
        5⤵
        
        PID:4956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13586.exe
        5⤵
        
        PID:6276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49443.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49443.exe
      4⤵
      PID:2716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21614.exe
        5⤵
        
        PID:2348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29187.exe
        6⤵
        
        PID:6540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8632.exe
        5⤵
        
        PID:3284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50531.exe
        5⤵
        
        PID:4308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17491.exe
        5⤵
        
        PID:6136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58279.exe
        5⤵
        
        PID:6704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25241.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25241.exe
      4⤵
      PID:2660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39925.exe
        5⤵
        
        PID:3920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42005.exe
        5⤵
        
        PID:4452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60059.exe
        5⤵
        
        PID:5668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18895.exe
        5⤵
        
        PID:6948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22390.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22390.exe
      4⤵
      PID:3448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31195.exe
      4⤵
      PID:4296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40493.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40493.exe
      4⤵
      PID:4768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41170.exe
      4⤵
      PID:5992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18992.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18992.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22579.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46886.exe
        5⤵
        
        PID:1224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28483.exe
        6⤵
        
        PID:4900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10143.exe
        6⤵
        
        PID:5364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45703.exe
        6⤵
        
        PID:7076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2497.exe
        5⤵
        
        PID:3692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27123.exe
        5⤵
        
        PID:5016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44047.exe
        5⤵
        
        PID:5252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29491.exe
        5⤵
        
        PID:6344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27020.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27020.exe
      4⤵
      PID:812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51327.exe
        5⤵
        
        PID:6036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16062.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58631.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58631.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52941.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52941.exe
      4⤵
      PID:4304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40723.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40723.exe
      4⤵
      PID:5660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50641.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50641.exe
      4⤵
      PID:6644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24424.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24424.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42937.exe
      4⤵
      PID:2820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35532.exe
        5⤵
        
        PID:2928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4989.exe
        5⤵
        
        PID:3080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21257.exe
        5⤵
        
        PID:5040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5209.exe
        5⤵
        
        PID:5396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33575.exe
        5⤵
        
        PID:6476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4566.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4566.exe
      4⤵
      PID:896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28008.exe
      4⤵
      PID:3364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27123.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27123.exe
      4⤵
      PID:4984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39963.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39963.exe
      4⤵
      PID:4640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41551.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41551.exe
      4⤵
      PID:6128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9807.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9807.exe
    3⤵
    PID:2808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8095.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8095.exe
      4⤵
      PID:2332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14273.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14273.exe
      4⤵
      PID:3264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21257.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21257.exe
      4⤵
      PID:4160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52712.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54195.exe
      4⤵
      PID:6780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11225.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11225.exe
    3⤵
    PID:2164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20925.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20925.exe
    3⤵
    PID:3468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2859.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2859.exe
    3⤵
    PID:4688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38515.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38515.exe
    3⤵
    PID:5936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27975.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27975.exe
    3⤵
    PID:6444
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5598.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5598.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38858.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38858.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58375.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28656.exe
        5⤵
        
        PID:1760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6808.exe
        6⤵
        
        PID:1912
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 236
        6⤵
        Program crash
        
        PID:3084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64195.exe
        5⤵
        
        PID:4032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18457.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27511.exe
        5⤵
        
        PID:4964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62701.exe
        5⤵
        
        PID:6068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35707.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35707.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40000.exe
        5⤵
        
        PID:2632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5565.exe
        5⤵
        
        PID:3884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21257.exe
        5⤵
        
        PID:5056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48628.exe
        5⤵
        
        PID:2384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62171.exe
        5⤵
        
        PID:5372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9173.exe
      4⤵
      PID:2284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29250.exe
      4⤵
      PID:3936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18457.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18457.exe
      4⤵
      PID:4856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27511.exe
      4⤵
      PID:4820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62701.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62701.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9537.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9537.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18682.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18682.exe
      4⤵
      PID:2108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58557.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24143.exe
        5⤵
        
        PID:4064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55741.exe
        5⤵
        
        PID:4284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-387.exe
        5⤵
        
        PID:5596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33774.exe
        5⤵
        
        PID:6296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18271.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18271.exe
      4⤵
      PID:2868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37879.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37879.exe
      4⤵
      PID:3100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61606.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61343.exe
      4⤵
      PID:5796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59232.exe
      4⤵
      PID:7016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40756.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40756.exe
    3⤵
    PID:2640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37810.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37810.exe
      4⤵
      PID:640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41870.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41870.exe
      4⤵
      PID:4480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52712.exe
      4⤵
      PID:5332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40202.exe
      4⤵
      PID:6660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37545.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37545.exe
    3⤵
    PID:3036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9474.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9474.exe
    3⤵
    PID:3124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53858.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53858.exe
    3⤵
    PID:4776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16842.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16842.exe
    3⤵
    PID:5816
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5039.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5039.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1966.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1966.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2864.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2864.exe
      4⤵
      PID:1280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15303.exe
        5⤵
        
        PID:1716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9649.exe
        5⤵
        
        PID:3944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21257.exe
        5⤵
        
        PID:5024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48628.exe
        5⤵
        
        PID:4916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58087.exe
        5⤵
        
        PID:5408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41706.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41706.exe
      4⤵
      PID:1404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55673.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55673.exe
      4⤵
      PID:3180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27123.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27123.exe
      4⤵
      PID:5100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44047.exe
      4⤵
      PID:5180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45635.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45635.exe
      4⤵
      PID:6084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44260.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44260.exe
    3⤵
    PID:1568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64460.exe
      4⤵
      PID:4056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7522.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7522.exe
      4⤵
      PID:4100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13874.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10230.exe
      4⤵
      PID:6824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46104.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46104.exe
    3⤵
    PID:3116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11663.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11663.exe
    3⤵
    PID:4700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44047.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44047.exe
    3⤵
    PID:5260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37659.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37659.exe
    3⤵
    PID:6612
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55167.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55167.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63829.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63829.exe
    3⤵
    PID:2968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4490.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4490.exe
    3⤵
    PID:4180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52712.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52712.exe
    3⤵
    PID:5316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54195.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54195.exe
    3⤵
    PID:6756
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50157.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50157.exe
  2⤵
  PID:2880
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14078.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14078.exe
  2⤵
  PID:3232
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26605.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26605.exe
  2⤵
  PID:4376
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31039.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31039.exe
  2⤵
  PID:5552
- C:\Users\Admin\AppData\Local\Temp\Unicorn-239.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-239.exe
  2⤵
  PID:6512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12027.exe

Filesize
468KB

MD5
7dd9fc5b17382377bec9065b1e7f1d6e

SHA1
2ff3d75773975a929735778e4df36484e0626909

SHA256
ec14096b4edec911b05bc77b8d36e56fb580295b35e28deacae7de624de3d57d

SHA512
1806a62471fae81da3dfa9b9a279eb9e97da1d5e3afa7171366e54a841905ac882df5082514ef5ae0cf7c8526e5eee1a7da9a5d0f42b3b799f896a77afcff270

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23988.exe

Filesize
468KB

MD5
e5935933339c6ef1e3935313a52bfdb3

SHA1
651bfcac415f48b96ce3cf0aadca018d1b65f014

SHA256
ddef245a6677a55bead26d1a9db9db265dae1e95ea38e6508444703fe6346fd7

SHA512
3368e3ef3dc35dce7ca3dd396d858d421e600ac23ea8b7ef149a092b18b6c58a09578d01b19eaa8659c5c6923d3699f15977a4cb20e0772dd9f4bde6d54c8d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24424.exe

Filesize
468KB

MD5
41bbbc6a5426da47ed612d7b7d280bbf

SHA1
0730f87e2fbaf1fd53a200a11a92839d5bae6870

SHA256
61bfb545b2c480026cc081ebbcba08902a42d6314ce032241cb3f54cd5a6587f

SHA512
931be76988bde9fd6a167a7cd939f6d21f8b22a543cd7c8514660e5d7dede2349407cb1309df4e78b47bf0f743b6f4b8b8580e2d9f6c02a45cea45c03b0146f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35835.exe

Filesize
468KB

MD5
54ad10d0c9fb6671d85e8ce8835159b3

SHA1
f1ad7c6b966873b06089a084f6dafe41bbef75fe

SHA256
96705a7a3708d6cc460f00719b5a09959b0d1dc8f791a8f9b2ea7112f5245b4c

SHA512
4e6606fb6932912acf157460eed88f75c88df5df8ad5cdb0753307ac24b96f1c0d06a7e3dce2c344d3e17732d23bd78773c6424b0c741e938d9ffad8b608fdf3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37384.exe

Filesize
468KB

MD5
1e0c5fd6df4aee990b1486d2d6f27cca

SHA1
b67d5b489b21d6f77b78e01be84ca92cc1afe5f4

SHA256
cdc483f4d95d4dc2f40a0739ef5c0157572d416d5aa4232d198edacfdcbf301a

SHA512
79c4df87d73f100f295d00708bc70a3682b0a9f947d1e51937005028f94cd7d912195116e274659d26e020497b7f782b8b6fa26e232554d222cb203fd538baf1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44544.exe

Filesize
468KB

MD5
afe2653b6b9230ffa6a5c245243b0397

SHA1
c8655289078c5c505f39b2437f166f813c55f824

SHA256
ea4e23e441fd9fd4887204fabe2f4148db5159229f48faf1463ecae81bac3c81

SHA512
846424d0211d273d0c723fd8c869581f3a4ba28bef886c6f1ee29e1dca330bdda181cff9edd3c93bd1ab8e8b9dc8f5b14066a0a40a668c4710364f4bf2cd88f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45874.exe

Filesize
468KB

MD5
d712198270f8bb7cc10f46952fbc2a9d

SHA1
22f4fb2e4d73406f24d09058ad83320e1d872b15

SHA256
81ab1ada4a2807fcb743255e7bc46d48e364246ca3d0934204b110857b74e188

SHA512
3e56309cf012925c5b38ecdd36641c248a97ea20bd259c1c2a284e4f90bc855b0a91362cf8113feac8f06b53c08fe950a1a4c02d2a6ad4e26290547b663c0ec3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51535.exe

Filesize
468KB

MD5
89d4b81c0ef95aaf3b0d375829f731b6

SHA1
a8e9f0ae5a06e0f95db043be1a6b48f05c0028dd

SHA256
a8369af25a6fe4580a7bf3d54cd8f582dc3be0afbcc75741acd448871382070c

SHA512
8bf7dbb7600f06b860b746d5801fbb0c3cd7e01a32dfb29a1c1111b31e989bced7c05d04553797b4a32c19c57131d6e53e346206beb27f377668ac8d1e7c6bb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53528.exe

Filesize
468KB

MD5
b4ad417cc24b388825cb7d6c088b5338

SHA1
04690320db7821efae2782eb8f67e60b280f043c

SHA256
8cd6825fa898af7df680f7202d519daf9b61c0ae4b2c315cb826216e42d5e83c

SHA512
2956aebc18bc908fd29e5e3e7eb305987f2f2af7ecd9dcc6a258586fa151b5f31f222b8e23cccbf9208f0acae0436a42b49565b135ccb1dc43252720729bfc98

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65270.exe

Filesize
468KB

MD5
083a8fdcd45d297baef1148891fd7881

SHA1
c26560cc1acd6429f322609afb606d5406527d81

SHA256
16b96f2195561f90fdd329c6432b5160420ad23840791991d50580e0caa4a609

SHA512
7be42ce998b89fa127066154590b2a5bb1113bbc0fa17f87667d65e18fea1f6c0a892f48c32bcbfd5cf28fd53f639d116c92db9bfaddc802b13682592e11de73

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10253.exe

Filesize
468KB

MD5
8fd21f72a15e57901fc76580db70e483

SHA1
406d851494dfae30cc36d3405f42c675e4387df9

SHA256
1da209529630af74f0129828e4b45d132b5a7a62bca6a3a42d0d1f4cd2c5c8f6

SHA512
c9d6fea7d0e89ddf56574a3fafdc0f918820911880eee48eec3a2d9bec5e4652b1c23a20d7de225d14be8a639e3eda963e271dfdbdc93bc14f7b983aa2b3e68b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29770.exe

Filesize
468KB

MD5
288d363c22984fbd5bffc8a12da0bbad

SHA1
59a41fcd6e2fac749731cf5edab856fa8bde2501

SHA256
3a7dce12863c69a54e672ad6df2f416e6f1b97cb71db919664d2c42ea64a71b3

SHA512
3d3e677cbbeacd12417d1167460c8477d5394a1a19bb8cc7c02c4bf871f166d16cfc6bebce331f7b37fbb84f386a3011852669285e28141c969e9d4da7afef6f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30119.exe

Filesize
468KB

MD5
f6341843e3556547ddafe060b8a38112

SHA1
65f39ec58ce066398042b640cde2df8294ff324b

SHA256
c2edaab69c16649aa008d6d506cceb516dce6e19755cfe5e2a8e5bcafde18346

SHA512
837cab322fd32ec2b95ef5d52b25e72b928ff4b9d3d6d134ef7d60e39af44a8696ab89018a39f191da810a6bdfc169054aa43bf3d23c5b84c59dcc2c3062ae2c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31768.exe

Filesize
468KB

MD5
1b6bb28285f46a0505bdadce69019e82

SHA1
338747f5fe48d84371cf231e34160bf9a43920a8

SHA256
7b4c21ec54e1240980040f7c709de9873210c711866790e3f8ea6b80647447e8

SHA512
78187a780628198694d1dc6eba78ec01f1a93c698395c22ee9557348247176b96823b45e9d319d365c04836292a5ac0340d6537d6c06a5714ca94727a8ab45fe

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33492.exe

Filesize
468KB

MD5
dc279ff5e2fba50043ae8acdfe35c213

SHA1
5e5f1096d271d779804e4dc8244ba4273d6d48d6

SHA256
ab079c922baca7d9bffccacafcf1c0a56f69526ce49d1ecc67628fb7ba8b4c4b

SHA512
c3dd8ba3e7e7cefa20825dfee09b8df21aabaaeb30191d856d6c98812db824f94ce77a243216cdac60ac2dcfc01e77e006fa57da908a2dbc10f5777fe03fe846

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33814.exe

Filesize
468KB

MD5
2434e7e4d24822069176f02910d278b5

SHA1
63ec9aca9c13879274bc2299ec6f4d603d39e53a

SHA256
701f0271ebc8efdafc1d6371a9c80eacd494205a9680b26cefdb544647868df4

SHA512
30b9603273eea5c1ab8401b4b4b301e19f18531f017101bdffaea3369a60b7f2dee9bb0007fdb6b108795ce4cbe9196319d918f9a03a9e080aed0a9903bb306e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42371.exe

Filesize
468KB

MD5
71860dc8173c31804baacb9d7afbecff

SHA1
2bcecfd3e0fc7178a1ad9fbc9534bb25fb1ca2a3

SHA256
801e7cd490c4e5c7d46fa5f0fee3a8c137557d266f7a2a2909f3a131c98cc8ed

SHA512
d4686c95b07c658de3cdec1e0e2c64377a594725ac5ad109aefa34305702a7fcf2b24735f5305dbd45f5d5e63d439ae913bb84a600f4e36a8ee7f814ecb3f00d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55396.exe

Filesize
468KB

MD5
e61ff7e7fc343a90c49460c34292e9a1

SHA1
da2922cffbdcd07b9ea231deb4f3bbc893b53ae9

SHA256
6050e09afe77ae94f99b147e851a397db88f5d66cc84133f0b51faadd4703582

SHA512
23d2396d321874537226bac4c7136c9028b3520580fd73270493b6a1166d6dcb899715eaf79c7a92326703759b90cd8f4edc495396c07c716e2bc5f8a46f876b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55718.exe

Filesize
468KB

MD5
c7b4daba8d18cde6033d8ac7231cfd5c

SHA1
9b28cc081613fef913e7f1c28b89b5a300b76f92

SHA256
b48e3ff53a207044f40fee0709584c6de707caacf7fd0933759006b0093579fc

SHA512
3d3e715ed1a0af995b5b8647c1057ab6de7565bd37d98e1de7de409333f372b5fb6b48bc7e5908c1a2ae8a1fe87689ca52768bd72fcff27c780249c407779ca8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5598.exe

Filesize
468KB

MD5
a7e960fd32b2dc279b076dff49ccc881

SHA1
dd588dca163ff6882554b550c8be229857aeb22f

SHA256
3b7499fc4b8fce4a5253bd867384074d6500a9f235698e8f8a6c517d8c444597

SHA512
7a79d423bd420e8b154857735ac6c5d84aef03450609319e7e56cc0342d98bf7f34b53b6d166f787d3e2ad63d9a8a495bd18ea19f96c46f9dfe8064849922434

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5863.exe

Filesize
468KB

MD5
5809f659f92e2fda1d6d2ba3fd07c6ad

SHA1
fc9837e671705e2bddb98d5af462142909799b0d

SHA256
0e677fa48d52df29e3ec8870c86ae2a2f140661c94b7728ef9fd494013a850c7

SHA512
a1ba75cd4922f8cefa90c755d24dd6e4c7bdadd1585e70d353a9f3fdd56947370e14b8a730128c0b3ea9a401b3ed02de472092121fbe60981b1bccaf2bb78f2d

Download Submit