afd0a05d22f3f6b04bf3b85c6739a977f5b18d95b3ca7eef95e422cc3528d475

Analysis

max time kernel
148s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
20/01/2025, 09:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

afd0a05d22f3f6b04bf3b85c6739a977f5b18d95b3ca7eef95e422cc3528d475.exe
Size

468KB
MD5

6c65e88cbdd95f33c2379539b3313312
SHA1

b7bb5e7d7067d6310e31861a9903d39d2c6a27f4
SHA256

afd0a05d22f3f6b04bf3b85c6739a977f5b18d95b3ca7eef95e422cc3528d475
SHA512

035b6af18e97853d4a0aed793a7aa8b2d05718ce41b301eaeb3f4d63c112c1579e2120267f1a7bb2ab0149da80de693601e702f50d05f3045f7597fd9594bf67
SSDEEP

3072:mbelogxaIU5ptbY7PzTkmbfD/O2UnsIHzQmyeQVZ6f4bknibuB/lr:mb4oCcptQPvkmbfda5Hf4QibuB

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2628	Unicorn-63663.exe
1760	Unicorn-11613.exe
2116	Unicorn-61369.exe
2676	Unicorn-37353.exe
2780	Unicorn-43475.exe
2680	Unicorn-29739.exe
2716	Unicorn-49605.exe
2592	Unicorn-30384.exe
2008	Unicorn-43190.exe
344	Unicorn-22024.exe
2016	Unicorn-26108.exe
2368	Unicorn-19977.exe
2028	Unicorn-22578.exe
1204	Unicorn-16605.exe
1992	Unicorn-38360.exe
2144	Unicorn-22382.exe
664	Unicorn-18852.exe
2352	Unicorn-55054.exe
2884	Unicorn-65260.exe
760	Unicorn-26274.exe
596	Unicorn-11836.exe
1032	Unicorn-39870.exe
684	Unicorn-60290.exe
1160	Unicorn-54160.exe
888	Unicorn-60290.exe
1388	Unicorn-64929.exe
3028	Unicorn-23342.exe
624	Unicorn-23077.exe
2068	Unicorn-27426.exe
296	Unicorn-52485.exe
2948	Unicorn-63420.exe
784	Unicorn-31749.exe
2444	Unicorn-62428.exe
1604	Unicorn-24925.exe
2468	Unicorn-49429.exe
2824	Unicorn-49164.exe
2992	Unicorn-8951.exe
3016	Unicorn-22686.exe
2864	Unicorn-28817.exe
3000	Unicorn-25287.exe
2968	Unicorn-24541.exe
2560	Unicorn-29179.exe
2608	Unicorn-65381.exe
2784	Unicorn-65381.exe
3008	Unicorn-12651.exe
1648	Unicorn-65189.exe
580	Unicorn-65189.exe
2988	Unicorn-56259.exe
2272	Unicorn-13995.exe
1012	Unicorn-33861.exe
2064	Unicorn-33596.exe
2612	Unicorn-38499.exe
1656	Unicorn-58365.exe
2004	Unicorn-62449.exe
1956	Unicorn-13248.exe
1080	Unicorn-63418.exe
2380	Unicorn-4011.exe
2184	Unicorn-38722.exe
2872	Unicorn-49491.exe
800	Unicorn-60227.exe
1048	Unicorn-20156.exe
544	Unicorn-50782.exe
2244	Unicorn-24816.exe
1384	Unicorn-43242.exe

Loads dropped DLL 64 IoCs

pid	Process
1880	afd0a05d22f3f6b04bf3b85c6739a977f5b18d95b3ca7eef95e422cc3528d475.exe
1880	afd0a05d22f3f6b04bf3b85c6739a977f5b18d95b3ca7eef95e422cc3528d475.exe
2628	Unicorn-63663.exe
2628	Unicorn-63663.exe
1880	afd0a05d22f3f6b04bf3b85c6739a977f5b18d95b3ca7eef95e422cc3528d475.exe
1880	afd0a05d22f3f6b04bf3b85c6739a977f5b18d95b3ca7eef95e422cc3528d475.exe
2116	Unicorn-61369.exe
2116	Unicorn-61369.exe
1880	afd0a05d22f3f6b04bf3b85c6739a977f5b18d95b3ca7eef95e422cc3528d475.exe
1880	afd0a05d22f3f6b04bf3b85c6739a977f5b18d95b3ca7eef95e422cc3528d475.exe
2628	Unicorn-63663.exe
1760	Unicorn-11613.exe
2628	Unicorn-63663.exe
1760	Unicorn-11613.exe
2676	Unicorn-37353.exe
2676	Unicorn-37353.exe
2116	Unicorn-61369.exe
2116	Unicorn-61369.exe
2680	Unicorn-29739.exe
2680	Unicorn-29739.exe
2628	Unicorn-63663.exe
2780	Unicorn-43475.exe
2780	Unicorn-43475.exe
2628	Unicorn-63663.exe
1880	afd0a05d22f3f6b04bf3b85c6739a977f5b18d95b3ca7eef95e422cc3528d475.exe
1760	Unicorn-11613.exe
2716	Unicorn-49605.exe
1880	afd0a05d22f3f6b04bf3b85c6739a977f5b18d95b3ca7eef95e422cc3528d475.exe
1760	Unicorn-11613.exe
2716	Unicorn-49605.exe
2592	Unicorn-30384.exe
2592	Unicorn-30384.exe
2676	Unicorn-37353.exe
2676	Unicorn-37353.exe
2008	Unicorn-43190.exe
2008	Unicorn-43190.exe
2116	Unicorn-61369.exe
2116	Unicorn-61369.exe
344	Unicorn-22024.exe
344	Unicorn-22024.exe
2680	Unicorn-29739.exe
2680	Unicorn-29739.exe
2028	Unicorn-22578.exe
2028	Unicorn-22578.exe
2368	Unicorn-19977.exe
1992	Unicorn-38360.exe
1760	Unicorn-11613.exe
2368	Unicorn-19977.exe
1760	Unicorn-11613.exe
1992	Unicorn-38360.exe
2716	Unicorn-49605.exe
2716	Unicorn-49605.exe
2628	Unicorn-63663.exe
2016	Unicorn-26108.exe
2628	Unicorn-63663.exe
2016	Unicorn-26108.exe
1204	Unicorn-16605.exe
1204	Unicorn-16605.exe
1880	afd0a05d22f3f6b04bf3b85c6739a977f5b18d95b3ca7eef95e422cc3528d475.exe
2780	Unicorn-43475.exe
1880	afd0a05d22f3f6b04bf3b85c6739a977f5b18d95b3ca7eef95e422cc3528d475.exe
2780	Unicorn-43475.exe
2144	Unicorn-22382.exe
2144	Unicorn-22382.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4076	2224	WerFault.exe	126

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4108.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38917.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55904.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28817.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14055.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45214.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45831.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55904.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54341.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6271.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56655.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29903.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-357.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53395.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51570.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60739.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27859.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26685.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58131.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48487.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38838.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12651.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64785.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26797.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53395.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42922.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27859.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25287.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60160.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4968.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35769.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13716.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28390.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30049.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29903.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47875.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22076.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1067.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48487.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57496.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3156.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14078.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59525.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41632.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9961.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27859.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51373.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30049.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48487.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3156.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53086.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24925.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11113.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46350.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48405.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49650.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34743.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33122.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43475.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25667.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29903.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15507.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62698.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29239.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1880	afd0a05d22f3f6b04bf3b85c6739a977f5b18d95b3ca7eef95e422cc3528d475.exe
2628	Unicorn-63663.exe
2116	Unicorn-61369.exe
1760	Unicorn-11613.exe
2676	Unicorn-37353.exe
2680	Unicorn-29739.exe
2716	Unicorn-49605.exe
2780	Unicorn-43475.exe
2592	Unicorn-30384.exe
2008	Unicorn-43190.exe
344	Unicorn-22024.exe
1992	Unicorn-38360.exe
2016	Unicorn-26108.exe
2368	Unicorn-19977.exe
2028	Unicorn-22578.exe
1204	Unicorn-16605.exe
2144	Unicorn-22382.exe
664	Unicorn-18852.exe
2352	Unicorn-55054.exe
2884	Unicorn-65260.exe
760	Unicorn-26274.exe
596	Unicorn-11836.exe
1032	Unicorn-39870.exe
684	Unicorn-60290.exe
888	Unicorn-60290.exe
1160	Unicorn-54160.exe
1388	Unicorn-64929.exe
3028	Unicorn-23342.exe
624	Unicorn-23077.exe
2068	Unicorn-27426.exe
296	Unicorn-52485.exe
2948	Unicorn-63420.exe
784	Unicorn-31749.exe
2444	Unicorn-62428.exe
1604	Unicorn-24925.exe
2468	Unicorn-49429.exe
2824	Unicorn-49164.exe
2992	Unicorn-8951.exe
3016	Unicorn-22686.exe
2864	Unicorn-28817.exe
3000	Unicorn-25287.exe
2968	Unicorn-24541.exe
2784	Unicorn-65381.exe
2560	Unicorn-29179.exe
2608	Unicorn-65381.exe
580	Unicorn-65189.exe
3008	Unicorn-12651.exe
1648	Unicorn-65189.exe
2988	Unicorn-56259.exe
1012	Unicorn-33861.exe
2272	Unicorn-13995.exe
2064	Unicorn-33596.exe
1656	Unicorn-58365.exe
2612	Unicorn-38499.exe
2004	Unicorn-62449.exe
1956	Unicorn-13248.exe
1080	Unicorn-63418.exe
2380	Unicorn-4011.exe
2184	Unicorn-38722.exe
2872	Unicorn-49491.exe
800	Unicorn-60227.exe
1048	Unicorn-20156.exe
544	Unicorn-50782.exe
2244	Unicorn-24816.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1880 wrote to memory of 2628	1880	afd0a05d22f3f6b04bf3b85c6739a977f5b18d95b3ca7eef95e422cc3528d475.exe	31
PID 1880 wrote to memory of 2628	1880	afd0a05d22f3f6b04bf3b85c6739a977f5b18d95b3ca7eef95e422cc3528d475.exe	31
PID 1880 wrote to memory of 2628	1880	afd0a05d22f3f6b04bf3b85c6739a977f5b18d95b3ca7eef95e422cc3528d475.exe	31
PID 1880 wrote to memory of 2628	1880	afd0a05d22f3f6b04bf3b85c6739a977f5b18d95b3ca7eef95e422cc3528d475.exe	31
PID 2628 wrote to memory of 1760	2628	Unicorn-63663.exe	32
PID 2628 wrote to memory of 1760	2628	Unicorn-63663.exe	32
PID 2628 wrote to memory of 1760	2628	Unicorn-63663.exe	32
PID 2628 wrote to memory of 1760	2628	Unicorn-63663.exe	32
PID 1880 wrote to memory of 2116	1880	afd0a05d22f3f6b04bf3b85c6739a977f5b18d95b3ca7eef95e422cc3528d475.exe	33
PID 1880 wrote to memory of 2116	1880	afd0a05d22f3f6b04bf3b85c6739a977f5b18d95b3ca7eef95e422cc3528d475.exe	33
PID 1880 wrote to memory of 2116	1880	afd0a05d22f3f6b04bf3b85c6739a977f5b18d95b3ca7eef95e422cc3528d475.exe	33
PID 1880 wrote to memory of 2116	1880	afd0a05d22f3f6b04bf3b85c6739a977f5b18d95b3ca7eef95e422cc3528d475.exe	33
PID 2116 wrote to memory of 2676	2116	Unicorn-61369.exe	34
PID 2116 wrote to memory of 2676	2116	Unicorn-61369.exe	34
PID 2116 wrote to memory of 2676	2116	Unicorn-61369.exe	34
PID 2116 wrote to memory of 2676	2116	Unicorn-61369.exe	34
PID 1880 wrote to memory of 2780	1880	afd0a05d22f3f6b04bf3b85c6739a977f5b18d95b3ca7eef95e422cc3528d475.exe	35
PID 1880 wrote to memory of 2780	1880	afd0a05d22f3f6b04bf3b85c6739a977f5b18d95b3ca7eef95e422cc3528d475.exe	35
PID 1880 wrote to memory of 2780	1880	afd0a05d22f3f6b04bf3b85c6739a977f5b18d95b3ca7eef95e422cc3528d475.exe	35
PID 1880 wrote to memory of 2780	1880	afd0a05d22f3f6b04bf3b85c6739a977f5b18d95b3ca7eef95e422cc3528d475.exe	35
PID 2628 wrote to memory of 2680	2628	Unicorn-63663.exe	36
PID 2628 wrote to memory of 2680	2628	Unicorn-63663.exe	36
PID 2628 wrote to memory of 2680	2628	Unicorn-63663.exe	36
PID 2628 wrote to memory of 2680	2628	Unicorn-63663.exe	36
PID 1760 wrote to memory of 2716	1760	Unicorn-11613.exe	37
PID 1760 wrote to memory of 2716	1760	Unicorn-11613.exe	37
PID 1760 wrote to memory of 2716	1760	Unicorn-11613.exe	37
PID 1760 wrote to memory of 2716	1760	Unicorn-11613.exe	37
PID 2676 wrote to memory of 2592	2676	Unicorn-37353.exe	38
PID 2676 wrote to memory of 2592	2676	Unicorn-37353.exe	38
PID 2676 wrote to memory of 2592	2676	Unicorn-37353.exe	38
PID 2676 wrote to memory of 2592	2676	Unicorn-37353.exe	38
PID 2116 wrote to memory of 2008	2116	Unicorn-61369.exe	39
PID 2116 wrote to memory of 2008	2116	Unicorn-61369.exe	39
PID 2116 wrote to memory of 2008	2116	Unicorn-61369.exe	39
PID 2116 wrote to memory of 2008	2116	Unicorn-61369.exe	39
PID 2680 wrote to memory of 344	2680	Unicorn-29739.exe	40
PID 2680 wrote to memory of 344	2680	Unicorn-29739.exe	40
PID 2680 wrote to memory of 344	2680	Unicorn-29739.exe	40
PID 2680 wrote to memory of 344	2680	Unicorn-29739.exe	40
PID 2780 wrote to memory of 2016	2780	Unicorn-43475.exe	42
PID 2780 wrote to memory of 2016	2780	Unicorn-43475.exe	42
PID 2780 wrote to memory of 2016	2780	Unicorn-43475.exe	42
PID 2780 wrote to memory of 2016	2780	Unicorn-43475.exe	42
PID 2628 wrote to memory of 2368	2628	Unicorn-63663.exe	41
PID 2628 wrote to memory of 2368	2628	Unicorn-63663.exe	41
PID 2628 wrote to memory of 2368	2628	Unicorn-63663.exe	41
PID 2628 wrote to memory of 2368	2628	Unicorn-63663.exe	41
PID 1880 wrote to memory of 1204	1880	afd0a05d22f3f6b04bf3b85c6739a977f5b18d95b3ca7eef95e422cc3528d475.exe	43
PID 1880 wrote to memory of 1204	1880	afd0a05d22f3f6b04bf3b85c6739a977f5b18d95b3ca7eef95e422cc3528d475.exe	43
PID 1880 wrote to memory of 1204	1880	afd0a05d22f3f6b04bf3b85c6739a977f5b18d95b3ca7eef95e422cc3528d475.exe	43
PID 1880 wrote to memory of 1204	1880	afd0a05d22f3f6b04bf3b85c6739a977f5b18d95b3ca7eef95e422cc3528d475.exe	43
PID 1760 wrote to memory of 2028	1760	Unicorn-11613.exe	44
PID 1760 wrote to memory of 2028	1760	Unicorn-11613.exe	44
PID 1760 wrote to memory of 2028	1760	Unicorn-11613.exe	44
PID 1760 wrote to memory of 2028	1760	Unicorn-11613.exe	44
PID 2716 wrote to memory of 1992	2716	Unicorn-49605.exe	45
PID 2716 wrote to memory of 1992	2716	Unicorn-49605.exe	45
PID 2716 wrote to memory of 1992	2716	Unicorn-49605.exe	45
PID 2716 wrote to memory of 1992	2716	Unicorn-49605.exe	45
PID 2592 wrote to memory of 2144	2592	Unicorn-30384.exe	46
PID 2592 wrote to memory of 2144	2592	Unicorn-30384.exe	46
PID 2592 wrote to memory of 2144	2592	Unicorn-30384.exe	46
PID 2592 wrote to memory of 2144	2592	Unicorn-30384.exe	46

C:\Users\Admin\AppData\Local\Temp\afd0a05d22f3f6b04bf3b85c6739a977f5b18d95b3ca7eef95e422cc3528d475.exe
"C:\Users\Admin\AppData\Local\Temp\afd0a05d22f3f6b04bf3b85c6739a977f5b18d95b3ca7eef95e422cc3528d475.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1880
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63663.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63663.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11613.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11613.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49605.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38360.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60290.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33861.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21199.exe
        8⤵
        
        PID:476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57683.exe
        9⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14139.exe
        9⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9642.exe
        9⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28357.exe
        9⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6271.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24848.exe
        8⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62520.exe
        8⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6842.exe
        8⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3156.exe
        8⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6761.exe
        7⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54144.exe
        8⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30049.exe
        8⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29903.exe
        8⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
        8⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38838.exe
        8⤵
        
        PID:7528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49472.exe
        7⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13801.exe
        7⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57939.exe
        7⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55844.exe
        7⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9635.exe
        7⤵
        
        PID:7756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38499.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59525.exe
        7⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13392.exe
        8⤵
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21371.exe
        8⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24157.exe
        8⤵
        
        PID:7780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36525.exe
        7⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54352.exe
        7⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15976.exe
        7⤵
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43802.exe
        7⤵
        
        PID:7404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53395.exe
        6⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4611.exe
        7⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4108.exe
        7⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30062.exe
        7⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40609.exe
        7⤵
        
        PID:7372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28472.exe
        6⤵
        
        PID:3960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58131.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55844.exe
        6⤵
        
        PID:6860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1467.exe
        6⤵
        
        PID:7700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64929.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62449.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50241.exe
        7⤵
        
        PID:652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54512.exe
        8⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15528.exe
        8⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54352.exe
        8⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59025.exe
        8⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55904.exe
        8⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60634.exe
        7⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5804.exe
        7⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45687.exe
        7⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31339.exe
        7⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28390.exe
        7⤵
        
        PID:7264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39659.exe
        6⤵
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35016.exe
        7⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48425.exe
        7⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48487.exe
        7⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
        7⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27859.exe
        7⤵
        
        PID:8040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24609.exe
        6⤵
        
        PID:1748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2296.exe
        6⤵
        
        PID:3372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45687.exe
        6⤵
        
        PID:4784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31339.exe
        6⤵
        
        PID:5664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28390.exe
        6⤵
        
        PID:7176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38722.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26627.exe
        6⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9598.exe
        7⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40179.exe
        7⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1474.exe
        7⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40609.exe
        7⤵
        
        PID:7352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35736.exe
        6⤵
        
        PID:3416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7936.exe
        6⤵
        
        PID:5032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54352.exe
        6⤵
        
        PID:4904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50651.exe
        6⤵
        
        PID:5444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64609.exe
        6⤵
        
        PID:7716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34338.exe
        5⤵
        
        PID:2520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54144.exe
        6⤵
        
        PID:3080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38803.exe
        6⤵
        
        PID:4092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56655.exe
        6⤵
        
        PID:5336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30251.exe
        6⤵
        
        PID:7124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42922.exe
        6⤵
        
        PID:7964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45214.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24449.exe
        5⤵
        
        PID:4160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27634.exe
        5⤵
        
        PID:6076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43210.exe
        5⤵
        
        PID:6304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5608.exe
        5⤵
        
        PID:7444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22578.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22578.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39870.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65189.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2535.exe
        7⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45269.exe
        7⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62520.exe
        7⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6842.exe
        7⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11324.exe
        7⤵
        
        PID:7492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34646.exe
        6⤵
        
        PID:2204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21393.exe
        6⤵
        
        PID:4564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45687.exe
        6⤵
        
        PID:1432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31339.exe
        6⤵
        
        PID:5680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28390.exe
        6⤵
        
        PID:7236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13995.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16822.exe
        6⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8456.exe
        7⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26685.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22944.exe
        7⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27255.exe
        7⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28390.exe
        7⤵
        
        PID:7256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25155.exe
        6⤵
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25151.exe
        6⤵
        
        PID:4328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60160.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10727.exe
        6⤵
        
        PID:6680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20221.exe
        6⤵
        
        PID:7900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25932.exe
        5⤵
        
        PID:2668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18477.exe
        6⤵
        
        PID:7432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-843.exe
        5⤵
        
        PID:3276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17098.exe
        5⤵
        
        PID:4436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34115.exe
        5⤵
        
        PID:5952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28390.exe
        5⤵
        
        PID:7200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54160.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54160.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65189.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34603.exe
        6⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38389.exe
        7⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34278.exe
        7⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43785.exe
        7⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27028.exe
        7⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31339.exe
        7⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28390.exe
        7⤵
        
        PID:7336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34278.exe
        6⤵
        
        PID:3928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43785.exe
        6⤵
        
        PID:4320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27028.exe
        6⤵
        
        PID:5488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27255.exe
        6⤵
        
        PID:5788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28390.exe
        6⤵
        
        PID:8164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26797.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54144.exe
        6⤵
        
        PID:3144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30049.exe
        6⤵
        
        PID:5088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29903.exe
        6⤵
        
        PID:5160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38612.exe
        6⤵
        
        PID:6728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38838.exe
        6⤵
        
        PID:7572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48014.exe
        5⤵
        
        PID:3948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49650.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27103.exe
        5⤵
        
        PID:5972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55844.exe
        5⤵
        
        PID:6876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20221.exe
        5⤵
        
        PID:7992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33596.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33596.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47636.exe
        5⤵
        
        PID:1256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54144.exe
        6⤵
        
        PID:3168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34133.exe
        6⤵
        
        PID:4448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29903.exe
        6⤵
        
        PID:6000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7339.exe
        6⤵
        
        PID:6208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27859.exe
        6⤵
        
        PID:8140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48014.exe
        5⤵
        
        PID:3828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49963.exe
        5⤵
        
        PID:4924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18913.exe
        5⤵
        
        PID:6532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-357.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53768.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53768.exe
      4⤵
      PID:2960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64611.exe
        5⤵
        
        PID:4132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12084.exe
        5⤵
        
        PID:5884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38917.exe
        5⤵
        
        PID:7148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59458.exe
        5⤵
        
        PID:7832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28678.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28678.exe
      4⤵
      PID:3892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41515.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41515.exe
      4⤵
      PID:4144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6103.exe
      4⤵
      PID:5276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17455.exe
      4⤵
      PID:5344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5724.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5724.exe
      4⤵
      PID:7328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29739.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29739.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22024.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26274.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18546.exe
        6⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59525.exe
        7⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32961.exe
        8⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45493.exe
        8⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48487.exe
        8⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38612.exe
        8⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38838.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29239.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25151.exe
        7⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60160.exe
        7⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27255.exe
        7⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28390.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53395.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54144.exe
        7⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30049.exe
        7⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29903.exe
        7⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
        7⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27859.exe
        7⤵
        
        PID:8148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53879.exe
        6⤵
        
        PID:3904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40985.exe
        6⤵
        
        PID:4100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10568.exe
        6⤵
        
        PID:5964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44321.exe
        6⤵
        
        PID:5800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6859.exe
        6⤵
        
        PID:7192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8951.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63191.exe
        6⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14429.exe
        7⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63340.exe
        7⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38917.exe
        7⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59458.exe
        7⤵
        
        PID:7764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34278.exe
        6⤵
        
        PID:4016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47869.exe
        6⤵
        
        PID:4488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27028.exe
        6⤵
        
        PID:5520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55844.exe
        6⤵
        
        PID:6884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1467.exe
        6⤵
        
        PID:7692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56568.exe
        5⤵
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51373.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4108.exe
        6⤵
        
        PID:5840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38917.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59458.exe
        6⤵
        
        PID:8020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53879.exe
        5⤵
        
        PID:3912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40985.exe
        5⤵
        
        PID:4188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10568.exe
        5⤵
        
        PID:6088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44321.exe
        5⤵
        
        PID:5916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6859.exe
        5⤵
        
        PID:8188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11836.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20156.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62698.exe
        6⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3158.exe
        7⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49225.exe
        7⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30062.exe
        7⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36525.exe
        7⤵
        
        PID:7248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34278.exe
        6⤵
        
        PID:3988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43785.exe
        6⤵
        
        PID:5012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27028.exe
        6⤵
        
        PID:5572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55844.exe
        6⤵
        
        PID:6900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1467.exe
        6⤵
        
        PID:7740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42832.exe
        5⤵
        
        PID:2224
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 240
        6⤵
        Program crash
        
        PID:4076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48014.exe
        5⤵
        
        PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49650.exe
        5⤵
        
        PID:4948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27103.exe
        5⤵
        
        PID:6096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10727.exe
        5⤵
        
        PID:6688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20221.exe
        5⤵
        
        PID:7892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50782.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50782.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62698.exe
        5⤵
        
        PID:1616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54144.exe
        6⤵
        
        PID:3200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30049.exe
        6⤵
        
        PID:4372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29903.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56540.exe
        6⤵
        
        PID:6296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27859.exe
        6⤵
        
        PID:8172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34278.exe
        5⤵
        
        PID:3872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43785.exe
        5⤵
        
        PID:4364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27028.exe
        5⤵
        
        PID:5504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31339.exe
        5⤵
        
        PID:5648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28390.exe
        5⤵
        
        PID:8116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62433.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62433.exe
      4⤵
      PID:984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38581.exe
        5⤵
        
        PID:3132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48062.exe
        5⤵
        
        PID:4760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60739.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38612.exe
        5⤵
        
        PID:6752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38838.exe
        5⤵
        
        PID:7468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63200.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63200.exe
      4⤵
      PID:3332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5513.exe
      4⤵
      PID:4872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46217.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46217.exe
      4⤵
      PID:4484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26874.exe
      4⤵
      PID:6200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1524.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1524.exe
      4⤵
      PID:8056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19977.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19977.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60290.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60290.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24541.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63575.exe
        6⤵
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7989.exe
        7⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8964.exe
        7⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15507.exe
        7⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27859.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35736.exe
        6⤵
        
        PID:3444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29425.exe
        6⤵
        
        PID:5096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1067.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27262.exe
        6⤵
        
        PID:6612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59988.exe
        6⤵
        
        PID:7792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10653.exe
        5⤵
        
        PID:1692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54144.exe
        6⤵
        
        PID:3216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30049.exe
        6⤵
        
        PID:3396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29903.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38612.exe
        6⤵
        
        PID:6340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38838.exe
        6⤵
        
        PID:7640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48014.exe
        5⤵
        
        PID:3920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49650.exe
        5⤵
        
        PID:4968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10493.exe
        5⤵
        
        PID:5480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55265.exe
        5⤵
        
        PID:5484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60143.exe
        5⤵
        
        PID:7728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29179.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29179.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17115.exe
        5⤵
        
        PID:492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54144.exe
        6⤵
        
        PID:3160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30049.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29903.exe
        6⤵
        
        PID:6104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
        6⤵
        
        PID:5928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27859.exe
        6⤵
        
        PID:7296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6271.exe
        5⤵
        
        PID:3236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24848.exe
        5⤵
        
        PID:4860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54352.exe
        5⤵
        
        PID:4124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54735.exe
        5⤵
        
        PID:5364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3156.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57445.exe
      4⤵
      PID:1788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54341.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22789.exe
        5⤵
        
        PID:4220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48487.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
        5⤵
        
        PID:5944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27859.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41632.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37808.exe
      4⤵
      PID:4284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33235.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33235.exe
      4⤵
      PID:5176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7372.exe
      4⤵
      PID:6736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64228.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64228.exe
      4⤵
      PID:7956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23077.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23077.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65381.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65381.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42387.exe
        5⤵
        
        PID:2820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55820.exe
        6⤵
        
        PID:2724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65145.exe
        6⤵
        
        PID:3360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48487.exe
        6⤵
        
        PID:1124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10023.exe
        6⤵
        
        PID:6416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38838.exe
        6⤵
        
        PID:7388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39846.exe
        5⤵
        
        PID:1484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58076.exe
        5⤵
        
        PID:3452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8904.exe
        5⤵
        
        PID:5732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38199.exe
        5⤵
        
        PID:6052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20221.exe
        5⤵
        
        PID:7824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18245.exe
      4⤵
      PID:2568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59525.exe
        5⤵
        
        PID:2932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54144.exe
        6⤵
        
        PID:3140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30049.exe
        6⤵
        
        PID:4192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29903.exe
        6⤵
        
        PID:6008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35928.exe
        6⤵
        
        PID:6644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19691.exe
        6⤵
        
        PID:7916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34278.exe
        5⤵
        
        PID:3972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43785.exe
        5⤵
        
        PID:5020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27028.exe
        5⤵
        
        PID:5528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55844.exe
        5⤵
        
        PID:6868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1467.exe
        5⤵
        
        PID:7724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53395.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54144.exe
        5⤵
        
        PID:3176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30049.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29903.exe
        5⤵
        
        PID:5072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38612.exe
        5⤵
        
        PID:6628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38838.exe
        5⤵
        
        PID:7648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53879.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53879.exe
      4⤵
      PID:3964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40985.exe
      4⤵
      PID:5004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10568.exe
      4⤵
      PID:2300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9251.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9251.exe
      4⤵
      PID:6780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33122.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33122.exe
      4⤵
      PID:8008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56259.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56259.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62698.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62698.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45831.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16168.exe
        5⤵
        
        PID:6020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52556.exe
        5⤵
        
        PID:7660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34278.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34278.exe
      4⤵
      PID:3980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47869.exe
      4⤵
      PID:4512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27028.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27028.exe
      4⤵
      PID:5564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55844.exe
      4⤵
      PID:6852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28390.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28390.exe
      4⤵
      PID:7304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21231.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21231.exe
    3⤵
    PID:2652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64547.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64547.exe
      4⤵
      PID:5660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53276.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53276.exe
      4⤵
      PID:5780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30659.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30659.exe
      4⤵
      PID:8024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45744.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45744.exe
    3⤵
    PID:4028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19984.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19984.exe
    3⤵
    PID:4316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-768.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-768.exe
    3⤵
    PID:6032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5127.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5127.exe
    3⤵
    PID:6488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43525.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43525.exe
    3⤵
    PID:7472
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61369.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61369.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37353.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37353.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30384.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30384.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22382.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31749.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24816.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53189.exe
        8⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-184.exe
        8⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48487.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15507.exe
        8⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19691.exe
        8⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49852.exe
        7⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30447.exe
        7⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25764.exe
        7⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50651.exe
        7⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64609.exe
        7⤵
        
        PID:7704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43242.exe
        6⤵
        Executes dropped EXE
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62698.exe
        7⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60433.exe
        8⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65305.exe
        8⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54352.exe
        8⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47875.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55904.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10874.exe
        7⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61968.exe
        7⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54352.exe
        7⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43791.exe
        7⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55904.exe
        7⤵
        
        PID:7580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7367.exe
        6⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54144.exe
        7⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30049.exe
        7⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29903.exe
        7⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
        7⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27859.exe
        7⤵
        
        PID:7312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49739.exe
        6⤵
        
        PID:2736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29151.exe
        6⤵
        
        PID:4880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17611.exe
        6⤵
        
        PID:6760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29038.exe
        6⤵
        
        PID:7396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62428.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17992.exe
        6⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51710.exe
        7⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11113.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64823.exe
        7⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15507.exe
        7⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27859.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53744.exe
        6⤵
        
        PID:2200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60315.exe
        6⤵
        
        PID:4728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43624.exe
        6⤵
        
        PID:5600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13615.exe
        6⤵
        
        PID:7508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64240.exe
        6⤵
        
        PID:7672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56786.exe
        5⤵
        
        PID:2376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62509.exe
        6⤵
        
        PID:2812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26873.exe
        6⤵
        
        PID:4300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56655.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35928.exe
        6⤵
        
        PID:6564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27859.exe
        6⤵
        
        PID:8156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52732.exe
        5⤵
        
        PID:1984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43600.exe
        5⤵
        
        PID:3328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29151.exe
        5⤵
        
        PID:2172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48405.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6859.exe
        5⤵
        
        PID:8088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18852.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18852.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49429.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42304.exe
        6⤵
        
        PID:300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3796.exe
        7⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45986.exe
        7⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36235.exe
        7⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63400.exe
        7⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19691.exe
        7⤵
        
        PID:7812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14055.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40609.exe
        6⤵
        
        PID:4264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50268.exe
        6⤵
        
        PID:2476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8295.exe
        6⤵
        
        PID:7020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18418.exe
        6⤵
        
        PID:8124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14078.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25561.exe
        6⤵
        
        PID:2796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22789.exe
        6⤵
        
        PID:4208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46350.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54735.exe
        6⤵
        
        PID:5424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3156.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19430.exe
        5⤵
        
        PID:1724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46474.exe
        5⤵
        
        PID:4272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53855.exe
        5⤵
        
        PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10727.exe
        5⤵
        
        PID:6656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28390.exe
        5⤵
        
        PID:7224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22686.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22686.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8178.exe
        5⤵
        
        PID:2688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54512.exe
        6⤵
        
        PID:1632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51741.exe
        6⤵
        
        PID:3604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48487.exe
        6⤵
        
        PID:4800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38612.exe
        6⤵
        
        PID:6376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38838.exe
        6⤵
        
        PID:7560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52483.exe
        5⤵
        
        PID:2512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65476.exe
        5⤵
        
        PID:3900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54352.exe
        5⤵
        
        PID:4724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22076.exe
        5⤵
        
        PID:6928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55904.exe
        5⤵
        
        PID:7608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55443.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55443.exe
      4⤵
      PID:2636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63085.exe
        5⤵
        
        PID:3192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64398.exe
        5⤵
        
        PID:4812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15622.exe
        5⤵
        
        PID:5392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15507.exe
        5⤵
        
        PID:6476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31943.exe
        5⤵
        
        PID:7504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48919.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48919.exe
      4⤵
      PID:1904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53562.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53562.exe
      4⤵
      PID:4452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46217.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46217.exe
      4⤵
      PID:4104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33734.exe
      4⤵
      PID:6048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58892.exe
      4⤵
      PID:7856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43190.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43190.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55054.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55054.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28817.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31430.exe
        6⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29448.exe
        7⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34133.exe
        7⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29903.exe
        7⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15507.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19691.exe
        7⤵
        
        PID:8000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20739.exe
        6⤵
        
        PID:4072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8149.exe
        6⤵
        
        PID:4776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43172.exe
        6⤵
        
        PID:5460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27859.exe
        6⤵
        
        PID:7208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50241.exe
        5⤵
        
        PID:2908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65119.exe
        6⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38389.exe
        7⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11113.exe
        7⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48487.exe
        7⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38612.exe
        7⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38838.exe
        7⤵
        
        PID:7620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34278.exe
        6⤵
        
        PID:4008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43785.exe
        6⤵
        
        PID:5064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35769.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13716.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59988.exe
        6⤵
        
        PID:7924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35362.exe
        5⤵
        
        PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-843.exe
        5⤵
        
        PID:3340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45687.exe
        5⤵
        
        PID:5136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31339.exe
        5⤵
        
        PID:5720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28390.exe
        5⤵
        
        PID:7216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25287.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25287.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25667.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55602.exe
        6⤵
        
        PID:3472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59738.exe
        6⤵
        
        PID:5076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48487.exe
        6⤵
        
        PID:5128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
        6⤵
        
        PID:5784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40112.exe
        6⤵
        
        PID:7532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35243.exe
        5⤵
        
        PID:2240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19612.exe
        5⤵
        
        PID:4624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54352.exe
        5⤵
        
        PID:4988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22076.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55904.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44041.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44041.exe
      4⤵
      PID:1216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54144.exe
        5⤵
        
        PID:3152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34133.exe
        5⤵
        
        PID:4428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29903.exe
        5⤵
        
        PID:6112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7339.exe
        5⤵
        
        PID:6216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27859.exe
        5⤵
        
        PID:7280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26064.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26064.exe
      4⤵
      PID:1996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58997.exe
      4⤵
      PID:4752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33235.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33235.exe
      4⤵
      PID:5184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9251.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9251.exe
      4⤵
      PID:7048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33122.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33122.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65260.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65260.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24925.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24925.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62916.exe
        5⤵
        
        PID:1480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6463.exe
        6⤵
        
        PID:1816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61797.exe
        6⤵
        
        PID:4744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54352.exe
        6⤵
        
        PID:5144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22076.exe
        6⤵
        
        PID:6788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55904.exe
        6⤵
        
        PID:7556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31678.exe
        5⤵
        
        PID:640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13151.exe
        5⤵
        
        PID:3480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25764.exe
        5⤵
        
        PID:4472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54735.exe
        5⤵
        
        PID:5296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3156.exe
        5⤵
        
        PID:7836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10186.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10186.exe
      4⤵
      PID:1368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8456.exe
        5⤵
        
        PID:2516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26685.exe
        5⤵
        
        PID:4232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27028.exe
        5⤵
        
        PID:5576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10727.exe
        5⤵
        
        PID:6672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30289.exe
        5⤵
        
        PID:8068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59503.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59503.exe
      4⤵
      PID:1900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3640.exe
      4⤵
      PID:3500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53855.exe
      4⤵
      PID:5312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10727.exe
      4⤵
      PID:6704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42541.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42541.exe
      4⤵
      PID:8096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49164.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49164.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33944.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33944.exe
      4⤵
      PID:2900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51025.exe
        5⤵
        
        PID:2552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9961.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48487.exe
        5⤵
        
        PID:4336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63400.exe
        5⤵
        
        PID:5468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15607.exe
        5⤵
        
        PID:7744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5695.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5695.exe
      4⤵
      PID:1288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36525.exe
      4⤵
      PID:4236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54352.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54352.exe
      4⤵
      PID:4740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22076.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22076.exe
      4⤵
      PID:6832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55904.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55904.exe
      4⤵
      PID:7600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64785.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64785.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26329.exe
      4⤵
      PID:3088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60702.exe
      4⤵
      PID:4616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3288.exe
      4⤵
      PID:5704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64211.exe
      4⤵
      PID:6184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39931.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39931.exe
      4⤵
      PID:7776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32383.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32383.exe
    3⤵
    PID:1188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5090.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5090.exe
    3⤵
    PID:4464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24686.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24686.exe
    3⤵
    PID:4528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-927.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-927.exe
    3⤵
    PID:6500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5724.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5724.exe
    3⤵
    PID:8128
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43475.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43475.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26108.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26108.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23342.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65381.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59525.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58275.exe
        7⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4108.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9642.exe
        7⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28357.exe
        7⤵
        
        PID:7976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8871.exe
        6⤵
        
        PID:3860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56847.exe
        6⤵
        
        PID:4944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11231.exe
        6⤵
        
        PID:6836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19691.exe
        6⤵
        
        PID:7800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14963.exe
        5⤵
        
        PID:2732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54144.exe
        6⤵
        
        PID:3184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30049.exe
        6⤵
        
        PID:4056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29903.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38612.exe
        6⤵
        
        PID:6624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38838.exe
        6⤵
        
        PID:7536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48014.exe
        5⤵
        
        PID:3840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49650.exe
        5⤵
        
        PID:4348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27103.exe
        5⤵
        
        PID:6136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31339.exe
        5⤵
        
        PID:5752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28390.exe
        5⤵
        
        PID:8108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12651.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62698.exe
        5⤵
        
        PID:2436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53189.exe
        6⤵
        
        PID:2896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19285.exe
        6⤵
        
        PID:4252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22944.exe
        6⤵
        
        PID:5500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27255.exe
        6⤵
        
        PID:2448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28390.exe
        6⤵
        
        PID:7320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33131.exe
        5⤵
        
        PID:332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46400.exe
        5⤵
        
        PID:3456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54352.exe
        5⤵
        
        PID:4840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22076.exe
        5⤵
        
        PID:6848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55904.exe
        5⤵
        
        PID:7460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53395.exe
      4⤵
      PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23782.exe
        5⤵
        
        PID:5904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40831.exe
        5⤵
        
        PID:6800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34743.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28472.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28472.exe
      4⤵
      PID:3864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45111.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45111.exe
      4⤵
      PID:4820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9995.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9995.exe
      4⤵
      PID:5900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28390.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28390.exe
      4⤵
      PID:8072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52485.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52485.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58365.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54512.exe
        5⤵
        
        PID:972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15528.exe
        5⤵
        
        PID:4596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54352.exe
        5⤵
        
        PID:4388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32991.exe
        5⤵
        
        PID:6964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57915.exe
        5⤵
        
        PID:8036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63971.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63971.exe
      4⤵
      PID:1624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21393.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21393.exe
      4⤵
      PID:4572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45687.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45687.exe
      4⤵
      PID:4732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31339.exe
      4⤵
      PID:5672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28390.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28390.exe
      4⤵
      PID:8100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63418.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63418.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25156.exe
      4⤵
      PID:2756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46780.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46780.exe
      4⤵
      PID:3308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19898.exe
      4⤵
      PID:4480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
      4⤵
      PID:1720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27859.exe
      4⤵
      PID:7288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22150.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22150.exe
    3⤵
    PID:532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57715.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57715.exe
    3⤵
    PID:3348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33235.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33235.exe
    3⤵
    PID:5192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64741.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64741.exe
    3⤵
    PID:6176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6859.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6859.exe
    3⤵
    PID:7344
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16605.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16605.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27426.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27426.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13248.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13248.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6463.exe
        5⤵
        
        PID:2924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61797.exe
        5⤵
        
        PID:4768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21487.exe
        5⤵
        
        PID:5400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53086.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34646.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34646.exe
      4⤵
      PID:2348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65476.exe
      4⤵
      PID:3836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62520.exe
      4⤵
      PID:5204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57496.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57496.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18418.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18418.exe
      4⤵
      PID:8080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49491.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49491.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3796.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3796.exe
      4⤵
      PID:2876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32664.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32664.exe
      4⤵
      PID:4112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56655.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56655.exe
      4⤵
      PID:5264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30251.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30251.exe
      4⤵
      PID:7112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42922.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42922.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37438.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37438.exe
    3⤵
    PID:3036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19208.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19208.exe
    3⤵
    PID:3252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45687.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45687.exe
    3⤵
    PID:5164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10727.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10727.exe
    3⤵
    PID:6664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32474.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32474.exe
    3⤵
    PID:7584
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63420.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63420.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4011.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4011.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58339.exe
      4⤵
      PID:1372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6593.exe
        5⤵
        
        PID:3320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51570.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48487.exe
        5⤵
        
        PID:4824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64448.exe
        5⤵
        
        PID:7436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65333.exe
        5⤵
        
        PID:4656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14631.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14631.exe
      4⤵
      PID:3116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1030.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1030.exe
      4⤵
      PID:4584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60160.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60160.exe
      4⤵
      PID:5636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10727.exe
      4⤵
      PID:6696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20221.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20221.exe
      4⤵
      PID:7968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62786.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62786.exe
    3⤵
    PID:1612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54512.exe
      4⤵
      PID:1808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15528.exe
      4⤵
      PID:4588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54352.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54352.exe
      4⤵
      PID:4396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27262.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27262.exe
      4⤵
      PID:6600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3156.exe
      4⤵
      PID:7876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48382.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48382.exe
    3⤵
    PID:2384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12728.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12728.exe
    3⤵
    PID:4556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37319.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37319.exe
    3⤵
    PID:5280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9251.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9251.exe
    3⤵
    PID:7056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33122.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33122.exe
    3⤵
    PID:6952
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60227.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60227.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59525.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59525.exe
    3⤵
    PID:2440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-96.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-96.exe
      4⤵
      PID:2760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49577.exe
      4⤵
      PID:3312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36235.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36235.exe
      4⤵
      PID:2844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63400.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63400.exe
      4⤵
      PID:5452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19691.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19691.exe
      4⤵
      PID:7844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53744.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53744.exe
    3⤵
    PID:1908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13919.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13919.exe
    3⤵
    PID:3460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54352.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54352.exe
    3⤵
    PID:2460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22076.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22076.exe
    3⤵
    PID:6916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55904.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55904.exe
    3⤵
    PID:7416
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1732.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1732.exe
  2⤵
  PID:1344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55602.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55602.exe
    3⤵
    PID:3464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59738.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59738.exe
    3⤵
    PID:5024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48487.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48487.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63400.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63400.exe
    3⤵
    PID:5408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19691.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19691.exe
    3⤵
    PID:7884
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24213.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24213.exe
  2⤵
  PID:3820
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14649.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14649.exe
  2⤵
  PID:4128
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4968.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4968.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5980
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59456.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59456.exe
  2⤵
  PID:5736
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25324.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25324.exe
  2⤵
  PID:7408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-26108.exe

Filesize
468KB

MD5
4c18c976f09b5c46ef1da05261dbe20a

SHA1
51dca34568964a0dddd28da29ff73e3ee0acfcaf

SHA256
e9426e354030f78888d033470f07bff490d41b412f095a7534580a18f2854bcc

SHA512
719b7a8d9181ac34a416c4e7167544acbb054097ec0b61cdd12361fbf99bd85b996a1e908b4bee89d0c06b04e42454354b4f47702736d84be5860f52f9a30f99

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39846.exe

Filesize
468KB

MD5
8a36ed4300bc70be978d83c25ba09b4a

SHA1
e38d502b55c7ba1dbb9f3d61abb12dfe3a2b40a6

SHA256
027a1b424136d68468397649fb162537ed415d1ee1f524fbfc176e7afb073b7a

SHA512
18c6b370e4f5ee2b775b31464d43b178e4f3b06ab4cb768655459c07127f351d211c7dd0cf75967ff5aa4e21c61d987e8717960e817c80ceab53756babeddc10

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52732.exe

Filesize
468KB

MD5
bf1c59f59b7840e8d8ca73a2f99af123

SHA1
0a591f6f69211d7bdaf2cdd80cdfa64bdb5208e2

SHA256
2f3fcc31b51e05e7d1094ca6cbe4cfdfa0ddcf5ed21c571c3b37e241fabd8391

SHA512
415eb34a5ec6ca193f824d4288db6cf7be8e7b6af1b6d523ab1007ef5aad7ec04928c3b2d932ac411c716839ede7bf4afe543271d1ca21ed447f4bad75dab25c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55054.exe

Filesize
468KB

MD5
9ec5285d2e8f88ec1c1cf1c2c5ce6849

SHA1
f4cb54c4ef42c9b12962ff472e934bfc8d5d3b80

SHA256
fe49c0a85a032b55c95f595ffb8ee320d0c56b27b5ffc8f7b90d1c3c34c18381

SHA512
557abb3ef449148e3bdb2625f3553cfdc06b3f5f013cc55a3373f75e057395cba2b260e93ba07dcb7323313bf16a53e96cb8c9c3594f0828730a542a97c806b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63340.exe

Filesize
468KB

MD5
efef88ba2a4094d1265028bc0e34c2fc

SHA1
2170159c2f9182b36425dd3d06088c2f1761b638

SHA256
052860545046b2fdbba5169568291e1de0f4affc6ce24326e6fedc1530f55df9

SHA512
2b01638faeebc871fdea1fca4c5f1402b65194e5fe4150caf841201aa47b51b11371dabdfd995032a78eed9c6df208284bd475e05437f43f7fca288861dcc5ee

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11613.exe

Filesize
468KB

MD5
e7d6a815166caf8679637cbfa7fef79e

SHA1
1426c247b4d34eeee8d98da1b64db2166eed2576

SHA256
a260af9c55a7919cea7f7da33efeae1c0f26f34c96004b7db8122d200bdbe45a

SHA512
49591bbfcd9457dbb80f2eb4fd0dae0e0da78cec511114fcfd0620f467ef54e2415a39f63e35815f0c98bf5b1d474700f4f8b80ea520af3104dc8c44b57e2fba

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16605.exe

Filesize
468KB

MD5
28e4a06754a1bcfb423a747437ff9fa0

SHA1
9b05d4467cb9217b3359df40cba4fb8746cb9d97

SHA256
cebb4f5ddc9183773a34efde32e99897fe3881d69aa316fd6490ab9f436ce94a

SHA512
67c11c007194eb187e67081e144c82cf85dfe2b5e26ca9fd3713f76cc2a0df137eee062ff031980fcbcf00ced1877a4ca2c0c785168cf0b5c7cd392ec1de5ef3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18852.exe

Filesize
468KB

MD5
afe047d60d86ae77ff715b6f5c0522f0

SHA1
a667bed77817717f4031bc2a7a9b58f83e74c530

SHA256
f2472b77444ffac0f3376d97a058cd65371bc221d8678351720be1fcce70b32d

SHA512
48afa555c8433b669070a34fe03bf738197ef7b7481fb3fd8520198718ca56ce7f94d3764ecf95f3e671f4de10f4875dbbbe6562344a454b45de5075dc3a70d6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19977.exe

Filesize
468KB

MD5
804a385b624530986e19c44c7dfc1c41

SHA1
c598bedf6d34b64515775dd6be7d78fa1900c472

SHA256
a4d4454a17fc0a2fa3bcb3a4f5ab2318ff129028f4a16a8b7c03e8d8964a8dbb

SHA512
4783bf8fde05536ad0c71d213bac63b0d343fb3581c3eef446b52b21dda6b5c537f143a019aea3811c7eb9cc0098ce8a481a070d3091080ca3c9f0805a4baef4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22024.exe

Filesize
468KB

MD5
6c057b693a343d275d1cb9b8d166d5e6

SHA1
b56434fb39cd5230a8e327c21f197f084f009421

SHA256
f25e443b1fce9d095d851b69ad1d8eaf8680e4aa537ba79cac481e62b647a2eb

SHA512
3a2424a5198bb8d9b56c4429494ab16ab8b9f50ae330b029437d133bb107130dd0b384d3fcea9785b2ba96f940a3101b26ece0019f58092fc113fb7dd29a35d8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22382.exe

Filesize
468KB

MD5
1b21a7fe2a261d0a3422a53e7088e16c

SHA1
e51ec2a02c205dca036b22ec1404a7c2e3f52f95

SHA256
cbfff096446658cab52e0b486816a848b136e02734787e113af01ca2bda279cd

SHA512
56e914725ec8b3068cb78fb80b4ed76438315fea7e1ab668f4f0fe26643a70ee86b378115e94b1f6999f704681e0ae8a68852a898fe2e7784fc421863e0858c7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22578.exe

Filesize
468KB

MD5
33e36b0a59d52c2ec7af46b3e6a305d3

SHA1
702ed4b64abecd83cb53f3799358ef7cd117be9e

SHA256
15e0fc60b21e7340bd5d43f80a9349437f875c1c4c068133bfa8b81316932ab0

SHA512
3c18ad80d71f18d437e78f751384c157e1f33c8771e692af2323bdc654f59c382dfe1b8083f3805019ecd666ee4d0bf12e7c8ed7927a8d0c2858b6fa0bb4642f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29739.exe

Filesize
468KB

MD5
3207050115ab1d5cde01681209b74fa2

SHA1
c3b3549542711e837d938897ea4c5bcd7dfe83dc

SHA256
3f79a0abd60ad0778b37bd9612eb3d12ecf160cab485d8222b6845b696c3efad

SHA512
70164459adea542b0513dd1a71cfd2be4b413c7bf117b4b594aeeb8c55f897e1ef44c0405e0d9e8342f2139c82937d9152d75f2cdabb1e8f63e578fc1fcf2066

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30384.exe

Filesize
468KB

MD5
d395cbca616c865b862df5b1ca290d2c

SHA1
2b0865739c1dba7a9476633a7ea335405022e9c9

SHA256
28629033df800dc0d1cc434e5cc44af516ef2eb6691894dbdae2c19ffe938d63

SHA512
74079c00a2a81e46c2f585080e612c6ebd4b8e4be77709f9598cd90e8a7ad616d29785be704f55654359a115451aa94e81e832d5c5dd899dbf8b9786f5ba6794

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37353.exe

Filesize
468KB

MD5
76515e9c185c3621859fddd8cd5c1314

SHA1
e75692285472d041722b2581dde867f3aad8c9f2

SHA256
2d7ce855621c7056f902047939c475f27c075b2b388d67590d770d455c9b2245

SHA512
6a4fda48916f2323a13590dc286843ed93989b36a6b2e02d479f06f45b8c8f80cd1f455ac5d7b702dce4698ef03a585619b34c3caa860de881ce0a1fb8db3484

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38360.exe

Filesize
468KB

MD5
46c1a8e6c40298406f623fac0833950d

SHA1
ef9fcab5d4aac41ac06a5f0369de3597b62e42bb

SHA256
991c95ff61e15ed17b5e3fd794b75e810925a31634c69f9782bcd04281e87cd8

SHA512
9a8fe6c0614022317f0aee795798f7af2f5b6ba7cced2443b2359f76770e8e466f19b0aeb20922acf2b0c312beed905ee6d5c61f975694790c3cbcc036eeaa4e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43190.exe

Filesize
468KB

MD5
d83e2ff033a9748e20115fc17f32bbed

SHA1
c133fd7a83f3700f69a918b6e00afdb59ca71f23

SHA256
c29a74dc7820b0d1ec17db3ae9723b4d641f8fb20947f747b12f02b4aaf11b0b

SHA512
b12c51e094a0e4276e0cd2caeefe2ae69ea4d3f0452f8154166263fdf11528a72cac0d19eb7d6e67a797e26a8c80110cfab96891e1d813ee3825e51def2a5c35

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43475.exe

Filesize
468KB

MD5
87f4bde9e90417119df3d8b6211b6404

SHA1
cc7f765d12743aa49998ddf319655de45982ffa3

SHA256
b0c3b45ebbed78de9671d4f6cbd679b04effcb8cde6805f794da2289f8849a6d

SHA512
479311c1b156063d9926aa3cb43b8664d75dfefac6c99816f5d154462343ebed65cdfd61e8ca39ac10b9cf1abb2cd7a57d15b94d9a8bf1b501a4c4efbd7d4159

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49605.exe

Filesize
468KB

MD5
fba1d0a169e448c66a23e9b873362b7a

SHA1
27a93a8ced62e6c055f948477606bed5729bc014

SHA256
0095687c88695723cc0a1ccf6d47a1cc4d116a681ce7156b8845ded9bdfbab3c

SHA512
0486dbef34933397903222fa2451521db17b7dc6abcc822cab642d9f54c39ff8a74850d6f70a67f908ff027bad87bf24581f088fb50524c62053145417b1ab7d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61369.exe

Filesize
468KB

MD5
6c37ee4b703288c51ab64323b77d7b4f

SHA1
2338fbfad561a443d29dde5502eff8e41d18133b

SHA256
fcfadf7be3c8967e60915debc76d7135708878b62eb991b0519da03f2e4ce512

SHA512
8ec69a017022ba13db5a4856ed3159d4dd8cc171b116731864bf0a9e7a8b889386a4f77be8e4d33bc1bc377fed9527810740f19a4454ede28c16d68c55e34bb5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63663.exe

Filesize
468KB

MD5
e2c0b2817a060951380ae10ae6764484

SHA1
1355359ef911d9f18814933b53b7f3e8b6259ec1

SHA256
3bcda575491f15cb8043e604009b78a35259ddc1de3d97079803e73f1746f8ff

SHA512
c1865f4878506a8c6f2ed35dc538c2aecd2383ad0945a032f2ef0d2f0c9c2f31c4027ce71959dd22a92979130f9b9dd025f7e80fd82e3f5bade5b72d4f6e9614

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65260.exe

Filesize
468KB

MD5
3d9c15a896b2af1e62d8633b659a6d7d

SHA1
c5424dc2457065a97208c62a96bff70c599426a8

SHA256
e13a2b1febc56416bfd56fca20bb579488ecbad668d95350b6bffe5c108e7c15

SHA512
1c5279710668143ecfde88163cf77374f3731698073ad266a7874ee5cd32bde87f9db62455ecb59822ebe9059c720fe2ea1b1a5cadc8911f806d7169bf0a300d

Download Submit