77c96ad3bc0ec8304c48b24cdfce55e9fc778acc1176adfc72b64e50a9b5ac7c

Analysis

max time kernel
148s
max time network
122s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
20/11/2024, 00:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

77c96ad3bc0ec8304c48b24cdfce55e9fc778acc1176adfc72b64e50a9b5ac7c.exe
Size

468KB
MD5

edc7f3afa6332070261c49cb77abb33c
SHA1

58ef36660bb53d20ed5b565e8e46ccdc23aa0665
SHA256

77c96ad3bc0ec8304c48b24cdfce55e9fc778acc1176adfc72b64e50a9b5ac7c
SHA512

e4113f483ff6e36e2821d5266bdeca5e201ca25fb8cd479511480261100987aa82b5847083caca97e47fdaad72d5aba9e978e875f54768457b5dfc8626e70104
SSDEEP

3072:AGA1ogYnG05ptbYnPz47f8/ECxvPgpXcmHe6Vs/8YXTtMoukQlB:AGCoo8ptkPE7fWcmn8YD2ouk

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2784	Unicorn-59132.exe
2732	Unicorn-30646.exe
2796	Unicorn-10325.exe
2608	Unicorn-24552.exe
3064	Unicorn-44820.exe
2604	Unicorn-63119.exe
2924	Unicorn-11759.exe
2764	Unicorn-13030.exe
2188	Unicorn-46816.exe
2148	Unicorn-51160.exe
1488	Unicorn-23650.exe
2840	Unicorn-43516.exe
2780	Unicorn-43516.exe
2368	Unicorn-32338.exe
2516	Unicorn-26472.exe
2140	Unicorn-1844.exe
2096	Unicorn-64537.exe
1900	Unicorn-3868.exe
2208	Unicorn-55631.exe
860	Unicorn-6053.exe
828	Unicorn-25749.exe
1056	Unicorn-43918.exe
712	Unicorn-171.exe
2432	Unicorn-50415.exe
340	Unicorn-28319.exe
1992	Unicorn-37250.exe
2308	Unicorn-47129.exe
908	Unicorn-52994.exe
2460	Unicorn-31277.exe
2476	Unicorn-24177.exe
2156	Unicorn-11135.exe
2424	Unicorn-61850.exe
1756	Unicorn-29557.exe
2472	Unicorn-30181.exe
1708	Unicorn-45925.exe
2744	Unicorn-33253.exe
2676	Unicorn-31581.exe
2768	Unicorn-7539.exe
2116	Unicorn-20180.exe
2584	Unicorn-47882.exe
1420	Unicorn-36132.exe
2056	Unicorn-57716.exe
2532	Unicorn-27129.exe
1104	Unicorn-36345.exe
1520	Unicorn-40690.exe
1764	Unicorn-60160.exe
584	Unicorn-47099.exe
2396	Unicorn-11520.exe
2376	Unicorn-16913.exe
444	Unicorn-5726.exe
1908	Unicorn-6873.exe
696	Unicorn-6873.exe
1660	Unicorn-54264.exe
2016	Unicorn-729.exe
1888	Unicorn-464.exe
1976	Unicorn-40800.exe
2104	Unicorn-40256.exe
3028	Unicorn-60122.exe
1700	Unicorn-54397.exe
948	Unicorn-57403.exe
2912	Unicorn-11731.exe
1916	Unicorn-59863.exe
3008	Unicorn-5587.exe
1644	Unicorn-2162.exe

Loads dropped DLL 64 IoCs

pid	Process
2656	77c96ad3bc0ec8304c48b24cdfce55e9fc778acc1176adfc72b64e50a9b5ac7c.exe
2656	77c96ad3bc0ec8304c48b24cdfce55e9fc778acc1176adfc72b64e50a9b5ac7c.exe
2784	Unicorn-59132.exe
2656	77c96ad3bc0ec8304c48b24cdfce55e9fc778acc1176adfc72b64e50a9b5ac7c.exe
2656	77c96ad3bc0ec8304c48b24cdfce55e9fc778acc1176adfc72b64e50a9b5ac7c.exe
2784	Unicorn-59132.exe
2732	Unicorn-30646.exe
2732	Unicorn-30646.exe
2656	77c96ad3bc0ec8304c48b24cdfce55e9fc778acc1176adfc72b64e50a9b5ac7c.exe
2656	77c96ad3bc0ec8304c48b24cdfce55e9fc778acc1176adfc72b64e50a9b5ac7c.exe
2796	Unicorn-10325.exe
2796	Unicorn-10325.exe
2784	Unicorn-59132.exe
2784	Unicorn-59132.exe
2608	Unicorn-24552.exe
2608	Unicorn-24552.exe
2732	Unicorn-30646.exe
2732	Unicorn-30646.exe
2604	Unicorn-63119.exe
2604	Unicorn-63119.exe
2796	Unicorn-10325.exe
2924	Unicorn-11759.exe
2796	Unicorn-10325.exe
3064	Unicorn-44820.exe
3064	Unicorn-44820.exe
2924	Unicorn-11759.exe
2656	77c96ad3bc0ec8304c48b24cdfce55e9fc778acc1176adfc72b64e50a9b5ac7c.exe
2784	Unicorn-59132.exe
2656	77c96ad3bc0ec8304c48b24cdfce55e9fc778acc1176adfc72b64e50a9b5ac7c.exe
2784	Unicorn-59132.exe
2764	Unicorn-13030.exe
2764	Unicorn-13030.exe
2608	Unicorn-24552.exe
2608	Unicorn-24552.exe
2188	Unicorn-46816.exe
2188	Unicorn-46816.exe
2732	Unicorn-30646.exe
2732	Unicorn-30646.exe
2148	Unicorn-51160.exe
2148	Unicorn-51160.exe
2604	Unicorn-63119.exe
2604	Unicorn-63119.exe
2780	Unicorn-43516.exe
2780	Unicorn-43516.exe
2368	Unicorn-32338.exe
2368	Unicorn-32338.exe
2924	Unicorn-11759.exe
2924	Unicorn-11759.exe
2656	77c96ad3bc0ec8304c48b24cdfce55e9fc778acc1176adfc72b64e50a9b5ac7c.exe
2656	77c96ad3bc0ec8304c48b24cdfce55e9fc778acc1176adfc72b64e50a9b5ac7c.exe
2516	Unicorn-26472.exe
2516	Unicorn-26472.exe
2796	Unicorn-10325.exe
2796	Unicorn-10325.exe
2784	Unicorn-59132.exe
2784	Unicorn-59132.exe
2840	Unicorn-43516.exe
2840	Unicorn-43516.exe
3064	Unicorn-44820.exe
3064	Unicorn-44820.exe
2096	Unicorn-64537.exe
2096	Unicorn-64537.exe
2608	Unicorn-24552.exe
2608	Unicorn-24552.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3848	1976	WerFault.exe	85

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36029.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54983.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35894.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12640.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12234.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3040.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28106.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50909.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32561.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18298.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20465.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33624.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7465.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22801.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26954.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25749.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11731.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38813.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50301.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16428.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16428.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16428.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51306.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34349.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-171.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3496.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62941.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1805.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24177.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-247.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-240.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12093.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29999.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33956.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3004.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40282.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5322.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45811.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43735.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46816.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32674.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42403.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13939.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27831.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22408.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41985.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3040.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8905.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10616.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14665.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54264.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16428.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52931.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62984.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14469.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13252.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38658.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23650.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30906.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59454.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33624.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18184.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59863.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19135.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2656	77c96ad3bc0ec8304c48b24cdfce55e9fc778acc1176adfc72b64e50a9b5ac7c.exe
2784	Unicorn-59132.exe
2732	Unicorn-30646.exe
2796	Unicorn-10325.exe
2608	Unicorn-24552.exe
2604	Unicorn-63119.exe
3064	Unicorn-44820.exe
2924	Unicorn-11759.exe
2764	Unicorn-13030.exe
2188	Unicorn-46816.exe
2148	Unicorn-51160.exe
2780	Unicorn-43516.exe
2368	Unicorn-32338.exe
1488	Unicorn-23650.exe
2840	Unicorn-43516.exe
2516	Unicorn-26472.exe
2096	Unicorn-64537.exe
2140	Unicorn-1844.exe
2208	Unicorn-55631.exe
1900	Unicorn-3868.exe
860	Unicorn-6053.exe
828	Unicorn-25749.exe
1056	Unicorn-43918.exe
712	Unicorn-171.exe
2432	Unicorn-50415.exe
340	Unicorn-28319.exe
1992	Unicorn-37250.exe
2308	Unicorn-47129.exe
908	Unicorn-52994.exe
2476	Unicorn-24177.exe
2460	Unicorn-31277.exe
2156	Unicorn-11135.exe
2424	Unicorn-61850.exe
1756	Unicorn-29557.exe
2744	Unicorn-33253.exe
1708	Unicorn-45925.exe
2676	Unicorn-31581.exe
2768	Unicorn-7539.exe
2116	Unicorn-20180.exe
1420	Unicorn-36132.exe
2584	Unicorn-47882.exe
2056	Unicorn-57716.exe
2532	Unicorn-27129.exe
1520	Unicorn-40690.exe
1104	Unicorn-36345.exe
1764	Unicorn-60160.exe
2396	Unicorn-11520.exe
584	Unicorn-47099.exe
2376	Unicorn-16913.exe
444	Unicorn-5726.exe
696	Unicorn-6873.exe
1908	Unicorn-6873.exe
1660	Unicorn-54264.exe
2016	Unicorn-729.exe
1888	Unicorn-464.exe
1976	Unicorn-40800.exe
2104	Unicorn-40256.exe
3028	Unicorn-60122.exe
1700	Unicorn-54397.exe
948	Unicorn-57403.exe
2912	Unicorn-11731.exe
1916	Unicorn-59863.exe
3008	Unicorn-5587.exe
1644	Unicorn-2162.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2656 wrote to memory of 2784	2656	77c96ad3bc0ec8304c48b24cdfce55e9fc778acc1176adfc72b64e50a9b5ac7c.exe	30
PID 2656 wrote to memory of 2784	2656	77c96ad3bc0ec8304c48b24cdfce55e9fc778acc1176adfc72b64e50a9b5ac7c.exe	30
PID 2656 wrote to memory of 2784	2656	77c96ad3bc0ec8304c48b24cdfce55e9fc778acc1176adfc72b64e50a9b5ac7c.exe	30
PID 2656 wrote to memory of 2784	2656	77c96ad3bc0ec8304c48b24cdfce55e9fc778acc1176adfc72b64e50a9b5ac7c.exe	30
PID 2656 wrote to memory of 2732	2656	77c96ad3bc0ec8304c48b24cdfce55e9fc778acc1176adfc72b64e50a9b5ac7c.exe	32
PID 2656 wrote to memory of 2732	2656	77c96ad3bc0ec8304c48b24cdfce55e9fc778acc1176adfc72b64e50a9b5ac7c.exe	32
PID 2656 wrote to memory of 2732	2656	77c96ad3bc0ec8304c48b24cdfce55e9fc778acc1176adfc72b64e50a9b5ac7c.exe	32
PID 2656 wrote to memory of 2732	2656	77c96ad3bc0ec8304c48b24cdfce55e9fc778acc1176adfc72b64e50a9b5ac7c.exe	32
PID 2784 wrote to memory of 2796	2784	Unicorn-59132.exe	31
PID 2784 wrote to memory of 2796	2784	Unicorn-59132.exe	31
PID 2784 wrote to memory of 2796	2784	Unicorn-59132.exe	31
PID 2784 wrote to memory of 2796	2784	Unicorn-59132.exe	31
PID 2732 wrote to memory of 2608	2732	Unicorn-30646.exe	33
PID 2732 wrote to memory of 2608	2732	Unicorn-30646.exe	33
PID 2732 wrote to memory of 2608	2732	Unicorn-30646.exe	33
PID 2732 wrote to memory of 2608	2732	Unicorn-30646.exe	33
PID 2656 wrote to memory of 3064	2656	77c96ad3bc0ec8304c48b24cdfce55e9fc778acc1176adfc72b64e50a9b5ac7c.exe	34
PID 2656 wrote to memory of 3064	2656	77c96ad3bc0ec8304c48b24cdfce55e9fc778acc1176adfc72b64e50a9b5ac7c.exe	34
PID 2656 wrote to memory of 3064	2656	77c96ad3bc0ec8304c48b24cdfce55e9fc778acc1176adfc72b64e50a9b5ac7c.exe	34
PID 2656 wrote to memory of 3064	2656	77c96ad3bc0ec8304c48b24cdfce55e9fc778acc1176adfc72b64e50a9b5ac7c.exe	34
PID 2796 wrote to memory of 2604	2796	Unicorn-10325.exe	35
PID 2796 wrote to memory of 2604	2796	Unicorn-10325.exe	35
PID 2796 wrote to memory of 2604	2796	Unicorn-10325.exe	35
PID 2796 wrote to memory of 2604	2796	Unicorn-10325.exe	35
PID 2784 wrote to memory of 2924	2784	Unicorn-59132.exe	36
PID 2784 wrote to memory of 2924	2784	Unicorn-59132.exe	36
PID 2784 wrote to memory of 2924	2784	Unicorn-59132.exe	36
PID 2784 wrote to memory of 2924	2784	Unicorn-59132.exe	36
PID 2608 wrote to memory of 2764	2608	Unicorn-24552.exe	37
PID 2608 wrote to memory of 2764	2608	Unicorn-24552.exe	37
PID 2608 wrote to memory of 2764	2608	Unicorn-24552.exe	37
PID 2608 wrote to memory of 2764	2608	Unicorn-24552.exe	37
PID 2732 wrote to memory of 2188	2732	Unicorn-30646.exe	38
PID 2732 wrote to memory of 2188	2732	Unicorn-30646.exe	38
PID 2732 wrote to memory of 2188	2732	Unicorn-30646.exe	38
PID 2732 wrote to memory of 2188	2732	Unicorn-30646.exe	38
PID 2604 wrote to memory of 2148	2604	Unicorn-63119.exe	39
PID 2604 wrote to memory of 2148	2604	Unicorn-63119.exe	39
PID 2604 wrote to memory of 2148	2604	Unicorn-63119.exe	39
PID 2604 wrote to memory of 2148	2604	Unicorn-63119.exe	39
PID 2796 wrote to memory of 1488	2796	Unicorn-10325.exe	40
PID 2796 wrote to memory of 1488	2796	Unicorn-10325.exe	40
PID 2796 wrote to memory of 1488	2796	Unicorn-10325.exe	40
PID 2796 wrote to memory of 1488	2796	Unicorn-10325.exe	40
PID 3064 wrote to memory of 2840	3064	Unicorn-44820.exe	42
PID 3064 wrote to memory of 2840	3064	Unicorn-44820.exe	42
PID 3064 wrote to memory of 2840	3064	Unicorn-44820.exe	42
PID 3064 wrote to memory of 2840	3064	Unicorn-44820.exe	42
PID 2924 wrote to memory of 2780	2924	Unicorn-11759.exe	41
PID 2924 wrote to memory of 2780	2924	Unicorn-11759.exe	41
PID 2924 wrote to memory of 2780	2924	Unicorn-11759.exe	41
PID 2924 wrote to memory of 2780	2924	Unicorn-11759.exe	41
PID 2656 wrote to memory of 2368	2656	77c96ad3bc0ec8304c48b24cdfce55e9fc778acc1176adfc72b64e50a9b5ac7c.exe	43
PID 2656 wrote to memory of 2368	2656	77c96ad3bc0ec8304c48b24cdfce55e9fc778acc1176adfc72b64e50a9b5ac7c.exe	43
PID 2656 wrote to memory of 2368	2656	77c96ad3bc0ec8304c48b24cdfce55e9fc778acc1176adfc72b64e50a9b5ac7c.exe	43
PID 2656 wrote to memory of 2368	2656	77c96ad3bc0ec8304c48b24cdfce55e9fc778acc1176adfc72b64e50a9b5ac7c.exe	43
PID 2784 wrote to memory of 2516	2784	Unicorn-59132.exe	44
PID 2784 wrote to memory of 2516	2784	Unicorn-59132.exe	44
PID 2784 wrote to memory of 2516	2784	Unicorn-59132.exe	44
PID 2784 wrote to memory of 2516	2784	Unicorn-59132.exe	44
PID 2764 wrote to memory of 2140	2764	Unicorn-13030.exe	45
PID 2764 wrote to memory of 2140	2764	Unicorn-13030.exe	45
PID 2764 wrote to memory of 2140	2764	Unicorn-13030.exe	45
PID 2764 wrote to memory of 2140	2764	Unicorn-13030.exe	45

C:\Users\Admin\AppData\Local\Temp\77c96ad3bc0ec8304c48b24cdfce55e9fc778acc1176adfc72b64e50a9b5ac7c.exe
"C:\Users\Admin\AppData\Local\Temp\77c96ad3bc0ec8304c48b24cdfce55e9fc778acc1176adfc72b64e50a9b5ac7c.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2656
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59132.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59132.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10325.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10325.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63119.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63119.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51160.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6053.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7539.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44849.exe
        8⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32286.exe
        9⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8425.exe
        8⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49775.exe
        8⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42403.exe
        8⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32147.exe
        8⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7483.exe
        8⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44676.exe
        8⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9623.exe
        7⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9872.exe
        7⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37037.exe
        8⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54842.exe
        8⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40282.exe
        8⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55194.exe
        8⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50277.exe
        8⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48574.exe
        7⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-240.exe
        7⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62941.exe
        7⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33624.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51676.exe
        7⤵
        
        PID:5444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20180.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25317.exe
        7⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16428.exe
        7⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30906.exe
        7⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8905.exe
        7⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13939.exe
        7⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34144.exe
        7⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1805.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39826.exe
        6⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58977.exe
        7⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37173.exe
        7⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40282.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17283.exe
        7⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1805.exe
        7⤵
        
        PID:6644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5024.exe
        6⤵
        
        PID:3500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24008.exe
        6⤵
        
        PID:3156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47754.exe
        6⤵
        
        PID:4800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10616.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28858.exe
        6⤵
        
        PID:5868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44676.exe
        6⤵
        
        PID:6928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25749.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47882.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32561.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12640.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42750.exe
        8⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9842.exe
        7⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42709.exe
        7⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2819.exe
        7⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-835.exe
        7⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7769.exe
        7⤵
        
        PID:5696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1837.exe
        6⤵
        
        PID:2648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30163.exe
        6⤵
        
        PID:2092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24008.exe
        6⤵
        
        PID:3192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47754.exe
        6⤵
        
        PID:4792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14469.exe
        6⤵
        
        PID:4968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12093.exe
        6⤵
        
        PID:5232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18184.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36132.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5785.exe
        6⤵
        
        PID:2028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52049.exe
        6⤵
        
        PID:3752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50909.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31616.exe
        6⤵
        
        PID:4388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34349.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45811.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10794.exe
        5⤵
        
        PID:1552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62984.exe
        5⤵
        
        PID:3704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31573.exe
        5⤵
        
        PID:3604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14469.exe
        5⤵
        
        PID:4896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12093.exe
        5⤵
        
        PID:5992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21619.exe
        5⤵
        
        PID:5436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23650.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23650.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36345.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34848.exe
        6⤵
        
        PID:264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16428.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30906.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48644.exe
        6⤵
        
        PID:4432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32147.exe
        6⤵
        
        PID:4740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34193.exe
        6⤵
        
        PID:5972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40476.exe
        6⤵
        
        PID:6896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33956.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36029.exe
        5⤵
        
        PID:1680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28106.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49241.exe
        5⤵
        
        PID:4436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14469.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12093.exe
        5⤵
        
        PID:5256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18184.exe
        5⤵
        
        PID:6192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47129.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47129.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6873.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9375.exe
        6⤵
        
        PID:3468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26808.exe
        6⤵
        
        PID:3236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7418.exe
        6⤵
        
        PID:4844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13939.exe
        6⤵
        
        PID:4832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16558.exe
        6⤵
        
        PID:6040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39269.exe
        6⤵
        
        PID:5712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43813.exe
        5⤵
        
        PID:2132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-247.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58414.exe
        5⤵
        
        PID:4156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13939.exe
        5⤵
        
        PID:4840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16558.exe
        5⤵
        
        PID:6080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57198.exe
        5⤵
        
        PID:5396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-464.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-464.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21703.exe
        5⤵
        
        PID:1352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54983.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28020.exe
        6⤵
        
        PID:5060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22946.exe
        6⤵
        
        PID:5496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7465.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16428.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30906.exe
        5⤵
        
        PID:3152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8905.exe
        5⤵
        
        PID:4676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13939.exe
        5⤵
        
        PID:4176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16558.exe
        5⤵
        
        PID:6132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60067.exe
        5⤵
        
        PID:7056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12772.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12772.exe
      4⤵
      PID:916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51837.exe
        5⤵
        
        PID:3588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54907.exe
        5⤵
        
        PID:5572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31569.exe
        5⤵
        
        PID:5676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10828.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10828.exe
      4⤵
      PID:2392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28637.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28637.exe
      4⤵
      PID:3140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44776.exe
      4⤵
      PID:4516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9481.exe
      4⤵
      PID:4184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5322.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5322.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64277.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64277.exe
      4⤵
      PID:6768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11759.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11759.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43516.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43516.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43918.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57716.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25317.exe
        7⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16428.exe
        7⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53149.exe
        7⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8905.exe
        7⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13939.exe
        7⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59454.exe
        7⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22408.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49152.exe
        6⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36294.exe
        7⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39413.exe
        7⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3040.exe
        7⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31616.exe
        7⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38658.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1805.exe
        7⤵
        
        PID:6660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30163.exe
        6⤵
        
        PID:2568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36772.exe
        6⤵
        
        PID:4028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-240.exe
        6⤵
        
        PID:4416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32147.exe
        6⤵
        
        PID:4224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34193.exe
        6⤵
        
        PID:6000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40476.exe
        6⤵
        
        PID:6752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27129.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26432.exe
        6⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28285.exe
        7⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12011.exe
        7⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4945.exe
        7⤵
        
        PID:5876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8425.exe
        6⤵
        
        PID:1688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57806.exe
        6⤵
        
        PID:2260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42403.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62941.exe
        6⤵
        
        PID:5000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10982.exe
        6⤵
        
        PID:6096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-878.exe
        6⤵
        
        PID:6292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8760.exe
        5⤵
        
        PID:1028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28026.exe
        5⤵
        
        PID:1076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39430.exe
        6⤵
        
        PID:3304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51444.exe
        6⤵
        
        PID:4424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22605.exe
        6⤵
        
        PID:4944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33093.exe
        6⤵
        
        PID:6072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33765.exe
        6⤵
        
        PID:5584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51306.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59472.exe
        5⤵
        
        PID:2256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10616.exe
        5⤵
        
        PID:3488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28858.exe
        5⤵
        
        PID:5728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44676.exe
        5⤵
        
        PID:6944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50415.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50415.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60122.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19075.exe
        6⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34724.exe
        7⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13073.exe
        7⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1553.exe
        7⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31616.exe
        7⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38658.exe
        7⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1805.exe
        7⤵
        
        PID:6844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52049.exe
        6⤵
        
        PID:3744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13270.exe
        6⤵
        
        PID:1540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31616.exe
        6⤵
        
        PID:4328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38658.exe
        6⤵
        
        PID:5380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1805.exe
        6⤵
        
        PID:6672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8425.exe
        5⤵
        
        PID:1156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27669.exe
        6⤵
        
        PID:7072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11124.exe
        5⤵
        
        PID:3912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42403.exe
        5⤵
        
        PID:5112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62941.exe
        5⤵
        
        PID:5068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33624.exe
        5⤵
        
        PID:5884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10841.exe
        5⤵
        
        PID:1360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54397.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54397.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52931.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39413.exe
        5⤵
        
        PID:3240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3040.exe
        5⤵
        
        PID:4636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31616.exe
        5⤵
        
        PID:3528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38658.exe
        5⤵
        
        PID:5824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1805.exe
        5⤵
        
        PID:6912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28026.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28026.exe
      4⤵
      PID:3016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62984.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62984.exe
      4⤵
      PID:3680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33213.exe
      4⤵
      PID:4104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14469.exe
      4⤵
      PID:4960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47671.exe
      4⤵
      PID:5784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53336.exe
      4⤵
      PID:5968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26472.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26472.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37250.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11520.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21703.exe
        6⤵
        
        PID:2996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16428.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30906.exe
        6⤵
        
        PID:3120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8905.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13939.exe
        6⤵
        
        PID:3544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59454.exe
        6⤵
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22408.exe
        6⤵
        
        PID:6404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7338.exe
        5⤵
        
        PID:1776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30163.exe
        5⤵
        
        PID:2724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37365.exe
        5⤵
        
        PID:3476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10616.exe
        5⤵
        
        PID:3760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28858.exe
        5⤵
        
        PID:5860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24037.exe
        5⤵
        
        PID:6876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5726.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5726.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40087.exe
        5⤵
        
        PID:1632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16428.exe
        5⤵
        
        PID:1408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30906.exe
        5⤵
        
        PID:2928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14469.exe
        5⤵
        
        PID:4904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54988.exe
        5⤵
        
        PID:6104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17919.exe
        5⤵
        
        PID:5620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19186.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19186.exe
      4⤵
      PID:2480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31250.exe
        5⤵
        
        PID:5204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27831.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4075.exe
        5⤵
        
        PID:6744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36029.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36029.exe
      4⤵
      PID:2184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7473.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7473.exe
      4⤵
      PID:3200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64820.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64820.exe
      4⤵
      PID:4812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58475.exe
      4⤵
      PID:4444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6758.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6758.exe
      4⤵
      PID:5400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22384.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22384.exe
      4⤵
      PID:6184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52994.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52994.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31532.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31532.exe
      4⤵
      PID:2588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9988.exe
        5⤵
        
        PID:3608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29999.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24678.exe
        5⤵
        
        PID:6396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22160.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22160.exe
      4⤵
      PID:920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43735.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59971.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59971.exe
      4⤵
      PID:3116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15706.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15706.exe
      4⤵
      PID:3612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32147.exe
      4⤵
      PID:4192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34193.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34193.exe
      4⤵
      PID:5760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40476.exe
      4⤵
      PID:6688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54264.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54264.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36407.exe
      4⤵
      PID:3324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51733.exe
      4⤵
      PID:4272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40282.exe
      4⤵
      PID:4568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55194.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55194.exe
      4⤵
      PID:5892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50277.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50277.exe
      4⤵
      PID:7020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27894.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27894.exe
    3⤵
    PID:636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7106.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7106.exe
    3⤵
    PID:3980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39441.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39441.exe
    3⤵
    PID:4532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57341.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57341.exe
    3⤵
    PID:4572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26118.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26118.exe
    3⤵
    PID:5372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41985.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41985.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6264
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30646.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30646.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24552.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24552.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13030.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13030.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1844.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57403.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12751.exe
        7⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3129.exe
        7⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8905.exe
        7⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13939.exe
        7⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59454.exe
        7⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44785.exe
        7⤵
        
        PID:5632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4929.exe
        6⤵
        
        PID:2388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6112.exe
        6⤵
        
        PID:3728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10470.exe
        6⤵
        
        PID:2488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62941.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10982.exe
        6⤵
        
        PID:5300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-878.exe
        6⤵
        
        PID:6376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29557.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1117.exe
        6⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27415.exe
        7⤵
        
        PID:7116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8425.exe
        6⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30278.exe
        7⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60986.exe
        7⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40282.exe
        7⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55194.exe
        7⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50277.exe
        7⤵
        
        PID:6988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1747.exe
        6⤵
        
        PID:4012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19135.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13939.exe
        6⤵
        
        PID:4856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16558.exe
        6⤵
        
        PID:5188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45050.exe
        6⤵
        
        PID:6216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59634.exe
        6⤵
        
        PID:6392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5096.exe
        5⤵
        
        PID:880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28026.exe
        5⤵
        
        PID:556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8324.exe
        5⤵
        
        PID:3888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42933.exe
        5⤵
        
        PID:5092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57029.exe
        5⤵
        
        PID:5248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5322.exe
        5⤵
        
        PID:5856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64277.exe
        5⤵
        
        PID:6776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64537.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64537.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11135.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11731.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35008.exe
        7⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3004.exe
        7⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35894.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53185.exe
        7⤵
        
        PID:6228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8425.exe
        6⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33959.exe
        7⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44259.exe
        7⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4075.exe
        7⤵
        
        PID:6904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20465.exe
        6⤵
        
        PID:3992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19135.exe
        6⤵
        
        PID:2644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13939.exe
        6⤵
        
        PID:4172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16558.exe
        6⤵
        
        PID:5196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45050.exe
        6⤵
        
        PID:6256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59863.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3587.exe
        6⤵
        
        PID:3812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3040.exe
        6⤵
        
        PID:4628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31616.exe
        6⤵
        
        PID:4368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38658.exe
        6⤵
        
        PID:5928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1805.exe
        6⤵
        
        PID:6736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22160.exe
        5⤵
        
        PID:2880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6112.exe
        5⤵
        
        PID:3672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49749.exe
        5⤵
        
        PID:4164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62941.exe
        5⤵
        
        PID:3548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33624.exe
        5⤵
        
        PID:5240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29300.exe
        5⤵
        
        PID:2496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61850.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5587.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34483.exe
        6⤵
        
        PID:5304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21187.exe
        6⤵
        
        PID:5588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4075.exe
        6⤵
        
        PID:6880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8425.exe
        5⤵
        
        PID:2008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56214.exe
        6⤵
        
        PID:6516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20465.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24372.exe
        5⤵
        
        PID:3924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13939.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59454.exe
        5⤵
        
        PID:5332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22408.exe
        5⤵
        
        PID:6352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2162.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2162.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35328.exe
        5⤵
        
        PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34854.exe
        5⤵
        
        PID:3248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31425.exe
        5⤵
        
        PID:4244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31616.exe
        5⤵
        
        PID:4280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38658.exe
        5⤵
        
        PID:5340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1805.exe
        5⤵
        
        PID:6852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19360.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19360.exe
      4⤵
      PID:1628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35864.exe
        5⤵
        
        PID:4336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42949.exe
        5⤵
        
        PID:4196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48831.exe
        5⤵
        
        PID:5844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22801.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57326.exe
      4⤵
      PID:3900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16236.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16236.exe
      4⤵
      PID:3936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5281.exe
      4⤵
      PID:3332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33058.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33058.exe
      4⤵
      PID:5796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16941.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16941.exe
      4⤵
      PID:6720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46816.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46816.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3868.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3868.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33253.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34672.exe
        6⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3587.exe
        7⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3040.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22605.exe
        7⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33093.exe
        7⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28347.exe
        7⤵
        
        PID:5608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8425.exe
        6⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19581.exe
        7⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54842.exe
        7⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40282.exe
        7⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55194.exe
        7⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50277.exe
        7⤵
        
        PID:6996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18631.exe
        6⤵
        
        PID:932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19135.exe
        6⤵
        
        PID:3336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13939.exe
        6⤵
        
        PID:4116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59454.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44785.exe
        6⤵
        
        PID:5648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46789.exe
        5⤵
        
        PID:2404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9578.exe
        6⤵
        
        PID:3484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28020.exe
        6⤵
        
        PID:5044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-305.exe
        6⤵
        
        PID:5544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12234.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22160.exe
        5⤵
        
        PID:3036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12318.exe
        6⤵
        
        PID:3776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10459.exe
        6⤵
        
        PID:4524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40282.exe
        6⤵
        
        PID:4600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55194.exe
        6⤵
        
        PID:6016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63805.exe
        6⤵
        
        PID:6788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6112.exe
        5⤵
        
        PID:3696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48109.exe
        5⤵
        
        PID:3340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32147.exe
        5⤵
        
        PID:4240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7483.exe
        5⤵
        
        PID:5568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44676.exe
        5⤵
        
        PID:6920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31581.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31581.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40087.exe
        5⤵
        
        PID:1772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16428.exe
        5⤵
        
        PID:536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30906.exe
        5⤵
        
        PID:3988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8905.exe
        5⤵
        
        PID:4732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13939.exe
        5⤵
        
        PID:4484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16558.exe
        5⤵
        
        PID:6064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10742.exe
        5⤵
        
        PID:5592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6427.exe
      4⤵
      PID:1988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36029.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36029.exe
      4⤵
      PID:2820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7473.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7473.exe
      4⤵
      PID:3148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63891.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63891.exe
      4⤵
      PID:5048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50383.exe
      4⤵
      PID:5640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45546.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45546.exe
      4⤵
      PID:5664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55631.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55631.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30181.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30181.exe
      4⤵
      Executes dropped EXE
      PID:2472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21703.exe
        5⤵
        
        PID:644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16428.exe
        5⤵
        
        PID:1592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30906.exe
        5⤵
        
        PID:4052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8905.exe
        5⤵
        
        PID:4700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21394.exe
        5⤵
        
        PID:4596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32147.exe
        5⤵
        
        PID:4252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34193.exe
        5⤵
        
        PID:5920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40476.exe
        5⤵
        
        PID:6796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61230.exe
      4⤵
      PID:2380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30163.exe
      4⤵
      PID:2776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36772.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36772.exe
      4⤵
      PID:3952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-240.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-240.exe
      4⤵
      PID:4476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62941.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62941.exe
      4⤵
      PID:3408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46561.exe
      4⤵
      PID:5828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29398.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29398.exe
      4⤵
      PID:5296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45925.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45925.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17371.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17371.exe
      4⤵
      PID:2492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25317.exe
        5⤵
        
        PID:1400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15038.exe
        6⤵
        
        PID:2836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3004.exe
        6⤵
        
        PID:4548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13252.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30544.exe
        6⤵
        
        PID:6424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16428.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30906.exe
        5⤵
        
        PID:4068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8905.exe
        5⤵
        
        PID:4708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15081.exe
        5⤵
        
        PID:4216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55724.exe
        5⤵
        
        PID:5744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45811.exe
        5⤵
        
        PID:6836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5451.exe
      4⤵
      PID:3024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30163.exe
      4⤵
      PID:2440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36772.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36772.exe
      4⤵
      PID:3968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-240.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-240.exe
      4⤵
      PID:4584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62941.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62941.exe
      4⤵
      PID:4020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33624.exe
      4⤵
      PID:5212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23519.exe
      4⤵
      PID:5492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4460.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4460.exe
    3⤵
    PID:1624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59954.exe
      4⤵
      PID:4776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34416.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34416.exe
      4⤵
      PID:4312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63859.exe
      4⤵
      PID:5852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1275.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1275.exe
      4⤵
      PID:6864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2825.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2825.exe
    3⤵
    PID:1564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23284.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23284.exe
      4⤵
      PID:3564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54842.exe
      4⤵
      PID:4496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40282.exe
      4⤵
      PID:4268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55194.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55194.exe
      4⤵
      PID:5932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50277.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50277.exe
      4⤵
      PID:7012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29439.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29439.exe
    3⤵
    PID:4040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28748.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28748.exe
    3⤵
    PID:4128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53140.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53140.exe
    3⤵
    PID:4380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53853.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53853.exe
    3⤵
    PID:5348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-429.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-429.exe
    3⤵
    PID:1252
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44820.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44820.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43516.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43516.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31277.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31277.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-729.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3587.exe
        6⤵
        
        PID:3800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3040.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31616.exe
        6⤵
        
        PID:4884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38658.exe
        6⤵
        
        PID:5936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1805.exe
        6⤵
        
        PID:6680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8425.exe
        5⤵
        
        PID:2888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16040.exe
        6⤵
        
        PID:3160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26808.exe
        6⤵
        
        PID:3292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19354.exe
        6⤵
        
        PID:5024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49306.exe
        6⤵
        
        PID:5552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29300.exe
        6⤵
        
        PID:5708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30163.exe
        5⤵
        
        PID:2580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36772.exe
        5⤵
        
        PID:3960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-240.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62941.exe
        5⤵
        
        PID:4828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33624.exe
        5⤵
        
        PID:6048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26954.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40256.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40256.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18505.exe
        5⤵
        
        PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39413.exe
        5⤵
        
        PID:3256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57309.exe
        5⤵
        
        PID:4508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13939.exe
        5⤵
        
        PID:4344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16558.exe
        5⤵
        
        PID:6140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45050.exe
        5⤵
        
        PID:6200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22160.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22160.exe
      4⤵
      PID:524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20933.exe
        5⤵
        
        PID:6252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6112.exe
      4⤵
      PID:3720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48109.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48109.exe
      4⤵
      PID:3352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62941.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62941.exe
      4⤵
      PID:988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10071.exe
      4⤵
      PID:5768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29398.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29398.exe
      4⤵
      PID:5388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24177.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24177.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47099.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25317.exe
        5⤵
        
        PID:1016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63577.exe
        6⤵
        
        PID:3440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3004.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35894.exe
        6⤵
        
        PID:5960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15805.exe
        6⤵
        
        PID:5516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16428.exe
        5⤵
        
        PID:1664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30906.exe
        5⤵
        
        PID:2084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8905.exe
        5⤵
        
        PID:4652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13939.exe
        5⤵
        
        PID:4868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29495.exe
        5⤵
        
        PID:5808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14665.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18298.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18298.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5024.exe
      4⤵
      PID:3508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24008.exe
      4⤵
      PID:3280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47754.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47754.exe
      4⤵
      PID:4784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14469.exe
      4⤵
      PID:4932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54988.exe
      4⤵
      PID:5352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46606.exe
      4⤵
      PID:5656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16913.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16913.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6377.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6377.exe
      4⤵
      PID:3856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38813.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38813.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16739.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16739.exe
      4⤵
      PID:4772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41759.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41759.exe
      4⤵
      PID:6004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50301.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50301.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3496.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3496.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62984.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62984.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64708.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64708.exe
    3⤵
    PID:1712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14469.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14469.exe
    3⤵
    PID:4908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12093.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12093.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18184.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18184.exe
    3⤵
    PID:6208
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32338.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32338.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-171.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-171.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40690.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40690.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53739.exe
        5⤵
        
        PID:2168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51639.exe
        5⤵
        
        PID:3204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26808.exe
        5⤵
        
        PID:3232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19354.exe
        5⤵
        
        PID:5032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6411.exe
        5⤵
        
        PID:5508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2675.exe
        5⤵
        
        PID:2216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26090.exe
      4⤵
      PID:2976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64696.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64696.exe
      4⤵
      PID:3516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32674.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64290.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64290.exe
      4⤵
      PID:4820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62941.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62941.exe
      4⤵
      PID:4988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33624.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23519.exe
      4⤵
      PID:6148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60160.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60160.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21703.exe
      4⤵
      PID:872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16428.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16428.exe
      4⤵
      PID:1100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30906.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30906.exe
      4⤵
      PID:4088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8905.exe
      4⤵
      PID:4684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15081.exe
      4⤵
      PID:4304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55724.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55724.exe
      4⤵
      PID:5736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45811.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45811.exe
      4⤵
      PID:6828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15572.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15572.exe
    3⤵
    PID:2444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21711.exe
      4⤵
      PID:4256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47021.exe
      4⤵
      PID:5540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47320.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47320.exe
      4⤵
      PID:6160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36029.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36029.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28106.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28106.exe
    3⤵
    PID:4036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49241.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49241.exe
    3⤵
    PID:4404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14469.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14469.exe
    3⤵
    PID:4916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23133.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23133.exe
    3⤵
    PID:5720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44676.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44676.exe
    3⤵
    PID:6652
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28319.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28319.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6873.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6873.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40087.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40087.exe
      4⤵
      PID:1328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16428.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16428.exe
      4⤵
      PID:2984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30906.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30906.exe
      4⤵
      PID:3136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8905.exe
      4⤵
      PID:4660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13939.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13939.exe
      4⤵
      PID:4872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59454.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59454.exe
      4⤵
      PID:5324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22408.exe
      4⤵
      PID:6412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20221.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20221.exe
    3⤵
    PID:3012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30163.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30163.exe
    3⤵
    PID:2332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36772.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36772.exe
    3⤵
    PID:3944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-240.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-240.exe
    3⤵
    PID:4540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62941.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62941.exe
    3⤵
    PID:3532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11122.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11122.exe
    3⤵
    PID:5628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40476.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40476.exe
    3⤵
    PID:6696
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40800.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40800.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1976
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 216
    3⤵
    - Program crash
    PID:3848
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19890.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19890.exe
  2⤵
  PID:1656
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41983.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41983.exe
  2⤵
  PID:3768
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49671.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49671.exe
  2⤵
  PID:2720
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47282.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47282.exe
  2⤵
  PID:3908
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52659.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52659.exe
  2⤵
  PID:5752
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14140.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14140.exe
  2⤵
  PID:6888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-52994.exe

Filesize
468KB

MD5
a13d58e9533419bdcff561bfa39173f8

SHA1
38fb65351005d899a6c9f189185daab9fcd96f3b

SHA256
d68b14f3eb64aa72f96d8070fe670b1aa6869cb0d2ff58ddb8f3db908a5d00a7

SHA512
77cd616ae1fe11a3de9151b38e25360ccfbd7f773806cff0164b998f6713a32bf211f3e801ea488ecc53572df6d4a3ce9c67d66a24a25b66942fa2a05097c8d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5587.exe

Filesize
468KB

MD5
9b3fed634bc6ca6eaba3a43076bb7a89

SHA1
3605da0138166d85be140d6b34059a6c115792b3

SHA256
955f70b52e184f803cf0443a7033a5ddd332ace81a3cf595fc13e9f8cfb0612c

SHA512
26addd8d7193d2522c6895e5399cdc7341cec502035a7b93c71f3394217ba700f58db714ca4f8b4d442e352b19bc270b623f61780fdcb2b96ffce60f9eab777c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63119.exe

Filesize
468KB

MD5
d95d8ff1ad98ab1fadd242251ad54b58

SHA1
cd09f478eade52fe91273764f3e75ecfe2ff26de

SHA256
2577b3fef62f9938e8d09b5f74a74ca6734aa4968458e63731c590b6b22683e4

SHA512
43ccae4b8ddd495ee0ee0a882de395bfaffddc69f949289ec7d6437576065784daa54b58c4d2162fabcb2419f371b0d4be9a3fc1b304d4ec9077cb567de9ce74

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64537.exe

Filesize
468KB

MD5
471362e3664702d265b5fa9e5300eb94

SHA1
436a34cf8633d815c1855b51e97c627beaa23acf

SHA256
00d07b1880badede855410a80a5450b4a0ae1da6c7e20443be2afac8c57b6cea

SHA512
86f625b886f839f80a4d5a27f573366ee499e108162aa709df8c1a2f59245b0e9ee90a7754271d1584519dede9f1aeec8ab4bf7203ed4c6eb66a7078fbe3bde5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10325.exe

Filesize
468KB

MD5
2cb287404eb162dfb6b3e38f65ad316c

SHA1
ff655431b96832bc6f9adbe53eacda1a84f7b4b9

SHA256
af6e8c28ba7e8c5d7f891a2fc5cee3d26bde1a5c018290777ee77ed2e0b28983

SHA512
0c3fbc85685aea807ce61b838657f54e99c0fbdb693eae7be18324b01fbf30be6539c4a02515bfc64546eb29273e6650e71485205c5ec46775cf02b7b58677e9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11759.exe

Filesize
468KB

MD5
99b7613e3eb4c5471c5fa70414368e0d

SHA1
2b6e6820e9e3ddd5d58dd981268cf14199d19247

SHA256
35f3ee4a269a3cbeeb1234f74adf2073e9b41a72a6463e600ac2a910d0ea27c8

SHA512
4ebaf52934c24c7e398f3cfcfca39ce3071b6433fb56e3c5e6c24d4ecfe3c0f2d3b39ea1bb96d2e5e852227ae341362fdf2d28942340f22c1a13c71e9b353076

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13030.exe

Filesize
468KB

MD5
72ba8500b8f491d7899e4f09dd854ce9

SHA1
e601b5cf13aa6acf21cc72d008ae9a270e17f109

SHA256
92b23cc869f740b5705b2a07cfe3edfb6d2a393129a3da5009aa6cad892717a5

SHA512
9e5db40dfd7653701bb5de24e50a03b86115551c768dd7701b019a803d664c4e7deabdeb5570737bafbae471ca15b343977c981cb17c99bcf90bfed822b2dd22

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1844.exe

Filesize
468KB

MD5
5c7b8c365e7648a4b70ea0c815ff40d7

SHA1
3c4831280f6f9427da087296f9084f2a2a7da5de

SHA256
d9161e84e5761d85988e7994bce38522da5d5283d5283b3ad6b9f615c3e7c714

SHA512
f3f2f7d301f1e08795de07dcd87276e68a7a53c699345240107f60fbfa139141af8b02a176ceb24eac0200dbf79a1ddebc157075d8d63f303ef1bb89d4eadfc5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23650.exe

Filesize
468KB

MD5
6e7fe84dec7a76d1e37702c2520452bb

SHA1
754a3ff9975731b2c3b26c341618f7938675dc56

SHA256
da4e4f3886d2e20597d4b9c73027bf948c64f5478b6b1306cec16248647a8a7a

SHA512
42c38a3d6570188826422cf22e5e6558bb9950c20fd0f8e21b6b75a9c03a344f205075159113e91c04b336aeb50913f261450244e41c4bdd4f96810bb2bfac00

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24552.exe

Filesize
468KB

MD5
31f4f9a9e88195be49c40256344bd47b

SHA1
46352ce66692eba9aa8dfb25eb60c07673cd6277

SHA256
87dbc1185f97c953572af6a071311b693cc23416c84e03bb2e4406b60ddecd71

SHA512
f95cfcfb06bc2ff0d97806843730bd61afecce29894efd6569010712e0acd66c1f11c8bcb3a019be1e982cd6a004c4b01a096af72d5675b7a7910c35a7f010f7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26472.exe

Filesize
468KB

MD5
681270f4d12e84d6748f35dce146221b

SHA1
827daa99f7c5d1d11ec986e673e2e0e5a9393d78

SHA256
2945ec8ca0849aa2a9da9653c5f8c58d85c13bf483983ad8df5d282ac057beca

SHA512
b47b8f68bf88a756806039621a802f8b760f246bd0ec5d11cce455988c50a49b7e3b552ea977ca366686030a3b955c906976bcc836fb5541dc1e853e86e1e83d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30646.exe

Filesize
468KB

MD5
9703c0e19e05a8b172f74ab5fd6e7bce

SHA1
10f6c6659d82d52e6d6e79474c8a84413069abb8

SHA256
473a1cd0689984eea5d8e6126fb6081b152682d987a5856902c769b5c23d7586

SHA512
8df31c6b9ba28cc550c60c9125021a5bcf96c66282a3a14905a672b18852e7dfa1c5a7085347ae2e7e2913e5041fa8b4a4580e77cd5559e9dff1455d94a82381

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32338.exe

Filesize
468KB

MD5
f36e9a176030b9dacc5f38b0c5cd8cf6

SHA1
350e253d848856badfa3771eb43e1a270cf43f90

SHA256
ba8f8b0f2b42ce5834bdcf267a420787db278c9b7dbe0da3faae74509097ac40

SHA512
b892002c364b7eed216e59f345c6fef877694c811a3f696fe51e18312e329437847088845f333dfbcc1c4328c24d5a5a8ac8583d8b07b81fc980557d78554602

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3868.exe

Filesize
468KB

MD5
c6a8bff18bba3958c762c2b98cfeb768

SHA1
188d9e15ebc5b08c6212cde5105929520e42f9e6

SHA256
5216111d75cea8c9065d83e87c27eb540e422b4dfe43493857d9cbe1d993d243

SHA512
c022c6cd6f5c5e95beb227dc64d5a0ab2d139a1555b366a8af1935f988632141804f134a68db8b320340ae6ff820505bede36f1d6b35c4caca6a07e006f68535

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43516.exe

Filesize
468KB

MD5
6b855c3213d7e1a2bab86df98db1837c

SHA1
a4cc2f04d9d43bc7e30852c2901ecaf23dfb198c

SHA256
7afa6765d7ffb2b75a80ba4f72fb2280eb5cae7efe8ad9da5779b995cc6f2829

SHA512
451ba244eb1862b892871be2a743ec8a690984b6c2cf8d4452517e785a6a8530a38d7e0134696bb93f8ce6924241ac10d4a04b240e9c42786dc59274b772d808

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44820.exe

Filesize
468KB

MD5
28d3526fd661a583605debba47e0d56a

SHA1
1046e24d531a0463e633e77b66ed879358924aac

SHA256
e820a7c53be7806a3ea465578442a9f576dfd82ddda6c104b9113d9395162f1a

SHA512
5d815cd6830c2236014f144bdb016e2ada4e452e067b470576b942cc9bdc42a1e6fc5256e977cdb7afac04282b9c9a34d371368d86fc2ae4d4a53ec8fa2857cf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46816.exe

Filesize
468KB

MD5
ab72a4e2a59a065bf41937c090161dcd

SHA1
57e0e951af3c0c164065db829046899c31a640cd

SHA256
a0222122322309d4edef1df414979728a3d4d3a166f2d72ff246fb5f1d108bcc

SHA512
6f58752b08d7739dc5d330af451a1e5c1414bcc1f0bd888c572b873ecdb8803b07d7f87ef66293783772762ced26d7b0a4a0eeb9a124a99a98caf7f428e7aa25

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51160.exe

Filesize
468KB

MD5
ec3be29d2f12e5322cc06f59ae782f9f

SHA1
c3add96b0372d4f7542d223e9b96a260b934f5be

SHA256
e1808d01f397c9d867b615bfe1b8a0ba8a436b1385d0479a29427228277997b6

SHA512
705ec4b4f9a5dc36091eb6d199295dd377198d6ed54a0e4e1661353d10b724f68c723194d203fe1ca3923558e65c11e2dba02c89660af8e54a2aee5f5389a9ce

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59132.exe

Filesize
468KB

MD5
cc31454df304d7fa1b1d7564ab788a18

SHA1
53851afbf8d84b1625fb6a926d4c5e9f7b0071b9

SHA256
f6392ca4db0a34e6fe3c651227d87db0d19e45920eaa8588f0f4b51550e5b313

SHA512
70020871439e1f7fcaf111c5a41bda02c65de97bbd2a6ea76bceddecdbdca83c25fec62ebb6e13966af252f897755918a266d70c4fb2f102202ab0a86c975279

Download Submit