b1fe98d72d4cb908a1531bfcbf8ae7cc0dad1c3b6fc4f3d6723b7e0257b3bc9b

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14/10/2024, 13:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b1fe98d72d4cb908a1531bfcbf8ae7cc0dad1c3b6fc4f3d6723b7e0257b3bc9bN.exe
Size

468KB
MD5

4ff907525efd15a2aa05c107c0cecf10
SHA1

67ef52eaac728aae5ca9ea6be50f00a2e967b748
SHA256

b1fe98d72d4cb908a1531bfcbf8ae7cc0dad1c3b6fc4f3d6723b7e0257b3bc9b
SHA512

371f6a198980586d20491f23562833b0894498201d4814ca6cd61dbb2a60494b9984351e18f4f9eeb7945e3e8fe46beb2ffa027ae1e97f781beac909b29497f2
SSDEEP

3072:8qm8ogWxj28U2bYcPzsgqf8/lC7wG4plPmHxC/HmN7g+2bHN+Il7:8qhoxXU2XPggqf1EcRN7XgHN+

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
680	Unicorn-52046.exe
2772	Unicorn-52212.exe
2788	Unicorn-48299.exe
3008	Unicorn-44859.exe
2620	Unicorn-33161.exe
2752	Unicorn-3826.exe
2604	Unicorn-30752.exe
1964	Unicorn-50178.exe
2816	Unicorn-14168.exe
2016	Unicorn-17506.exe
1708	Unicorn-2876.exe
1388	Unicorn-22742.exe
1016	Unicorn-30645.exe
2940	Unicorn-30910.exe
2684	Unicorn-275.exe
1968	Unicorn-2212.exe
2976	Unicorn-56436.exe
1776	Unicorn-34200.exe
1620	Unicorn-49559.exe
824	Unicorn-11688.exe
564	Unicorn-43100.exe
2080	Unicorn-39570.exe
2840	Unicorn-12273.exe
1916	Unicorn-34740.exe
888	Unicorn-51195.exe
2432	Unicorn-51460.exe
1484	Unicorn-10982.exe
2292	Unicorn-30848.exe
2732	Unicorn-28470.exe
2780	Unicorn-39406.exe
2796	Unicorn-35591.exe
2096	Unicorn-3281.exe
2228	Unicorn-65139.exe
2208	Unicorn-19757.exe
1768	Unicorn-46949.exe
1852	Unicorn-53079.exe
1656	Unicorn-45466.exe
2848	Unicorn-65331.exe
1552	Unicorn-20385.exe
1912	Unicorn-23723.exe
2100	Unicorn-3857.exe
2156	Unicorn-42481.exe
2152	Unicorn-44527.exe
2160	Unicorn-57334.exe
1172	Unicorn-5009.exe
1732	Unicorn-24875.exe
628	Unicorn-45414.exe
788	Unicorn-57931.exe
1756	Unicorn-3301.exe
804	Unicorn-28767.exe
2440	Unicorn-16000.exe
1696	Unicorn-48118.exe
2500	Unicorn-62408.exe
1492	Unicorn-11169.exe
2808	Unicorn-36058.exe
2284	Unicorn-16192.exe
2444	Unicorn-56478.exe
2648	Unicorn-1147.exe
2844	Unicorn-24003.exe
1836	Unicorn-8045.exe
2956	Unicorn-5668.exe
2192	Unicorn-34256.exe
3064	Unicorn-9005.exe
2972	Unicorn-14935.exe

Loads dropped DLL 64 IoCs

pid	Process
2528	b1fe98d72d4cb908a1531bfcbf8ae7cc0dad1c3b6fc4f3d6723b7e0257b3bc9bN.exe
2528	b1fe98d72d4cb908a1531bfcbf8ae7cc0dad1c3b6fc4f3d6723b7e0257b3bc9bN.exe
680	Unicorn-52046.exe
680	Unicorn-52046.exe
2528	b1fe98d72d4cb908a1531bfcbf8ae7cc0dad1c3b6fc4f3d6723b7e0257b3bc9bN.exe
2528	b1fe98d72d4cb908a1531bfcbf8ae7cc0dad1c3b6fc4f3d6723b7e0257b3bc9bN.exe
2772	Unicorn-52212.exe
2772	Unicorn-52212.exe
680	Unicorn-52046.exe
680	Unicorn-52046.exe
2788	Unicorn-48299.exe
2788	Unicorn-48299.exe
2528	b1fe98d72d4cb908a1531bfcbf8ae7cc0dad1c3b6fc4f3d6723b7e0257b3bc9bN.exe
2528	b1fe98d72d4cb908a1531bfcbf8ae7cc0dad1c3b6fc4f3d6723b7e0257b3bc9bN.exe
3008	Unicorn-44859.exe
3008	Unicorn-44859.exe
2772	Unicorn-52212.exe
2772	Unicorn-52212.exe
2752	Unicorn-3826.exe
2752	Unicorn-3826.exe
2788	Unicorn-48299.exe
2788	Unicorn-48299.exe
2604	Unicorn-30752.exe
2604	Unicorn-30752.exe
2528	b1fe98d72d4cb908a1531bfcbf8ae7cc0dad1c3b6fc4f3d6723b7e0257b3bc9bN.exe
2620	Unicorn-33161.exe
2528	b1fe98d72d4cb908a1531bfcbf8ae7cc0dad1c3b6fc4f3d6723b7e0257b3bc9bN.exe
2620	Unicorn-33161.exe
680	Unicorn-52046.exe
680	Unicorn-52046.exe
1964	Unicorn-50178.exe
1964	Unicorn-50178.exe
3008	Unicorn-44859.exe
3008	Unicorn-44859.exe
2816	Unicorn-14168.exe
2816	Unicorn-14168.exe
2772	Unicorn-52212.exe
2772	Unicorn-52212.exe
2016	Unicorn-17506.exe
2016	Unicorn-17506.exe
1708	Unicorn-2876.exe
1708	Unicorn-2876.exe
2752	Unicorn-3826.exe
2752	Unicorn-3826.exe
2788	Unicorn-48299.exe
2788	Unicorn-48299.exe
2684	Unicorn-275.exe
2684	Unicorn-275.exe
680	Unicorn-52046.exe
680	Unicorn-52046.exe
1388	Unicorn-22742.exe
1388	Unicorn-22742.exe
2604	Unicorn-30752.exe
2940	Unicorn-30910.exe
2604	Unicorn-30752.exe
2940	Unicorn-30910.exe
2620	Unicorn-33161.exe
2528	b1fe98d72d4cb908a1531bfcbf8ae7cc0dad1c3b6fc4f3d6723b7e0257b3bc9bN.exe
2620	Unicorn-33161.exe
2528	b1fe98d72d4cb908a1531bfcbf8ae7cc0dad1c3b6fc4f3d6723b7e0257b3bc9bN.exe
1968	Unicorn-2212.exe
1968	Unicorn-2212.exe
1964	Unicorn-50178.exe
1964	Unicorn-50178.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1724	804	WerFault.exe	80

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24517.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43643.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52264.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55892.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41767.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41767.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43643.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15620.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57983.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56220.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57449.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10103.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46317.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38724.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31963.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60425.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6753.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44901.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45285.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28477.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4238.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32465.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38158.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20236.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37131.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13839.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60041.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3857.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12098.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45974.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23799.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36799.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23799.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62688.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24205.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59083.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44901.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7140.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33887.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57622.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12377.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30848.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9794.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29395.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9955.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55892.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2799.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5666.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50790.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20236.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43100.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6753.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9794.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10103.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30023.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59613.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42481.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18626.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38358.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45285.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49384.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34919.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19591.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43105.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2528	b1fe98d72d4cb908a1531bfcbf8ae7cc0dad1c3b6fc4f3d6723b7e0257b3bc9bN.exe
680	Unicorn-52046.exe
2772	Unicorn-52212.exe
2788	Unicorn-48299.exe
3008	Unicorn-44859.exe
2752	Unicorn-3826.exe
2620	Unicorn-33161.exe
2604	Unicorn-30752.exe
1964	Unicorn-50178.exe
2816	Unicorn-14168.exe
2016	Unicorn-17506.exe
1708	Unicorn-2876.exe
1016	Unicorn-30645.exe
1388	Unicorn-22742.exe
2940	Unicorn-30910.exe
2684	Unicorn-275.exe
1968	Unicorn-2212.exe
2976	Unicorn-56436.exe
1776	Unicorn-34200.exe
1620	Unicorn-49559.exe
824	Unicorn-11688.exe
564	Unicorn-43100.exe
2080	Unicorn-39570.exe
2840	Unicorn-12273.exe
1916	Unicorn-34740.exe
888	Unicorn-51195.exe
1484	Unicorn-10982.exe
2732	Unicorn-28470.exe
2780	Unicorn-39406.exe
2292	Unicorn-30848.exe
2432	Unicorn-51460.exe
2796	Unicorn-35591.exe
2096	Unicorn-3281.exe
2228	Unicorn-65139.exe
2208	Unicorn-19757.exe
1552	Unicorn-20385.exe
1768	Unicorn-46949.exe
1656	Unicorn-45466.exe
2100	Unicorn-3857.exe
1852	Unicorn-53079.exe
2848	Unicorn-65331.exe
2156	Unicorn-42481.exe
1912	Unicorn-23723.exe
2152	Unicorn-44527.exe
2160	Unicorn-57334.exe
1172	Unicorn-5009.exe
788	Unicorn-57931.exe
628	Unicorn-45414.exe
1732	Unicorn-24875.exe
1756	Unicorn-3301.exe
2440	Unicorn-16000.exe
804	Unicorn-28767.exe
1696	Unicorn-48118.exe
2500	Unicorn-62408.exe
1492	Unicorn-11169.exe
2808	Unicorn-36058.exe
2284	Unicorn-16192.exe
2444	Unicorn-56478.exe
2648	Unicorn-1147.exe
2844	Unicorn-24003.exe
1836	Unicorn-8045.exe
2192	Unicorn-34256.exe
2956	Unicorn-5668.exe
3064	Unicorn-9005.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2528 wrote to memory of 680	2528	b1fe98d72d4cb908a1531bfcbf8ae7cc0dad1c3b6fc4f3d6723b7e0257b3bc9bN.exe	31
PID 2528 wrote to memory of 680	2528	b1fe98d72d4cb908a1531bfcbf8ae7cc0dad1c3b6fc4f3d6723b7e0257b3bc9bN.exe	31
PID 2528 wrote to memory of 680	2528	b1fe98d72d4cb908a1531bfcbf8ae7cc0dad1c3b6fc4f3d6723b7e0257b3bc9bN.exe	31
PID 2528 wrote to memory of 680	2528	b1fe98d72d4cb908a1531bfcbf8ae7cc0dad1c3b6fc4f3d6723b7e0257b3bc9bN.exe	31
PID 680 wrote to memory of 2772	680	Unicorn-52046.exe	32
PID 680 wrote to memory of 2772	680	Unicorn-52046.exe	32
PID 680 wrote to memory of 2772	680	Unicorn-52046.exe	32
PID 680 wrote to memory of 2772	680	Unicorn-52046.exe	32
PID 2528 wrote to memory of 2788	2528	b1fe98d72d4cb908a1531bfcbf8ae7cc0dad1c3b6fc4f3d6723b7e0257b3bc9bN.exe	33
PID 2528 wrote to memory of 2788	2528	b1fe98d72d4cb908a1531bfcbf8ae7cc0dad1c3b6fc4f3d6723b7e0257b3bc9bN.exe	33
PID 2528 wrote to memory of 2788	2528	b1fe98d72d4cb908a1531bfcbf8ae7cc0dad1c3b6fc4f3d6723b7e0257b3bc9bN.exe	33
PID 2528 wrote to memory of 2788	2528	b1fe98d72d4cb908a1531bfcbf8ae7cc0dad1c3b6fc4f3d6723b7e0257b3bc9bN.exe	33
PID 2772 wrote to memory of 3008	2772	Unicorn-52212.exe	34
PID 2772 wrote to memory of 3008	2772	Unicorn-52212.exe	34
PID 2772 wrote to memory of 3008	2772	Unicorn-52212.exe	34
PID 2772 wrote to memory of 3008	2772	Unicorn-52212.exe	34
PID 680 wrote to memory of 2620	680	Unicorn-52046.exe	35
PID 680 wrote to memory of 2620	680	Unicorn-52046.exe	35
PID 680 wrote to memory of 2620	680	Unicorn-52046.exe	35
PID 680 wrote to memory of 2620	680	Unicorn-52046.exe	35
PID 2788 wrote to memory of 2752	2788	Unicorn-48299.exe	36
PID 2788 wrote to memory of 2752	2788	Unicorn-48299.exe	36
PID 2788 wrote to memory of 2752	2788	Unicorn-48299.exe	36
PID 2788 wrote to memory of 2752	2788	Unicorn-48299.exe	36
PID 2528 wrote to memory of 2604	2528	b1fe98d72d4cb908a1531bfcbf8ae7cc0dad1c3b6fc4f3d6723b7e0257b3bc9bN.exe	37
PID 2528 wrote to memory of 2604	2528	b1fe98d72d4cb908a1531bfcbf8ae7cc0dad1c3b6fc4f3d6723b7e0257b3bc9bN.exe	37
PID 2528 wrote to memory of 2604	2528	b1fe98d72d4cb908a1531bfcbf8ae7cc0dad1c3b6fc4f3d6723b7e0257b3bc9bN.exe	37
PID 2528 wrote to memory of 2604	2528	b1fe98d72d4cb908a1531bfcbf8ae7cc0dad1c3b6fc4f3d6723b7e0257b3bc9bN.exe	37
PID 3008 wrote to memory of 1964	3008	Unicorn-44859.exe	38
PID 3008 wrote to memory of 1964	3008	Unicorn-44859.exe	38
PID 3008 wrote to memory of 1964	3008	Unicorn-44859.exe	38
PID 3008 wrote to memory of 1964	3008	Unicorn-44859.exe	38
PID 2772 wrote to memory of 2816	2772	Unicorn-52212.exe	39
PID 2772 wrote to memory of 2816	2772	Unicorn-52212.exe	39
PID 2772 wrote to memory of 2816	2772	Unicorn-52212.exe	39
PID 2772 wrote to memory of 2816	2772	Unicorn-52212.exe	39
PID 2752 wrote to memory of 2016	2752	Unicorn-3826.exe	40
PID 2752 wrote to memory of 2016	2752	Unicorn-3826.exe	40
PID 2752 wrote to memory of 2016	2752	Unicorn-3826.exe	40
PID 2752 wrote to memory of 2016	2752	Unicorn-3826.exe	40
PID 2788 wrote to memory of 1708	2788	Unicorn-48299.exe	41
PID 2788 wrote to memory of 1708	2788	Unicorn-48299.exe	41
PID 2788 wrote to memory of 1708	2788	Unicorn-48299.exe	41
PID 2788 wrote to memory of 1708	2788	Unicorn-48299.exe	41
PID 2604 wrote to memory of 1388	2604	Unicorn-30752.exe	42
PID 2604 wrote to memory of 1388	2604	Unicorn-30752.exe	42
PID 2604 wrote to memory of 1388	2604	Unicorn-30752.exe	42
PID 2604 wrote to memory of 1388	2604	Unicorn-30752.exe	42
PID 2528 wrote to memory of 1016	2528	b1fe98d72d4cb908a1531bfcbf8ae7cc0dad1c3b6fc4f3d6723b7e0257b3bc9bN.exe	43
PID 2528 wrote to memory of 1016	2528	b1fe98d72d4cb908a1531bfcbf8ae7cc0dad1c3b6fc4f3d6723b7e0257b3bc9bN.exe	43
PID 2528 wrote to memory of 1016	2528	b1fe98d72d4cb908a1531bfcbf8ae7cc0dad1c3b6fc4f3d6723b7e0257b3bc9bN.exe	43
PID 2528 wrote to memory of 1016	2528	b1fe98d72d4cb908a1531bfcbf8ae7cc0dad1c3b6fc4f3d6723b7e0257b3bc9bN.exe	43
PID 2620 wrote to memory of 2940	2620	Unicorn-33161.exe	44
PID 2620 wrote to memory of 2940	2620	Unicorn-33161.exe	44
PID 2620 wrote to memory of 2940	2620	Unicorn-33161.exe	44
PID 2620 wrote to memory of 2940	2620	Unicorn-33161.exe	44
PID 680 wrote to memory of 2684	680	Unicorn-52046.exe	45
PID 680 wrote to memory of 2684	680	Unicorn-52046.exe	45
PID 680 wrote to memory of 2684	680	Unicorn-52046.exe	45
PID 680 wrote to memory of 2684	680	Unicorn-52046.exe	45
PID 1964 wrote to memory of 1968	1964	Unicorn-50178.exe	46
PID 1964 wrote to memory of 1968	1964	Unicorn-50178.exe	46
PID 1964 wrote to memory of 1968	1964	Unicorn-50178.exe	46
PID 1964 wrote to memory of 1968	1964	Unicorn-50178.exe	46

C:\Users\Admin\AppData\Local\Temp\b1fe98d72d4cb908a1531bfcbf8ae7cc0dad1c3b6fc4f3d6723b7e0257b3bc9bN.exe
"C:\Users\Admin\AppData\Local\Temp\b1fe98d72d4cb908a1531bfcbf8ae7cc0dad1c3b6fc4f3d6723b7e0257b3bc9bN.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2528
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52046.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52046.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52212.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52212.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44859.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50178.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2212.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35591.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8045.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44901.exe
        9⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57449.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34919.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43186.exe
        10⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55892.exe
        9⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55895.exe
        9⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19591.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24701.exe
        9⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41158.exe
        8⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57519.exe
        8⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46654.exe
        8⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60041.exe
        8⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41767.exe
        8⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5668.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40817.exe
        8⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51808.exe
        8⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37778.exe
        8⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44593.exe
        8⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41237.exe
        8⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47023.exe
        7⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48854.exe
        7⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30118.exe
        7⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7485.exe
        7⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20236.exe
        7⤵
        
        PID:6280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3281.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9005.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60147.exe
        8⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9794.exe
        8⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4238.exe
        8⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59455.exe
        8⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40085.exe
        8⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60894.exe
        7⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30789.exe
        8⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35386.exe
        8⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19641.exe
        8⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23529.exe
        7⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10103.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5481.exe
        7⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27742.exe
        7⤵
        
        PID:5352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14935.exe
        6⤵
        Executes dropped EXE
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44901.exe
        7⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55892.exe
        7⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37778.exe
        7⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26768.exe
        7⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42547.exe
        7⤵
        
        PID:6864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40552.exe
        6⤵
        
        PID:2464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62743.exe
        6⤵
        
        PID:3264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30694.exe
        6⤵
        
        PID:4944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24205.exe
        6⤵
        
        PID:5388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56592.exe
        6⤵
        
        PID:6732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56436.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34256.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44901.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55892.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26599.exe
        7⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38158.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41237.exe
        7⤵
        
        PID:6600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38771.exe
        6⤵
        
        PID:2308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55810.exe
        6⤵
        
        PID:3576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30118.exe
        6⤵
        
        PID:4996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11569.exe
        6⤵
        
        PID:5676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20236.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46949.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43261.exe
        6⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41113.exe
        7⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15490.exe
        7⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30933.exe
        7⤵
        
        PID:5188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60993.exe
        6⤵
        
        PID:3728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51654.exe
        6⤵
        
        PID:4128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49939.exe
        6⤵
        
        PID:4416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23850.exe
        6⤵
        
        PID:5688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42996.exe
        5⤵
        
        PID:700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44045.exe
        6⤵
        
        PID:3828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23658.exe
        6⤵
        
        PID:2668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59083.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55592.exe
        5⤵
        
        PID:3684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44570.exe
        5⤵
        
        PID:4268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22487.exe
        5⤵
        
        PID:4564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23469.exe
        5⤵
        
        PID:5212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14168.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34200.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53079.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2669.exe
        7⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26806.exe
        8⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37918.exe
        8⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-253.exe
        8⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15620.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41237.exe
        8⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52057.exe
        7⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63906.exe
        7⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30623.exe
        7⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44470.exe
        7⤵
        
        PID:6084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61361.exe
        6⤵
        
        PID:2132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56202.exe
        6⤵
        
        PID:3108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10103.exe
        6⤵
        
        PID:4792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50790.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27934.exe
        6⤵
        
        PID:6080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45466.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12098.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20671.exe
        7⤵
        
        PID:6940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9794.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4238.exe
        6⤵
        
        PID:4676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62688.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52446.exe
        6⤵
        
        PID:5412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37380.exe
        5⤵
        
        PID:2704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29395.exe
        5⤵
        
        PID:3956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1438.exe
        5⤵
        
        PID:4640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54483.exe
        5⤵
        
        PID:4904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52976.exe
        5⤵
        
        PID:5384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49559.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65139.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21066.exe
        6⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13463.exe
        7⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4238.exe
        7⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54987.exe
        7⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36301.exe
        7⤵
        
        PID:1936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59135.exe
        6⤵
        
        PID:3020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51654.exe
        6⤵
        
        PID:4120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63487.exe
        6⤵
        
        PID:3776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26569.exe
        6⤵
        
        PID:5348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18580.exe
        6⤵
        
        PID:6884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46317.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19198.exe
        6⤵
        
        PID:2488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9794.exe
        6⤵
        
        PID:4016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4238.exe
        6⤵
        
        PID:4760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14146.exe
        6⤵
        
        PID:5004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44470.exe
        6⤵
        
        PID:5204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57992.exe
        5⤵
        
        PID:1616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55584.exe
        6⤵
        
        PID:2260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24608.exe
        6⤵
        
        PID:5208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44037.exe
        6⤵
        
        PID:6180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29395.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7264.exe
        5⤵
        
        PID:4236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30023.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20236.exe
        5⤵
        
        PID:6288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19757.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19757.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38492.exe
        5⤵
        
        PID:2832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5212.exe
        6⤵
        
        PID:2856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55892.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55188.exe
        6⤵
        
        PID:4388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38158.exe
        6⤵
        
        PID:5716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41237.exe
        6⤵
        
        PID:6592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54584.exe
        5⤵
        
        PID:1900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6.exe
        5⤵
        
        PID:3520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55895.exe
        5⤵
        
        PID:4844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35927.exe
        5⤵
        
        PID:5424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24701.exe
        5⤵
        
        PID:6500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29561.exe
      4⤵
      PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6136.exe
        5⤵
        
        PID:3736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11598.exe
        5⤵
        
        PID:4964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26667.exe
        5⤵
        
        PID:5520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49902.exe
        5⤵
        
        PID:5220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14552.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14552.exe
      4⤵
      PID:3588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49384.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49384.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25653.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25653.exe
      4⤵
      PID:5028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46156.exe
      4⤵
      PID:5796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19101.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19101.exe
      4⤵
      PID:6148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33161.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33161.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30910.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30848.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11169.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49670.exe
        7⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31963.exe
        7⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26599.exe
        7⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38158.exe
        7⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41237.exe
        7⤵
        
        PID:6576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20951.exe
        6⤵
        
        PID:2880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4090.exe
        6⤵
        
        PID:4092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47230.exe
        6⤵
        
        PID:4916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3056.exe
        6⤵
        
        PID:5156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41767.exe
        6⤵
        
        PID:6364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16192.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57646.exe
        6⤵
        
        PID:2572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45285.exe
        6⤵
        
        PID:3644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26599.exe
        6⤵
        
        PID:4336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38158.exe
        6⤵
        
        PID:5732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41237.exe
        6⤵
        
        PID:6544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47624.exe
        5⤵
        
        PID:988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64885.exe
        5⤵
        
        PID:3660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23799.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12957.exe
        5⤵
        
        PID:5876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41767.exe
        5⤵
        
        PID:6308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28470.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48118.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40578.exe
        6⤵
        
        PID:2980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9794.exe
        6⤵
        
        PID:4008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4238.exe
        6⤵
        
        PID:4776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47412.exe
        6⤵
        
        PID:5956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24701.exe
        6⤵
        
        PID:6460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51791.exe
        5⤵
        
        PID:848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9955.exe
        5⤵
        
        PID:3792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30694.exe
        5⤵
        
        PID:4952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24205.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56592.exe
        5⤵
        
        PID:6740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62408.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43510.exe
        5⤵
        
        PID:2588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9794.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4238.exe
        5⤵
        
        PID:4700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47412.exe
        5⤵
        
        PID:5948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24701.exe
        5⤵
        
        PID:6412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18932.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18932.exe
      4⤵
      PID:1636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20729.exe
      4⤵
      PID:3916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50440.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50440.exe
      4⤵
      PID:4720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6011.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6011.exe
      4⤵
      PID:5112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11025.exe
      4⤵
      PID:5276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-275.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-275.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34740.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34740.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44527.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12980.exe
        6⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-255.exe
        7⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57519.exe
        7⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46654.exe
        7⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60041.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41767.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54309.exe
        6⤵
        
        PID:1108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59020.exe
        6⤵
        
        PID:3640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47230.exe
        6⤵
        
        PID:4832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3056.exe
        6⤵
        
        PID:5148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41767.exe
        6⤵
        
        PID:6332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23395.exe
        5⤵
        
        PID:2744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27422.exe
        6⤵
        
        PID:3144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51654.exe
        6⤵
        
        PID:4104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6118.exe
        6⤵
        
        PID:4372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52264.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24701.exe
        6⤵
        
        PID:6468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34686.exe
        5⤵
        
        PID:2644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5871.exe
        5⤵
        
        PID:3300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47230.exe
        5⤵
        
        PID:4920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7140.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41767.exe
        5⤵
        
        PID:6388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43261.exe
        5⤵
        
        PID:2756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47828.exe
        6⤵
        
        PID:3540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57888.exe
        6⤵
        
        PID:4960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47270.exe
        6⤵
        
        PID:6036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23529.exe
        5⤵
        
        PID:3896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10103.exe
        5⤵
        
        PID:4752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22201.exe
        5⤵
        
        PID:920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23850.exe
        5⤵
        
        PID:5488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37131.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37131.exe
      4⤵
      PID:2900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53754.exe
        5⤵
        
        PID:1816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45285.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26599.exe
        5⤵
        
        PID:4352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38158.exe
        5⤵
        
        PID:5860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41237.exe
        5⤵
        
        PID:6664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44636.exe
      4⤵
      PID:2448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1290.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1290.exe
      4⤵
      PID:3804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47760.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47760.exe
      4⤵
      PID:4896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64128.exe
      4⤵
      PID:5180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14901.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14901.exe
      4⤵
      PID:5400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51195.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51195.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56478.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56478.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65383.exe
        5⤵
        
        PID:1064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9794.exe
        5⤵
        
        PID:3948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4238.exe
        5⤵
        
        PID:4684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30867.exe
        5⤵
        
        PID:4440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21961.exe
        5⤵
        
        PID:7064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23644.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23644.exe
      4⤵
      PID:2784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64885.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64885.exe
      4⤵
      PID:3612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18442.exe
      4⤵
      PID:4452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3785.exe
      4⤵
      PID:6008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20236.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20236.exe
      4⤵
      PID:6252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24003.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24003.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47319.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47319.exe
      4⤵
      PID:1132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40763.exe
        5⤵
        
        PID:4544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43887.exe
        5⤵
        
        PID:604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13839.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49902.exe
        5⤵
        
        PID:5508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9794.exe
      4⤵
      PID:3940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4238.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4238.exe
      4⤵
      PID:4668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30867.exe
      4⤵
      PID:5100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44470.exe
      4⤵
      PID:5248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3161.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3161.exe
    3⤵
    PID:1432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21259.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21259.exe
    3⤵
    PID:4044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45974.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45974.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44682.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44682.exe
    3⤵
    PID:4940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30310.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30310.exe
    3⤵
    PID:5420
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48299.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48299.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3826.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3826.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17506.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17506.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11688.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65331.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43261.exe
        7⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62389.exe
        8⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62088.exe
        8⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57622.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43105.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1515.exe
        8⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18019.exe
        7⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4090.exe
        7⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32465.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29492.exe
        7⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24701.exe
        7⤵
        
        PID:6436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23395.exe
        6⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61922.exe
        7⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31963.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26599.exe
        7⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38158.exe
        7⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41237.exe
        7⤵
        
        PID:6584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38771.exe
        6⤵
        
        PID:2316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9955.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23799.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12957.exe
        6⤵
        
        PID:5724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41767.exe
        6⤵
        
        PID:6068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20385.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43261.exe
        6⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62581.exe
        7⤵
        
        PID:356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55892.exe
        7⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37778.exe
        7⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20088.exe
        7⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41237.exe
        7⤵
        
        PID:6608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58668.exe
        6⤵
        
        PID:2248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4090.exe
        6⤵
        
        PID:3760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32465.exe
        6⤵
        
        PID:4160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29492.exe
        6⤵
        
        PID:5808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24701.exe
        6⤵
        
        PID:6476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37131.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44901.exe
        6⤵
        
        PID:2860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55892.exe
        6⤵
        
        PID:3212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37778.exe
        6⤵
        
        PID:4624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28257.exe
        6⤵
        
        PID:5240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41237.exe
        6⤵
        
        PID:6640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38358.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32318.exe
        5⤵
        
        PID:4168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47184.exe
        5⤵
        
        PID:5052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55575.exe
        5⤵
        
        PID:5660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14901.exe
        5⤵
        
        PID:6192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39570.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39570.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23723.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43261.exe
        6⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1704.exe
        7⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55892.exe
        7⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8421.exe
        7⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11728.exe
        7⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41237.exe
        7⤵
        
        PID:6648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59135.exe
        6⤵
        
        PID:540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51654.exe
        6⤵
        
        PID:3972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55319.exe
        6⤵
        
        PID:5008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11039.exe
        6⤵
        
        PID:5608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24701.exe
        6⤵
        
        PID:6404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23395.exe
        5⤵
        
        PID:2436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30271.exe
        6⤵
        
        PID:2204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4090.exe
        6⤵
        
        PID:3204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43643.exe
        6⤵
        
        PID:4512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11423.exe
        6⤵
        
        PID:6124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17921.exe
        6⤵
        
        PID:6748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38724.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29395.exe
        5⤵
        
        PID:3976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1438.exe
        5⤵
        
        PID:4708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22002.exe
        5⤵
        
        PID:5284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45000.exe
        5⤵
        
        PID:5264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42481.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43261.exe
        5⤵
        
        PID:2220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40817.exe
        6⤵
        
        PID:572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51808.exe
        6⤵
        
        PID:3304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37778.exe
        6⤵
        
        PID:4716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44593.exe
        6⤵
        
        PID:5452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41237.exe
        6⤵
        
        PID:6656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41158.exe
        5⤵
        
        PID:3152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57519.exe
        5⤵
        
        PID:3796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46654.exe
        5⤵
        
        PID:5076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55957.exe
        5⤵
        
        PID:5708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41767.exe
        5⤵
        
        PID:6372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42996.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42996.exe
      4⤵
      PID:1472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29333.exe
        5⤵
        
        PID:2020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55892.exe
        5⤵
        
        PID:3912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55895.exe
        5⤵
        
        PID:4880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19591.exe
        5⤵
        
        PID:5164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24701.exe
        5⤵
        
        PID:6420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58311.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58311.exe
      4⤵
      PID:2184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50292.exe
      4⤵
      PID:3180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35508.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35508.exe
      4⤵
      PID:4468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43707.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43707.exe
      4⤵
      PID:6048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14901.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14901.exe
      4⤵
      PID:6164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2876.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2876.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43100.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58377.exe
        5⤵
        
        PID:668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44901.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55892.exe
        6⤵
        
        PID:4088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37778.exe
        6⤵
        
        PID:4580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7836.exe
        6⤵
        
        PID:6056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41237.exe
        6⤵
        
        PID:6616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38771.exe
        5⤵
        
        PID:1560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9955.exe
        5⤵
        
        PID:3096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34977.exe
        5⤵
        
        PID:4556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60425.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41767.exe
        5⤵
        
        PID:6356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3857.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3857.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6753.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9794.exe
        5⤵
        
        PID:4036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4238.exe
        5⤵
        
        PID:4744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59455.exe
        5⤵
        
        PID:5320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44470.exe
        5⤵
        
        PID:5988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9559.exe
      4⤵
      PID:2148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57983.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1438.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1438.exe
      4⤵
      PID:4632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5666.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5666.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40916.exe
      4⤵
      PID:5480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12273.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12273.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24875.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24875.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41158.exe
        5⤵
        
        PID:3168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57519.exe
        5⤵
        
        PID:3608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46654.exe
        5⤵
        
        PID:932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55957.exe
        5⤵
        
        PID:5692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41767.exe
        5⤵
        
        PID:6348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8761.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8761.exe
      4⤵
      PID:1420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23529.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23529.exe
      4⤵
      PID:3964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23799.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23799.exe
      4⤵
      PID:4316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12957.exe
      4⤵
      PID:5748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41767.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41767.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45414.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45414.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43261.exe
      4⤵
      PID:2724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48954.exe
        5⤵
        
        PID:3812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50171.exe
        5⤵
        
        PID:4280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24757.exe
        5⤵
        
        PID:4620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36799.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20152.exe
      4⤵
      PID:3600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51654.exe
      4⤵
      PID:4112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63487.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63487.exe
      4⤵
      PID:4180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6955.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6955.exe
      4⤵
      PID:5904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24701.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24701.exe
      4⤵
      PID:6172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24517.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24517.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41777.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41777.exe
      4⤵
      PID:1520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45752.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45752.exe
      4⤵
      PID:3720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57622.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57622.exe
      4⤵
      PID:3312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27873.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27873.exe
      4⤵
      PID:5980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41237.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41237.exe
      4⤵
      PID:6632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44707.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44707.exe
    3⤵
    PID:2332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1820.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1820.exe
    3⤵
    PID:3836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2799.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2799.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3157.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3157.exe
    3⤵
    PID:5788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19101.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19101.exe
    3⤵
    PID:6156
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30752.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30752.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22742.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22742.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51460.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28767.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:804
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 804 -s 200
        6⤵
        Program crash
        
        PID:1724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34547.exe
        5⤵
        
        PID:2968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4090.exe
        5⤵
        
        PID:3104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43643.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39052.exe
        5⤵
        
        PID:5968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24701.exe
        5⤵
        
        PID:6452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16000.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16000.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43261.exe
        5⤵
        
        PID:1860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54413.exe
        6⤵
        
        PID:2484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51808.exe
        6⤵
        
        PID:3288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37778.exe
        6⤵
        
        PID:4856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26768.exe
        6⤵
        
        PID:6140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42547.exe
        6⤵
        
        PID:6872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9275.exe
        5⤵
        
        PID:2932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4090.exe
        5⤵
        
        PID:3176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43643.exe
        5⤵
        
        PID:4524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10233.exe
        5⤵
        
        PID:6076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59613.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37131.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37131.exe
      4⤵
      PID:2680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25384.exe
        5⤵
        
        PID:3192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56040.exe
        5⤵
        
        PID:4768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8281.exe
        5⤵
        
        PID:4980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40691.exe
        5⤵
        
        PID:5372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19140.exe
      4⤵
      PID:3764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61106.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61106.exe
      4⤵
      PID:4248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50539.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50539.exe
      4⤵
      PID:4464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3593.exe
      4⤵
      PID:5336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20236.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20236.exe
      4⤵
      PID:6272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10982.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10982.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36058.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36058.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43261.exe
        5⤵
        
        PID:2584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64122.exe
        6⤵
        
        PID:2404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9794.exe
        6⤵
        
        PID:3904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4238.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39035.exe
        6⤵
        
        PID:5228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40386.exe
        6⤵
        
        PID:264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49301.exe
        5⤵
        
        PID:1672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23529.exe
        5⤵
        
        PID:3888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23799.exe
        5⤵
        
        PID:4332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12957.exe
        5⤵
        
        PID:5844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41767.exe
        5⤵
        
        PID:6340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23395.exe
      4⤵
      PID:2172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40817.exe
        5⤵
        
        PID:1720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55892.exe
        5⤵
        
        PID:4024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43643.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64708.exe
        5⤵
        
        PID:6024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24701.exe
        5⤵
        
        PID:6444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48283.exe
      4⤵
      PID:352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9955.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9955.exe
      4⤵
      PID:3820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23799.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23799.exe
      4⤵
      PID:4256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12957.exe
      4⤵
      PID:5852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41767.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41767.exe
      4⤵
      PID:6396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1147.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1147.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8637.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8637.exe
      4⤵
      PID:2512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45285.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45285.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26599.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26599.exe
      4⤵
      PID:4364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38158.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38158.exe
      4⤵
      PID:5772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41237.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41237.exe
      4⤵
      PID:6560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36961.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36961.exe
    3⤵
    PID:2012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12377.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12377.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30301.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30301.exe
      4⤵
      PID:6064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56220.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56220.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7264.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7264.exe
    3⤵
    PID:4216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30023.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30023.exe
    3⤵
    PID:5816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20236.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20236.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5528
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30645.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30645.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57334.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57334.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6753.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6753.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9794.exe
      4⤵
      PID:4060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4238.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4238.exe
      4⤵
      PID:4808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47203.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47203.exe
      4⤵
      PID:5300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44470.exe
      4⤵
      PID:1348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57656.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57656.exe
    3⤵
    PID:1080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1290.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1290.exe
    3⤵
    PID:3744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47760.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47760.exe
    3⤵
    PID:4888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51875.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51875.exe
    3⤵
    PID:5136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14901.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14901.exe
    3⤵
    PID:5256
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39406.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39406.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57931.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57931.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43261.exe
      4⤵
      PID:2224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24050.exe
        5⤵
        
        PID:2092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45285.exe
        5⤵
        
        PID:3692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26599.exe
        5⤵
        
        PID:4148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38158.exe
        5⤵
        
        PID:5828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41237.exe
        5⤵
        
        PID:6624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54309.exe
      4⤵
      PID:1996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59020.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59020.exe
      4⤵
      PID:3700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32465.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32465.exe
      4⤵
      PID:4292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29492.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29492.exe
      4⤵
      PID:5884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24701.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24701.exe
      4⤵
      PID:6492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18626.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18626.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60656.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60656.exe
      4⤵
      PID:3500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31826.exe
      4⤵
      PID:4664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47270.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47270.exe
      4⤵
      PID:5192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33887.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33887.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57519.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57519.exe
    3⤵
    PID:3624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46654.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46654.exe
    3⤵
    PID:5068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60041.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60041.exe
    3⤵
    PID:5624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41767.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41767.exe
    3⤵
    PID:6380
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3301.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3301.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43261.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43261.exe
    3⤵
    PID:2888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27422.exe
      4⤵
      PID:3160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10103.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22201.exe
      4⤵
      PID:5096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23850.exe
      4⤵
      PID:5668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25035.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25035.exe
    3⤵
    PID:2456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4090.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4090.exe
    3⤵
    PID:3220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43643.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43643.exe
    3⤵
    PID:4536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11423.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11423.exe
    3⤵
    PID:6104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24701.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24701.exe
    3⤵
    PID:6484
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34861.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34861.exe
  2⤵
  PID:2532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28477.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28477.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15490.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15490.exe
    3⤵
    PID:4992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47162.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47162.exe
    3⤵
    PID:7076
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21955.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21955.exe
  2⤵
  PID:3668
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22518.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22518.exe
  2⤵
  PID:3848
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49022.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49022.exe
  2⤵
  PID:4396
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34873.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34873.exe
  2⤵
  PID:5996
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38702.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38702.exe
  2⤵
  PID:5144

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-22742.exe

Filesize
468KB

MD5
d1440ad4b5685add896931ae2e0fea7c

SHA1
17e4e2194cc37a9c06596df170fe62434ce440d7

SHA256
bb93989bf6f2ce20b0ba87da355e1f55850e65b87eedd41c4271a84ca86f7342

SHA512
6afa668553f7e18d2609ebce36fe9abeea36f8396f4fa459a05e527548745115b0382b8151126284fb39c1eebfb63a2b9f9c981c4e9dd00c5df137654cac1e69

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-275.exe

Filesize
468KB

MD5
074bba1191a1dfcfd3f394d5165785d3

SHA1
8d63a8916c07beaf7cd65fcee0aa6324821af053

SHA256
d68fa47ad83bd9b916b6d96dd799405558db4280eff47fea70e0319c14b21074

SHA512
7cd6a786f2457ce4c175b53a6beb825c97caea69119a9cd1ec007beaa35e3f13bcdb98e365081af2cb39f0be715e079b3b577c65bf0bb62b07a11cd161f4266a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2876.exe

Filesize
468KB

MD5
6683f4db423da718cdd5a5cb034bb438

SHA1
c0f03406b5ecbb5ae820b79e6e1632f7c266ba50

SHA256
6c367ba1502420c47f334f599bc0c56a26eef85a98be754b56acefa23e039eee

SHA512
71b030a3cbdafcdf652043174125a954baa652b8216707ccf383fa3a1c28e6eec32b16b424feea322d5b46cadbeda5a1361bef1e1ba259ee069a05cb7f755bf7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30752.exe

Filesize
468KB

MD5
b4d9bfc07c3f7cd4bd8e94bf270e7a93

SHA1
a2465d1091fda9a5b71f725222a9a2846b343576

SHA256
511913c7cbddd2fb14d533cb21559c7f92b3d11c3f96e5bd3f04321d8b1b6b09

SHA512
d73a6e023f46eec9964f81d1f1aec1fb36f9816257fa6e3b55622bd48183c362097251d8edb18a9a569dae236fe9cbd894f8009b3a7ea3ef9ac1d38f4bf023dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30910.exe

Filesize
468KB

MD5
f064eaef803af029dc318cbf610fd695

SHA1
3357e10c4a153c8aed7fc6de747a86dbafc02458

SHA256
edd167f1185d3c4ef35f98adc47403f3d1673dc0fca4b1bdc54de4ebd02d2f43

SHA512
9b98e5a7553432ccc524db07178a49d6ee5a88a620714501d8cdc5dfa194e4ae5919d6d369dbc073e4cce26b6f254a6cd5a80572dd83a3ee0f2512ce48814f92

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33161.exe

Filesize
468KB

MD5
6ca01e98b9d52ce2168d1f460fa41424

SHA1
dd27b4d45b2c355fe7f8a4b6833669a644690384

SHA256
32dca5a1d65150b037e91dcd241725121d888930ca4861a0e221f970bd93271f

SHA512
921c699952bd6cae650c094945c5113bbcc03582171ccf1eecbbcdc97cc4c81040992c321bfe2e34b9b926ca157bfd4e0badd24e199bee2fe16e8d96cfc21544

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52046.exe

Filesize
468KB

MD5
abc552de1188b48aa9f88bdeda20f522

SHA1
51cbcc03932f87747f6db56d7433505730e1b296

SHA256
5161076c100bf24eab30198e2787972e4d134642055ef2ab1f0839e3da85beb1

SHA512
92362841db63cf944ce01ec302df61f8e0b3fb7c907e8a9635d51dff8851729aca96ce9665f16e43f3685af379b1a2453a6b7739017d98a3628f9e83c4cc04de

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52212.exe

Filesize
468KB

MD5
6f717a68f2d6c73f928c1427eacc405d

SHA1
9abecb184e371a4abbd2cf160b944d90730b6e34

SHA256
4d074b9818363c08d6101b14d6422affcd751c60063e370988ed91f6a9064ec6

SHA512
4436cdf9fced82d03605c7face244b5b49acf796c79d85e7def8c59603df8802aa1c62ce41dcf3fd5b4093b44c214d224f28d49e6036b8bfe623cc39f5ba88ab

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14168.exe

Filesize
468KB

MD5
3a97cf3273e818196447c0e1527d0db5

SHA1
afc853c6f3241be1edc89a6397840766374a088c

SHA256
7535e1cb120a1283d312fdd104938780107b3a86a432a3eae71a05987e0e85e7

SHA512
74544261a54c7884138f51187c735120d62c47d90503448384c9e7207c7d8582847619eff18cedf297c45e5731bf3e97015a403fceab36a2bdec133eac936963

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17506.exe

Filesize
468KB

MD5
b0ef66eebe2340e336b26fef56493347

SHA1
8da91890fc486044a9c05dabe7b9c3ca3c954333

SHA256
a8f30c3cf9ecab40d570bb9f063489616ad9275c3cc326ff5b5c2d7f955972c4

SHA512
2dde1d822916f482456b51bb5aec976987db80843a5eaa3284f6c725430b5646f5141f14888061212747b3e0fff3e7dff04116796d19b56f6bb9ef3a33ae9c3a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2212.exe

Filesize
468KB

MD5
9bd2682eacd21f7ac53eb1a4f2eac3e4

SHA1
1105bf1c6a88559e716266642eda07cf4f6fe518

SHA256
d402429d703e093bb7f8cbf6c015cbcd527f98f8e004ce5951004f9455928970

SHA512
639679ca1833b8da7a619327378a60e22f589053538359b79627c2e3ec0ca4eaa6637cdb6e8d769b4fc83080d66179def64421bbc5803238028eaa59aeee3728

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30645.exe

Filesize
468KB

MD5
dc689b8fa74c9e752a15ad796a4b8872

SHA1
518e8186c94fa34e32d72ce79048d764a1deef00

SHA256
8c281a7a235387ae5b4a7707b6ef8eb0dbcb821eeed3d2514a25a5d671855b3e

SHA512
eeb1344e6f87e86c1fadfa2c5931c3cf4714b74c3c90ff01ae2fb1a770b4fb544a23799e9751f885e3564dbe049963453ee6f8b6b8e4343edf0d9d9ff409d841

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34200.exe

Filesize
468KB

MD5
c8d1687fd439d98ac1e759d9cb132064

SHA1
1a85fe979ac6a5b3bf59efc8964b80955919640a

SHA256
016b46a94009db2e93c54848b658265ddad34a26eef2d6f493a9a3f8a2cfc7d9

SHA512
f964490e24ff04ce8f5916817c78f7eb860e12db14865fa8fc7ea69f9a085ffcfcc1e618846b5c7b777b3ff8bd75956f5f0a12ed1ed1aa9b0b7b445e2e0e691e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3826.exe

Filesize
468KB

MD5
9d8c366b061666e354dae566a75277ff

SHA1
c4fcd3bf31cd4c7131988cb217b557103cf080a6

SHA256
533268f6b2b059176f94681567e17a6f8096861bad4e3581a512aeded4ae18c0

SHA512
681dd01a20e5c6fdd4af349fc33ecfeff1ce04fd4b5ee3e542e2b9e29f1013ec7b6d4cdc1d5326d915a9f4f7b7480123be53e65449b8a2d0034c3557af1b614b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44859.exe

Filesize
468KB

MD5
def2c98d9cdef437ce015ad611fa3b76

SHA1
e06c89600a3cb53afc9d10e16317b51d3e615866

SHA256
c904237f9e79ee6fa2f318d5eb5bafcd0e50bd02b94977bc0fc1a610ba79341c

SHA512
bb13fda944bc0474d58337c66989c3e555ef1a81bbb35a0a3731ead5e5c2d5bd8c6564e537808e2f1022a92617807c1384675451390a6402c47b0c89a509a31c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48299.exe

Filesize
468KB

MD5
37cc64a02e200a1d5b43284b25b26795

SHA1
866d88d8fc7ea8f5d3966d9dea44c7d2fb7fab5d

SHA256
f4d7d6657d5f19b2e3463d5c6e309e38b2c9a329b44f8bf0ef48e9d6ce90a6d0

SHA512
fdc04729add856e54f9244f89a5b5d20e753998601981f42290cc11a5084f8d52c1eb980c9eabfa426d128d539c48f9fee85b81be9d5021122e7ea9c87626192

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49559.exe

Filesize
468KB

MD5
82641d63c9480d614ee0a310e02e8465

SHA1
9cfce6df6367f24908beb7f8b0f7aa8b648c4bd3

SHA256
ec75f9859d285ed76bd9d8dc655d95936d045af68e60977345826ef737469fa1

SHA512
f76d2986449d5fc34548491de35a91da301ab4a93e5e2f67c616a8a2167399c8d8a75df3062ffe251427e05ed414bbd82e20fb8fef158a62008a51e439760fc9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50178.exe

Filesize
468KB

MD5
5ed14e282a808082fb6cafbfed84dd05

SHA1
98c5d5f6badaac4eb344bb4783b2a4d6398c474d

SHA256
bf190556133ebc379ab33b09eeacd55ec202fdc2c7c0ece86e3cc382cce627fc

SHA512
1a2f0ed5ad25c3685089fc663eb62c500ca6f5dece1ac5efd8bb4789a1a21f9748539eff0b842cb4979cef3a2f3bf7de0e50cf8b8da3d14d30bb8f6a826b43c7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56436.exe

Filesize
468KB

MD5
520415bb5791469a1f196b71426c2a40

SHA1
7cc2932c5b7a441d21537fb35f0f20121b8478b0

SHA256
11fab741597a159d61364031cf512f3c7c4c53e2ee55c187c4b3ea79ba0206e0

SHA512
e5104a9aeb9143154f6110168e44ed9db22afe9289befe84a4e977a20b6d80847ca0511aaefe85363c01a50c2a9641830295fd4630ec10e5380968e94e8efe4f

Download Submit
memory/564-254-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/680-26-0x0000000001D20000-0x0000000001D95000-memory.dmp

Filesize
468KB

Download
memory/680-293-0x0000000001D20000-0x0000000001D95000-memory.dmp

Filesize
468KB

Download
memory/680-292-0x0000000001D20000-0x0000000001D95000-memory.dmp

Filesize
468KB

Download
memory/680-353-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/680-180-0x0000000001D20000-0x0000000001D95000-memory.dmp

Filesize
468KB

Download
memory/680-382-0x0000000001D20000-0x0000000001D95000-memory.dmp

Filesize
468KB

Download
memory/680-20-0x00000000028D0000-0x0000000002945000-memory.dmp

Filesize
468KB

Download
memory/680-12-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/680-179-0x0000000001D20000-0x0000000001D95000-memory.dmp

Filesize
468KB

Download
memory/824-397-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/824-416-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/888-299-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1016-166-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1388-298-0x0000000002910000-0x0000000002985000-memory.dmp

Filesize
468KB

Download
memory/1388-163-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1388-300-0x0000000002910000-0x0000000002985000-memory.dmp

Filesize
468KB

Download
memory/1484-319-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1620-374-0x0000000002860000-0x00000000028D5000-memory.dmp

Filesize
468KB

Download
memory/1620-237-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1656-417-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1708-253-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1708-151-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1708-251-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1768-407-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1776-394-0x0000000002870000-0x00000000028E5000-memory.dmp

Filesize
468KB

Download
memory/1776-408-0x0000000002870000-0x00000000028E5000-memory.dmp

Filesize
468KB

Download
memory/1776-223-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1852-411-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1916-282-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1964-192-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1964-198-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1964-362-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1964-361-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2016-121-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2080-265-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2096-363-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2208-384-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2228-375-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2292-320-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2432-301-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2528-330-0x0000000002450000-0x00000000024C5000-memory.dmp

Filesize
468KB

Download
memory/2528-332-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2528-38-0x0000000002450000-0x00000000024C5000-memory.dmp

Filesize
468KB

Download
memory/2528-82-0x0000000002450000-0x00000000024C5000-memory.dmp

Filesize
468KB

Download
memory/2528-383-0x0000000002450000-0x00000000024C5000-memory.dmp

Filesize
468KB

Download
memory/2528-167-0x0000000002450000-0x00000000024C5000-memory.dmp

Filesize
468KB

Download
memory/2528-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2528-13-0x0000000002450000-0x00000000024C5000-memory.dmp

Filesize
468KB

Download
memory/2528-333-0x0000000002450000-0x00000000024C5000-memory.dmp

Filesize
468KB

Download
memory/2528-164-0x0000000002450000-0x00000000024C5000-memory.dmp

Filesize
468KB

Download
memory/2528-11-0x0000000002450000-0x00000000024C5000-memory.dmp

Filesize
468KB

Download
memory/2604-83-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2604-161-0x0000000001D90000-0x0000000001E05000-memory.dmp

Filesize
468KB

Download
memory/2604-162-0x0000000001D90000-0x0000000001E05000-memory.dmp

Filesize
468KB

Download
memory/2604-317-0x0000000001D90000-0x0000000001E05000-memory.dmp

Filesize
468KB

Download
memory/2604-307-0x0000000001D90000-0x0000000001E05000-memory.dmp

Filesize
468KB

Download
memory/2620-165-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2620-415-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2620-322-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2620-61-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2684-181-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2684-277-0x00000000028D0000-0x0000000002945000-memory.dmp

Filesize
468KB

Download
memory/2684-281-0x00000000028D0000-0x0000000002945000-memory.dmp

Filesize
468KB

Download
memory/2732-331-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2752-263-0x00000000021E0000-0x0000000002255000-memory.dmp

Filesize
468KB

Download
memory/2752-72-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2752-257-0x00000000021E0000-0x0000000002255000-memory.dmp

Filesize
468KB

Download
memory/2772-385-0x0000000002370000-0x00000000023E5000-memory.dmp

Filesize
468KB

Download
memory/2772-27-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2772-236-0x0000000002370000-0x00000000023E5000-memory.dmp

Filesize
468KB

Download
memory/2772-231-0x0000000002370000-0x00000000023E5000-memory.dmp

Filesize
468KB

Download
memory/2772-45-0x0000000002370000-0x00000000023E5000-memory.dmp

Filesize
468KB

Download
memory/2772-108-0x0000000002370000-0x00000000023E5000-memory.dmp

Filesize
468KB

Download
memory/2772-376-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2780-334-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2788-426-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2788-150-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2788-271-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2788-425-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2788-393-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2788-272-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2788-66-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2796-355-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2816-409-0x00000000028E0000-0x0000000002955000-memory.dmp

Filesize
468KB

Download
memory/2816-221-0x00000000028E0000-0x0000000002955000-memory.dmp

Filesize
468KB

Download
memory/2816-220-0x00000000028E0000-0x0000000002955000-memory.dmp

Filesize
468KB

Download
memory/2840-273-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2848-418-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2940-308-0x0000000000660000-0x00000000006D5000-memory.dmp

Filesize
468KB

Download
memory/2940-169-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2940-318-0x0000000000660000-0x00000000006D5000-memory.dmp

Filesize
468KB

Download
memory/3008-410-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3008-97-0x0000000002470000-0x00000000024E5000-memory.dmp

Filesize
468KB

Download
memory/3008-211-0x0000000002470000-0x00000000024E5000-memory.dmp

Filesize
468KB

Download
memory/3008-203-0x0000000002470000-0x00000000024E5000-memory.dmp

Filesize
468KB

Download