8a2585373e776f49ae8167242146db2d004d7f29853bf7025ceb583483ce74a3

Analysis

max time kernel
119s
max time network
17s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
23/07/2024, 22:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1792537e07216fd16285318e71a4e6d0N.exe
Size

468KB
MD5

1792537e07216fd16285318e71a4e6d0
SHA1

aa9b452f9132111c486740e7f7d19d9c9a809e2d
SHA256

8a2585373e776f49ae8167242146db2d004d7f29853bf7025ceb583483ce74a3
SHA512

d231eed43672453917090492ca0d94e762980597f321746f46954200d35111e01576ba4560b4215748a6d8eaf9b24fa151eec251b1d95f9d9703a099ff996cbd
SSDEEP

3072:aZACogbdh0JBtbYaPzcoff8/WChYpaplnlHCxEh1YCWLKUyga1Et:aZ1oyMBt1P4offtSmGYC4Lyga

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2396	Unicorn-5280.exe
2820	Unicorn-44813.exe
2772	Unicorn-3225.exe
2780	Unicorn-57662.exe
2176	Unicorn-193.exe
2776	Unicorn-35658.exe
2836	Unicorn-55524.exe
1496	Unicorn-55607.exe
2404	Unicorn-19405.exe
2376	Unicorn-7174.exe
2472	Unicorn-54137.exe
1036	Unicorn-60267.exe
2752	Unicorn-58876.exe
332	Unicorn-12939.exe
692	Unicorn-13204.exe
1688	Unicorn-23018.exe
992	Unicorn-44761.exe
2320	Unicorn-64626.exe
2112	Unicorn-64526.exe
2288	Unicorn-54320.exe
548	Unicorn-36400.exe
2528	Unicorn-13095.exe
1624	Unicorn-53863.exe
2200	Unicorn-3557.exe
1732	Unicorn-24069.exe
1696	Unicorn-30200.exe
1636	Unicorn-52758.exe
996	Unicorn-24532.exe
1720	Unicorn-657.exe
2348	Unicorn-9587.exe
1972	Unicorn-12280.exe
868	Unicorn-57574.exe
1728	Unicorn-21372.exe
1708	Unicorn-16542.exe
2744	Unicorn-45685.exe
2280	Unicorn-57382.exe
2808	Unicorn-14138.exe
2792	Unicorn-27725.exe
2672	Unicorn-50091.exe
2976	Unicorn-18387.exe
2944	Unicorn-1637.exe
2968	Unicorn-21503.exe
1132	Unicorn-52897.exe
2984	Unicorn-59027.exe
2904	Unicorn-53360.exe
2556	Unicorn-38415.exe
876	Unicorn-36277.exe
2848	Unicorn-27346.exe
3052	Unicorn-65420.exe
3020	Unicorn-15665.exe
2444	Unicorn-60516.exe
1504	Unicorn-60781.exe
2652	Unicorn-18379.exe
1564	Unicorn-21071.exe
2084	Unicorn-3219.exe
2608	Unicorn-51051.exe
2516	Unicorn-51051.exe
2420	Unicorn-14102.exe
2480	Unicorn-59774.exe
1456	Unicorn-14102.exe
908	Unicorn-49005.exe
2144	Unicorn-40645.exe
1536	Unicorn-2426.exe
2132	Unicorn-43267.exe

Loads dropped DLL 64 IoCs

pid	Process
1432	1792537e07216fd16285318e71a4e6d0N.exe
1432	1792537e07216fd16285318e71a4e6d0N.exe
2396	Unicorn-5280.exe
2396	Unicorn-5280.exe
1432	1792537e07216fd16285318e71a4e6d0N.exe
1432	1792537e07216fd16285318e71a4e6d0N.exe
2820	Unicorn-44813.exe
2820	Unicorn-44813.exe
1432	1792537e07216fd16285318e71a4e6d0N.exe
1432	1792537e07216fd16285318e71a4e6d0N.exe
2396	Unicorn-5280.exe
2772	Unicorn-3225.exe
2772	Unicorn-3225.exe
2396	Unicorn-5280.exe
2780	Unicorn-57662.exe
2780	Unicorn-57662.exe
2820	Unicorn-44813.exe
2820	Unicorn-44813.exe
2776	Unicorn-35658.exe
2776	Unicorn-35658.exe
2176	Unicorn-193.exe
2396	Unicorn-5280.exe
2176	Unicorn-193.exe
2396	Unicorn-5280.exe
2772	Unicorn-3225.exe
2772	Unicorn-3225.exe
1432	1792537e07216fd16285318e71a4e6d0N.exe
2836	Unicorn-55524.exe
2836	Unicorn-55524.exe
1432	1792537e07216fd16285318e71a4e6d0N.exe
1496	Unicorn-55607.exe
1496	Unicorn-55607.exe
2780	Unicorn-57662.exe
2404	Unicorn-19405.exe
2404	Unicorn-19405.exe
2780	Unicorn-57662.exe
2820	Unicorn-44813.exe
2820	Unicorn-44813.exe
2376	Unicorn-7174.exe
2376	Unicorn-7174.exe
2776	Unicorn-35658.exe
2776	Unicorn-35658.exe
2472	Unicorn-54137.exe
2472	Unicorn-54137.exe
2396	Unicorn-5280.exe
2396	Unicorn-5280.exe
2752	Unicorn-58876.exe
2752	Unicorn-58876.exe
2772	Unicorn-3225.exe
2772	Unicorn-3225.exe
1036	Unicorn-60267.exe
1036	Unicorn-60267.exe
332	Unicorn-12939.exe
332	Unicorn-12939.exe
2176	Unicorn-193.exe
2176	Unicorn-193.exe
1432	1792537e07216fd16285318e71a4e6d0N.exe
1432	1792537e07216fd16285318e71a4e6d0N.exe
692	Unicorn-13204.exe
692	Unicorn-13204.exe
2836	Unicorn-55524.exe
2836	Unicorn-55524.exe
1688	Unicorn-23018.exe
1688	Unicorn-23018.exe

Program crash 4 IoCs

pid	pid_target	Process	procid_target
4588	628	WerFault.exe	122
5444	4940	WerFault.exe	361
5528	4804	WerFault.exe	346
5508	4860	WerFault.exe	351

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29099.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37201.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61341.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10119.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38923.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44813.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5940.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14626.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57304.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9812.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38406.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19919.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53686.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28535.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19430.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35274.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56703.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36454.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12939.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60781.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55815.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9214.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57382.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27869.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28247.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41673.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33921.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19316.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21179.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13121.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34689.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60516.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56946.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28535.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37201.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19931.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51618.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54040.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41828.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15909.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46527.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19538.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25469.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58064.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31399.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40605.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13800.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10479.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11125.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-547.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41828.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58364.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1191.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49719.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7174.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-657.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47386.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55380.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1492.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58063.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37201.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36074.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24532.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12280.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1432	1792537e07216fd16285318e71a4e6d0N.exe
2396	Unicorn-5280.exe
2820	Unicorn-44813.exe
2772	Unicorn-3225.exe
2780	Unicorn-57662.exe
2776	Unicorn-35658.exe
2176	Unicorn-193.exe
2836	Unicorn-55524.exe
1496	Unicorn-55607.exe
2404	Unicorn-19405.exe
2376	Unicorn-7174.exe
2472	Unicorn-54137.exe
1036	Unicorn-60267.exe
692	Unicorn-13204.exe
2752	Unicorn-58876.exe
332	Unicorn-12939.exe
1688	Unicorn-23018.exe
2320	Unicorn-64626.exe
992	Unicorn-44761.exe
2112	Unicorn-64526.exe
2288	Unicorn-54320.exe
548	Unicorn-36400.exe
2528	Unicorn-13095.exe
1624	Unicorn-53863.exe
2200	Unicorn-3557.exe
1696	Unicorn-30200.exe
1732	Unicorn-24069.exe
2348	Unicorn-9587.exe
996	Unicorn-24532.exe
1720	Unicorn-657.exe
1636	Unicorn-52758.exe
1972	Unicorn-12280.exe
868	Unicorn-57574.exe
1728	Unicorn-21372.exe
1708	Unicorn-16542.exe
2280	Unicorn-57382.exe
2744	Unicorn-45685.exe
2808	Unicorn-14138.exe
2792	Unicorn-27725.exe
2672	Unicorn-50091.exe
2976	Unicorn-18387.exe
2944	Unicorn-1637.exe
2968	Unicorn-21503.exe
2984	Unicorn-59027.exe
1132	Unicorn-52897.exe
2904	Unicorn-53360.exe
2556	Unicorn-38415.exe
876	Unicorn-36277.exe
2848	Unicorn-27346.exe
3052	Unicorn-65420.exe
3020	Unicorn-15665.exe
1504	Unicorn-60781.exe
2652	Unicorn-18379.exe
2444	Unicorn-60516.exe
1564	Unicorn-21071.exe
2084	Unicorn-3219.exe
2516	Unicorn-51051.exe
2608	Unicorn-51051.exe
1456	Unicorn-14102.exe
2420	Unicorn-14102.exe
2480	Unicorn-59774.exe
908	Unicorn-49005.exe
2144	Unicorn-40645.exe
1536	Unicorn-2426.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1432 wrote to memory of 2396	1432	1792537e07216fd16285318e71a4e6d0N.exe	30
PID 1432 wrote to memory of 2396	1432	1792537e07216fd16285318e71a4e6d0N.exe	30
PID 1432 wrote to memory of 2396	1432	1792537e07216fd16285318e71a4e6d0N.exe	30
PID 1432 wrote to memory of 2396	1432	1792537e07216fd16285318e71a4e6d0N.exe	30
PID 1432 wrote to memory of 2820	1432	1792537e07216fd16285318e71a4e6d0N.exe	32
PID 1432 wrote to memory of 2820	1432	1792537e07216fd16285318e71a4e6d0N.exe	32
PID 1432 wrote to memory of 2820	1432	1792537e07216fd16285318e71a4e6d0N.exe	32
PID 1432 wrote to memory of 2820	1432	1792537e07216fd16285318e71a4e6d0N.exe	32
PID 2396 wrote to memory of 2772	2396	Unicorn-5280.exe	31
PID 2396 wrote to memory of 2772	2396	Unicorn-5280.exe	31
PID 2396 wrote to memory of 2772	2396	Unicorn-5280.exe	31
PID 2396 wrote to memory of 2772	2396	Unicorn-5280.exe	31
PID 2820 wrote to memory of 2780	2820	Unicorn-44813.exe	33
PID 2820 wrote to memory of 2780	2820	Unicorn-44813.exe	33
PID 2820 wrote to memory of 2780	2820	Unicorn-44813.exe	33
PID 2820 wrote to memory of 2780	2820	Unicorn-44813.exe	33
PID 1432 wrote to memory of 2176	1432	1792537e07216fd16285318e71a4e6d0N.exe	34
PID 1432 wrote to memory of 2176	1432	1792537e07216fd16285318e71a4e6d0N.exe	34
PID 1432 wrote to memory of 2176	1432	1792537e07216fd16285318e71a4e6d0N.exe	34
PID 1432 wrote to memory of 2176	1432	1792537e07216fd16285318e71a4e6d0N.exe	34
PID 2772 wrote to memory of 2836	2772	Unicorn-3225.exe	36
PID 2772 wrote to memory of 2836	2772	Unicorn-3225.exe	36
PID 2772 wrote to memory of 2836	2772	Unicorn-3225.exe	36
PID 2772 wrote to memory of 2836	2772	Unicorn-3225.exe	36
PID 2396 wrote to memory of 2776	2396	Unicorn-5280.exe	35
PID 2396 wrote to memory of 2776	2396	Unicorn-5280.exe	35
PID 2396 wrote to memory of 2776	2396	Unicorn-5280.exe	35
PID 2396 wrote to memory of 2776	2396	Unicorn-5280.exe	35
PID 2780 wrote to memory of 1496	2780	Unicorn-57662.exe	37
PID 2780 wrote to memory of 1496	2780	Unicorn-57662.exe	37
PID 2780 wrote to memory of 1496	2780	Unicorn-57662.exe	37
PID 2780 wrote to memory of 1496	2780	Unicorn-57662.exe	37
PID 2820 wrote to memory of 2404	2820	Unicorn-44813.exe	38
PID 2820 wrote to memory of 2404	2820	Unicorn-44813.exe	38
PID 2820 wrote to memory of 2404	2820	Unicorn-44813.exe	38
PID 2820 wrote to memory of 2404	2820	Unicorn-44813.exe	38
PID 2776 wrote to memory of 2376	2776	Unicorn-35658.exe	39
PID 2776 wrote to memory of 2376	2776	Unicorn-35658.exe	39
PID 2776 wrote to memory of 2376	2776	Unicorn-35658.exe	39
PID 2776 wrote to memory of 2376	2776	Unicorn-35658.exe	39
PID 2396 wrote to memory of 2472	2396	Unicorn-5280.exe	41
PID 2396 wrote to memory of 2472	2396	Unicorn-5280.exe	41
PID 2396 wrote to memory of 2472	2396	Unicorn-5280.exe	41
PID 2396 wrote to memory of 2472	2396	Unicorn-5280.exe	41
PID 2176 wrote to memory of 1036	2176	Unicorn-193.exe	40
PID 2176 wrote to memory of 1036	2176	Unicorn-193.exe	40
PID 2176 wrote to memory of 1036	2176	Unicorn-193.exe	40
PID 2176 wrote to memory of 1036	2176	Unicorn-193.exe	40
PID 2772 wrote to memory of 2752	2772	Unicorn-3225.exe	42
PID 2772 wrote to memory of 2752	2772	Unicorn-3225.exe	42
PID 2772 wrote to memory of 2752	2772	Unicorn-3225.exe	42
PID 2772 wrote to memory of 2752	2772	Unicorn-3225.exe	42
PID 1432 wrote to memory of 332	1432	1792537e07216fd16285318e71a4e6d0N.exe	43
PID 1432 wrote to memory of 332	1432	1792537e07216fd16285318e71a4e6d0N.exe	43
PID 1432 wrote to memory of 332	1432	1792537e07216fd16285318e71a4e6d0N.exe	43
PID 1432 wrote to memory of 332	1432	1792537e07216fd16285318e71a4e6d0N.exe	43
PID 2836 wrote to memory of 692	2836	Unicorn-55524.exe	44
PID 2836 wrote to memory of 692	2836	Unicorn-55524.exe	44
PID 2836 wrote to memory of 692	2836	Unicorn-55524.exe	44
PID 2836 wrote to memory of 692	2836	Unicorn-55524.exe	44
PID 1496 wrote to memory of 1688	1496	Unicorn-55607.exe	45
PID 1496 wrote to memory of 1688	1496	Unicorn-55607.exe	45
PID 1496 wrote to memory of 1688	1496	Unicorn-55607.exe	45
PID 1496 wrote to memory of 1688	1496	Unicorn-55607.exe	45

C:\Users\Admin\AppData\Local\Temp\1792537e07216fd16285318e71a4e6d0N.exe
"C:\Users\Admin\AppData\Local\Temp\1792537e07216fd16285318e71a4e6d0N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1432
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5280.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5280.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3225.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3225.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55524.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55524.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13204.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9587.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36277.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2509.exe
        8⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63210.exe
        9⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8804.exe
        9⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12612.exe
        9⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65197.exe
        8⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55466.exe
        8⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1492.exe
        8⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30237.exe
        8⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20430.exe
        8⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3064.exe
        7⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39396.exe
        8⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17600.exe
        8⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41673.exe
        8⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-662.exe
        8⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19316.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14351.exe
        7⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62589.exe
        7⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5257.exe
        7⤵
        
        PID:5216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65420.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37377.exe
        7⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45907.exe
        7⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59551.exe
        7⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28535.exe
        7⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57148.exe
        7⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58064.exe
        7⤵
        
        PID:6456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53468.exe
        6⤵
        
        PID:700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32722.exe
        6⤵
        
        PID:3300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50886.exe
        6⤵
        
        PID:4184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12000.exe
        6⤵
        
        PID:5064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50249.exe
        6⤵
        
        PID:5480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45085.exe
        6⤵
        
        PID:6872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12280.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14102.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11061.exe
        7⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28966.exe
        8⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9669.exe
        7⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55847.exe
        7⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58505.exe
        7⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7203.exe
        7⤵
        
        PID:6124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56733.exe
        6⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36942.exe
        7⤵
        
        PID:5636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7448.exe
        6⤵
        
        PID:884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14351.exe
        6⤵
        
        PID:3536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13714.exe
        6⤵
        
        PID:5020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61341.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1188.exe
        6⤵
        
        PID:6372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40645.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56754.exe
        6⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8924.exe
        7⤵
        
        PID:6556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47386.exe
        6⤵
        
        PID:3808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63552.exe
        6⤵
        
        PID:3924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6629.exe
        6⤵
        
        PID:4452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28734.exe
        6⤵
        
        PID:5220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50542.exe
        5⤵
        
        PID:864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63060.exe
        5⤵
        
        PID:3764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38351.exe
        5⤵
        
        PID:4068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41058.exe
        5⤵
        
        PID:4444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65459.exe
        5⤵
        
        PID:6088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58876.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58876.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3557.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60781.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15254.exe
        7⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56946.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13853.exe
        9⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58647.exe
        9⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62059.exe
        9⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9722.exe
        9⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29099.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8486.exe
        8⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47185.exe
        8⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19931.exe
        8⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24003.exe
        8⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45057.exe
        7⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6407.exe
        8⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22414.exe
        7⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14351.exe
        7⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58063.exe
        7⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52981.exe
        7⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52335.exe
        7⤵
        
        PID:6624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59857.exe
        6⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10397.exe
        7⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-547.exe
        7⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36974.exe
        7⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1868.exe
        7⤵
        
        PID:6084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21179.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61331.exe
        6⤵
        
        PID:3392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58364.exe
        6⤵
        
        PID:4860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4860 -s 188
        7⤵
        Program crash
        
        PID:5508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21870.exe
        6⤵
        
        PID:5448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10342.exe
        6⤵
        
        PID:5696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21071.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59598.exe
        6⤵
        
        PID:1452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-547.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47540.exe
        6⤵
        
        PID:872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47000.exe
        6⤵
        
        PID:5552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39750.exe
        6⤵
        
        PID:6812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53468.exe
        5⤵
        
        PID:896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25447.exe
        5⤵
        
        PID:3856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41828.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20269.exe
        5⤵
        
        PID:5244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1733.exe
        5⤵
        
        PID:7144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24069.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24069.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15665.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2317.exe
        6⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36558.exe
        7⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28939.exe
        7⤵
        
        PID:6920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5581.exe
        6⤵
        
        PID:2492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8486.exe
        6⤵
        
        PID:3400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34933.exe
        6⤵
        
        PID:5028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19931.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58814.exe
        6⤵
        
        PID:5188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34174.exe
        5⤵
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53610.exe
        6⤵
        
        PID:4580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2795.exe
        6⤵
        
        PID:5836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16909.exe
        6⤵
        
        PID:6700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7448.exe
        5⤵
        
        PID:860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14351.exe
        5⤵
        
        PID:3888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58063.exe
        5⤵
        
        PID:4616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52981.exe
        5⤵
        
        PID:5912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56419.exe
        5⤵
        
        PID:6524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60516.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60516.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58316.exe
        5⤵
        
        PID:608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56703.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23786.exe
        6⤵
        
        PID:6564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-323.exe
        5⤵
        
        PID:3752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63552.exe
        5⤵
        
        PID:4064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28535.exe
        5⤵
        
        PID:4996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22337.exe
        5⤵
        
        PID:5748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58064.exe
        5⤵
        
        PID:6436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41218.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41218.exe
      4⤵
      PID:2308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65011.exe
        5⤵
        
        PID:7100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12617.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12617.exe
      4⤵
      PID:1816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6216.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6216.exe
      4⤵
      PID:3456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37062.exe
      4⤵
      PID:4572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43180.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43180.exe
      4⤵
      PID:5996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29669.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29669.exe
      4⤵
      PID:6592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35658.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35658.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7174.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54320.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50091.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58316.exe
        7⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7834.exe
        8⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18217.exe
        7⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8486.exe
        7⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36002.exe
        7⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3979.exe
        7⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3409.exe
        7⤵
        
        PID:6344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38450.exe
        6⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32095.exe
        7⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31658.exe
        7⤵
        
        PID:5640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31952.exe
        6⤵
        
        PID:1592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14351.exe
        6⤵
        
        PID:3472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56994.exe
        6⤵
        
        PID:4192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52981.exe
        6⤵
        
        PID:5948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56419.exe
        6⤵
        
        PID:6472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1637.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2509.exe
        6⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26028.exe
        7⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41351.exe
        7⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8486.exe
        7⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53215.exe
        7⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3979.exe
        7⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3409.exe
        7⤵
        
        PID:6336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16743.exe
        6⤵
        
        PID:1984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62954.exe
        6⤵
        
        PID:3648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14351.exe
        6⤵
        
        PID:3524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22183.exe
        6⤵
        
        PID:4076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52981.exe
        6⤵
        
        PID:5904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24665.exe
        6⤵
        
        PID:7072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16799.exe
        5⤵
        
        PID:3012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48571.exe
        6⤵
        
        PID:4500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36074.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5264.exe
        6⤵
        
        PID:5532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9214.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25182.exe
        5⤵
        
        PID:944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5686.exe
        5⤵
        
        PID:3672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41828.exe
        5⤵
        
        PID:4876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20269.exe
        5⤵
        
        PID:5224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54348.exe
        5⤵
        
        PID:5624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36400.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36400.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21503.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11061.exe
        6⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58825.exe
        7⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58581.exe
        7⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58689.exe
        7⤵
        
        PID:6504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59250.exe
        6⤵
        
        PID:2184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8486.exe
        6⤵
        
        PID:3596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1191.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3979.exe
        6⤵
        
        PID:6028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35269.exe
        6⤵
        
        PID:6612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38450.exe
        5⤵
        
        PID:1068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18141.exe
        6⤵
        
        PID:6732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31952.exe
        5⤵
        
        PID:3076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14351.exe
        5⤵
        
        PID:3684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58063.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52981.exe
        5⤵
        
        PID:5884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56419.exe
        5⤵
        
        PID:6532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52897.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52897.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54040.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42925.exe
        6⤵
        
        PID:4620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23630.exe
        6⤵
        
        PID:4560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5264.exe
        6⤵
        
        PID:5516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39875.exe
        6⤵
        
        PID:6844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59250.exe
        5⤵
        
        PID:568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8486.exe
        5⤵
        
        PID:3772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62452.exe
        5⤵
        
        PID:2296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3979.exe
        5⤵
        
        PID:5988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39353.exe
        5⤵
        
        PID:6464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10796.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10796.exe
      4⤵
      PID:628
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 628 -s 220
        5⤵
        Program crash
        
        PID:4588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4648.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4648.exe
      4⤵
      PID:2616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54688.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54688.exe
      4⤵
      PID:3408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57524.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57524.exe
      4⤵
      PID:5068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48515.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48515.exe
      4⤵
      PID:6036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25469.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54137.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54137.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13095.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13095.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59027.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11061.exe
        6⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28971.exe
        7⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3262.exe
        7⤵
        
        PID:5312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9669.exe
        6⤵
        
        PID:3632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14351.exe
        6⤵
        
        PID:3328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22183.exe
        6⤵
        
        PID:4108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52981.exe
        6⤵
        
        PID:5892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56419.exe
        6⤵
        
        PID:6488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38450.exe
        5⤵
        
        PID:1980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8524.exe
        6⤵
        
        PID:5396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38923.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31952.exe
        5⤵
        
        PID:2996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55847.exe
        5⤵
        
        PID:4080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12000.exe
        5⤵
        
        PID:4268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51655.exe
        5⤵
        
        PID:5676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36533.exe
        5⤵
        
        PID:6404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53360.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53360.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29209.exe
        5⤵
        
        PID:2932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5686.exe
        5⤵
        
        PID:3564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9732.exe
        5⤵
        
        PID:5040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20461.exe
        5⤵
        
        PID:5800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19538.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35981.exe
      4⤵
      PID:1968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55380.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55380.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41828.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41828.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30809.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30809.exe
      4⤵
      PID:5232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5241.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5241.exe
      4⤵
      PID:6996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53863.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53863.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38415.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38415.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11061.exe
        5⤵
        
        PID:1084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50911.exe
        6⤵
        
        PID:3364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60288.exe
        6⤵
        
        PID:3344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64947.exe
        6⤵
        
        PID:4496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12644.exe
        6⤵
        
        PID:6064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47913.exe
        6⤵
        
        PID:6824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54688.exe
        5⤵
        
        PID:3376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22713.exe
        5⤵
        
        PID:4276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43810.exe
        5⤵
        
        PID:804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55540.exe
        5⤵
        
        PID:6792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33982.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33982.exe
      4⤵
      PID:1540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20222.exe
        5⤵
        
        PID:5460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7448.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7448.exe
      4⤵
      PID:1104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14351.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14351.exe
      4⤵
      PID:3788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23252.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23252.exe
      4⤵
      PID:4640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52981.exe
      4⤵
      PID:5920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56419.exe
      4⤵
      PID:6516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27346.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27346.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4564.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4564.exe
      4⤵
      PID:1368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28680.exe
        5⤵
        
        PID:1244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43848.exe
        5⤵
        
        PID:3380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53686.exe
        5⤵
        
        PID:4128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37201.exe
        5⤵
        
        PID:4816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18992.exe
        5⤵
        
        PID:5420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49550.exe
        5⤵
        
        PID:6896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7444.exe
      4⤵
      PID:1776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28823.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28823.exe
      4⤵
      PID:4052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1492.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1492.exe
      4⤵
      PID:4780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35274.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35274.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32107.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32107.exe
      4⤵
      PID:7012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16623.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16623.exe
    3⤵
    PID:1180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52089.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52089.exe
      4⤵
      PID:2316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60288.exe
      4⤵
      PID:3908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13800.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55815.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55815.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-658.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-658.exe
      4⤵
      PID:6388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11125.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11125.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5023.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5023.exe
    3⤵
    PID:3996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32028.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32028.exe
    3⤵
    PID:4836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51080.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51080.exe
    3⤵
    PID:5280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25478.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25478.exe
    3⤵
    PID:5172
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44813.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44813.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57662.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57662.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55607.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23018.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57574.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2426.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50702.exe
        8⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14351.exe
        8⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34518.exe
        8⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22337.exe
        8⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58064.exe
        8⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7444.exe
        7⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59550.exe
        7⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1492.exe
        7⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33913.exe
        7⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13721.exe
        7⤵
        
        PID:6576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23401.exe
        6⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59079.exe
        7⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60288.exe
        7⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29067.exe
        7⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28597.exe
        7⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9812.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23812.exe
        6⤵
        
        PID:2148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5686.exe
        6⤵
        
        PID:3336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5648.exe
        6⤵
        
        PID:5100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4509.exe
        6⤵
        
        PID:5972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34888.exe
        6⤵
        
        PID:6428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21372.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43267.exe
        6⤵
        Executes dropped EXE
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1606.exe
        7⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57637.exe
        8⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33650.exe
        7⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59551.exe
        7⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28535.exe
        7⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22337.exe
        7⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58064.exe
        7⤵
        
        PID:6384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2737.exe
        6⤵
        
        PID:924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-323.exe
        6⤵
        
        PID:3716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43132.exe
        6⤵
        
        PID:3252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28535.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22337.exe
        6⤵
        
        PID:5772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58064.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43167.exe
        5⤵
        
        PID:684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64019.exe
        6⤵
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25290.exe
        6⤵
        
        PID:3944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57687.exe
        6⤵
        
        PID:3956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27248.exe
        6⤵
        
        PID:4668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11668.exe
        6⤵
        
        PID:5384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31399.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58497.exe
        5⤵
        
        PID:3352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58894.exe
        5⤵
        
        PID:4844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9237.exe
        5⤵
        
        PID:5668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49013.exe
        5⤵
        
        PID:6044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44761.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44761.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27725.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47735.exe
        6⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27310.exe
        7⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47953.exe
        7⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61164.exe
        7⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42987.exe
        7⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36454.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17946.exe
        6⤵
        
        PID:2816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14351.exe
        6⤵
        
        PID:3432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22183.exe
        6⤵
        
        PID:5084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52981.exe
        6⤵
        
        PID:5936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13539.exe
        6⤵
        
        PID:6832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5311.exe
        5⤵
        
        PID:2844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64201.exe
        6⤵
        
        PID:1616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17600.exe
        6⤵
        
        PID:4712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41673.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-662.exe
        6⤵
        
        PID:6396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25154.exe
        5⤵
        
        PID:2596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46527.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59016.exe
        5⤵
        
        PID:5076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25506.exe
        5⤵
        
        PID:5148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57638.exe
        5⤵
        
        PID:6928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18387.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33921.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62395.exe
        6⤵
        
        PID:1692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60288.exe
        6⤵
        
        PID:3936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62059.exe
        6⤵
        
        PID:1116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9722.exe
        6⤵
        
        PID:6072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42835.exe
        5⤵
        
        PID:3152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14351.exe
        5⤵
        
        PID:3452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22183.exe
        5⤵
        
        PID:4180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52981.exe
        5⤵
        
        PID:5876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56419.exe
        5⤵
        
        PID:6480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14989.exe
      4⤵
      PID:2828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44767.exe
        5⤵
        
        PID:3872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47429.exe
        5⤵
        
        PID:4792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10479.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18477.exe
        5⤵
        
        PID:5504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10595.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10595.exe
      4⤵
      PID:2564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40214.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40214.exe
      4⤵
      PID:4016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46382.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46382.exe
      4⤵
      PID:4272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64177.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64177.exe
      4⤵
      PID:5136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56504.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56504.exe
      4⤵
      PID:6912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19405.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19405.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64626.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64626.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16542.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49297.exe
        6⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6453.exe
        7⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43952.exe
        7⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31335.exe
        7⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47538.exe
        7⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12417.exe
        7⤵
        
        PID:6636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7444.exe
        6⤵
        
        PID:2708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55466.exe
        6⤵
        
        PID:3276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1492.exe
        6⤵
        
        PID:4828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38406.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58814.exe
        6⤵
        
        PID:1064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13095.exe
        5⤵
        
        PID:2588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32909.exe
        6⤵
        
        PID:2124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33650.exe
        6⤵
        
        PID:3692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37267.exe
        6⤵
        
        PID:3160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23164.exe
        6⤵
        
        PID:4488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11668.exe
        6⤵
        
        PID:5376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38839.exe
        5⤵
        
        PID:1464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6216.exe
        5⤵
        
        PID:3268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37363.exe
        5⤵
        
        PID:4868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46880.exe
        5⤵
        
        PID:5360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53213.exe
        5⤵
        
        PID:2128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45685.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45685.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33921.exe
        5⤵
        
        PID:2604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15909.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60288.exe
        6⤵
        
        PID:3500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24983.exe
        6⤵
        
        PID:4232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12644.exe
        6⤵
        
        PID:6004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51805.exe
        6⤵
        
        PID:6584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65197.exe
        5⤵
        
        PID:3004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28823.exe
        5⤵
        
        PID:4044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1492.exe
        5⤵
        
        PID:4852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7679.exe
        5⤵
        
        PID:5368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19919.exe
        5⤵
        
        PID:6268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19430.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55659.exe
        5⤵
        
        PID:2660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29570.exe
        5⤵
        
        PID:3460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39131.exe
        5⤵
        
        PID:4200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28535.exe
        5⤵
        
        PID:4992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22337.exe
        5⤵
        
        PID:5808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58064.exe
        5⤵
        
        PID:6444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59333.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59333.exe
      4⤵
      PID:1712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8912.exe
      4⤵
      PID:3860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58894.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58894.exe
      4⤵
      PID:4924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13321.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13321.exe
      4⤵
      PID:5596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10119.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10119.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64526.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64526.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57382.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57382.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56733.exe
        5⤵
        
        PID:2340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32909.exe
        6⤵
        
        PID:1916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52125.exe
        6⤵
        
        PID:3708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59551.exe
        6⤵
        
        PID:3188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28535.exe
        6⤵
        
        PID:5024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22337.exe
        6⤵
        
        PID:5712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58064.exe
        6⤵
        
        PID:6448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24640.exe
        5⤵
        
        PID:768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53251.exe
        5⤵
        
        PID:3792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54887.exe
        5⤵
        
        PID:1612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12000.exe
        5⤵
        
        PID:4800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19522.exe
        5⤵
        
        PID:5380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45085.exe
        5⤵
        
        PID:6852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27869.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49759.exe
        5⤵
        
        PID:2956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11004.exe
        5⤵
        
        PID:3204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61164.exe
        5⤵
        
        PID:4724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16344.exe
        5⤵
        
        PID:5292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9812.exe
        5⤵
        
        PID:5536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5419.exe
      4⤵
      PID:2164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34689.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58364.exe
      4⤵
      PID:4940
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 188
        5⤵
        Program crash
        
        PID:5444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44428.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44428.exe
      4⤵
      PID:5684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36985.exe
      4⤵
      PID:6304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14138.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14138.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57465.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57465.exe
      4⤵
      PID:2572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45156.exe
        5⤵
        
        PID:3972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52316.exe
        5⤵
        
        PID:4292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37201.exe
        5⤵
        
        PID:4424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18992.exe
        5⤵
        
        PID:5352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40405.exe
        5⤵
        
        PID:6848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7444.exe
      4⤵
      PID:2856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55466.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55466.exe
      4⤵
      PID:3200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1492.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1492.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34321.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34321.exe
      4⤵
      PID:5568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19919.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19919.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5940.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5940.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40605.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58647.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58647.exe
      4⤵
      PID:3920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37201.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16314.exe
      4⤵
      PID:5592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40998.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40998.exe
      4⤵
      PID:6352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57651.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57651.exe
    3⤵
    PID:2912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26554.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26554.exe
    3⤵
    PID:3988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37363.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37363.exe
    3⤵
    PID:4744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58940.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58940.exe
    3⤵
    PID:5260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53213.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53213.exe
    3⤵
    PID:5484
- C:\Users\Admin\AppData\Local\Temp\Unicorn-193.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-193.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60267.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60267.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30200.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30200.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51051.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14818.exe
        6⤵
        
        PID:2056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49987.exe
        6⤵
        
        PID:3892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57687.exe
        6⤵
        
        PID:3952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37201.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18992.exe
        6⤵
        
        PID:5276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40405.exe
        6⤵
        
        PID:6784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60298.exe
        5⤵
        
        PID:2336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34113.exe
        5⤵
        
        PID:3840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58364.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4804
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4804 -s 188
        6⤵
        Program crash
        
        PID:5528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56681.exe
        5⤵
        
        PID:5324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10342.exe
        5⤵
        
        PID:5652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22445.exe
      4⤵
      PID:1932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52862.exe
        5⤵
        
        PID:2988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17943.exe
        6⤵
        
        PID:2732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52125.exe
        6⤵
        
        PID:3744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57687.exe
        6⤵
        
        PID:4024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37201.exe
        6⤵
        
        PID:4248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18992.exe
        6⤵
        
        PID:5404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40405.exe
        6⤵
        
        PID:6856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14413.exe
        5⤵
        
        PID:2284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47386.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49516.exe
        5⤵
        
        PID:4280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12000.exe
        5⤵
        
        PID:4252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52236.exe
        5⤵
        
        PID:6092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53310.exe
        5⤵
        
        PID:6712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33246.exe
      4⤵
      PID:1600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23890.exe
      4⤵
      PID:3516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54688.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54688.exe
      4⤵
      PID:3760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18629.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18629.exe
      4⤵
      PID:4320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12885.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12885.exe
      4⤵
      PID:5644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43950.exe
      4⤵
      PID:6948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24532.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24532.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14102.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14102.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16380.exe
        5⤵
        
        PID:984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58180.exe
        5⤵
        
        PID:3488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1492.exe
        5⤵
        
        PID:4760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33913.exe
        5⤵
        
        PID:5128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6868.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6868.exe
      4⤵
      PID:2160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5686.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5686.exe
      4⤵
      PID:3240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41828.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41828.exe
      4⤵
      PID:4884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8209.exe
      4⤵
      PID:5316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54348.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54348.exe
      4⤵
      PID:6164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49005.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49005.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59598.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59598.exe
      4⤵
      PID:2488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13121.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13121.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53686.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53686.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37201.exe
      4⤵
      PID:4544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49719.exe
      4⤵
      PID:5408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49550.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49550.exe
      4⤵
      PID:6936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20438.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20438.exe
    3⤵
    PID:1676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24056.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24056.exe
    3⤵
    PID:3256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34350.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34350.exe
    3⤵
    PID:4172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29066.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29066.exe
    3⤵
    PID:4956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17872.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17872.exe
    3⤵
    PID:5840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51618.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51618.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6668
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12939.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12939.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52758.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52758.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51051.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51051.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57304.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8486.exe
        5⤵
        
        PID:3576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31918.exe
        5⤵
        
        PID:4644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3979.exe
        5⤵
        
        PID:6012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31377.exe
        5⤵
        
        PID:6864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39732.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39732.exe
      4⤵
      PID:1048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26856.exe
      4⤵
      PID:3208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59551.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59551.exe
      4⤵
      PID:4100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28535.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28535.exe
      4⤵
      PID:4972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22337.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22337.exe
      4⤵
      PID:5864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12947.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12947.exe
      4⤵
      PID:6660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59774.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59774.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8596.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8596.exe
      4⤵
      PID:1196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44341.exe
      4⤵
      PID:4004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21506.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21506.exe
      4⤵
      PID:3964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37201.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49719.exe
      4⤵
      PID:5440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49550.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49550.exe
      4⤵
      PID:6904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5254.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5254.exe
    3⤵
    PID:2272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52173.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52173.exe
    3⤵
    PID:3580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41828.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41828.exe
    3⤵
    PID:4752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4125.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4125.exe
    3⤵
    PID:5464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54348.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54348.exe
    3⤵
    PID:6156
- C:\Users\Admin\AppData\Local\Temp\Unicorn-657.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-657.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18379.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18379.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40885.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40885.exe
      4⤵
      PID:380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33650.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33650.exe
      4⤵
      PID:3732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37267.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37267.exe
      4⤵
      PID:3248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37201.exe
      4⤵
      PID:4428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49719.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40405.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40405.exe
      4⤵
      PID:6884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33847.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33847.exe
    3⤵
    PID:1976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63722.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63722.exe
    3⤵
    PID:3880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63552.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63552.exe
    3⤵
    PID:3984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28535.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28535.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22337.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22337.exe
    3⤵
    PID:5796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58064.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58064.exe
    3⤵
    PID:6416
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3219.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3219.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14626.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14626.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28247.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28247.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1492.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1492.exe
    3⤵
    PID:4904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34321.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34321.exe
    3⤵
    PID:5584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19919.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19919.exe
    3⤵
    PID:6280
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51198.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51198.exe
  2⤵
  PID:892
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3056.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3056.exe
  2⤵
  PID:3164
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24550.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24550.exe
  2⤵
  PID:4120
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6400.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6400.exe
  2⤵
  PID:4768
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54538.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54538.exe
  2⤵
  PID:5720
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54999.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54999.exe
  2⤵
  PID:6360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12417.exe

Filesize
468KB

MD5
3eeca6a2fe7174c7ac2e89087f05d1b5

SHA1
f32466c0b23dfa4ef01181d79bd67d1cd94e4706

SHA256
1257d0c75eaf16d0532916cb5cbacc601693066a7441267a0567a150c23ba77e

SHA512
9deea9b9ac5a7efcc059f670f4a0c849939bbf67b843f4126b1b44c50742b2378dbf77c05694cdeeb5ed9d6a17863d0b8c3d9258dfcca887d37614c53bae4a07

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-193.exe

Filesize
468KB

MD5
285d80f88a75236553dd15fb66df9b6d

SHA1
d555bf3020183b9cadf0187d1d9789c4dfbd822e

SHA256
755070e0cbcf963b4928fb8b500655801dfe61ac92e82a362924ca51dc40421d

SHA512
88c5c5432d729d3782ef2e8ea4e544f0c6c2a2b2ac6920c868443745b8fcf2dccb924a72cf5554b53f24bc1500e81ea9341b4fc315f0adf0b17effd7fbcba344

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23018.exe

Filesize
468KB

MD5
27adc4461bfd82683f506881f02fc4e6

SHA1
6afa7d28c15041ad91fa9c6b50b9c5241fa9c309

SHA256
63a4e4d973ed3838e76a918f2a09e356b3ce239318599f182cd353ddebffca65

SHA512
599fe151c74d724c7f83674d3812310c437d74c50e48bc50cb8720f94cc5bb8c81dac823f385b28502ffe80c6b96773182ae79e9e96ee7ab56e536b80614e481

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35658.exe

Filesize
468KB

MD5
f7f798637f76bd7f82cbd78a9797926c

SHA1
32fba707e8687f63b8ec20a514c5f17f49e2c61d

SHA256
08bfa1bc922539840c9bb0fb42bd05d1a225ab7909717cf2181cad9e83cb9469

SHA512
4d39b28529c529dce29f039430f3c9845f1819f13ab0c310c536cb0e12563d32ecc32fc2b7584ecd668bff8d625936917795fc4c0b8130d8a5833bb16271d85c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40605.exe

Filesize
468KB

MD5
31ee0b0d64e83baeda6c2fa5a717b43f

SHA1
b6485214d3c0f71ee9af994801779537a7268df3

SHA256
9ae7e7c1ad250efcfaac767eed316d34dca06a884cef52bfda6521aaf4a55348

SHA512
bb89fbce74da329cb9265af0b9733006feaa2f55ba8b9ae108142f1db618882cc77fba4b441e1e89c83534f3930f4ef508a8ac008ada91e40a06ccd44b6ecfc2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55607.exe

Filesize
468KB

MD5
aa9b3b291865bf96711aed3f4505b4f0

SHA1
6d1036736cc794f17062327692c9d7fab9b1a89c

SHA256
a79e4f6bd60fe7a3f073da707d9953c175ad363373729f9937712e64fbf08e0b

SHA512
c75fc242869a6a1c887b643c41ed5f95f966e33b4c21a8083c6ae7f3b61a192248695f4353f0a422fd4a2879ef8c12204dc622629e6960424094c0628490dec0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58876.exe

Filesize
468KB

MD5
e1676b221700241edd77bd2be65b654a

SHA1
93e98a8fa0758f4a9806b313d347797fbd7ea5ff

SHA256
c381ed54414e5cb14634d6d0e90bbed9d06bfb297545fbc13f4d85344dcfc969

SHA512
3e17c5e892a0f7349226df2d4bfa79818316f6af958e9a1cdb98d342f1941d5657ab4773be5d673053e46f014ceb663e69a8158591e8eca31b87a5f152110bee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-657.exe

Filesize
468KB

MD5
53a1864a07df24f1e2a414f367e29def

SHA1
7d04f3537646430d87832ec11e23427369626c54

SHA256
4b871b8a898c75fd262b895cba76bd5cb9a9f9c50dac1d041fbb4cc70f1944e1

SHA512
d5cb566b66d779a343ee7b98b532bdd372f459ecc25a3f6503230a52ae98cf75de8f2de09990031b220521cf2f5cb570f17b20a0f7ec07f657513a4a9876ba4a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12939.exe

Filesize
468KB

MD5
f2bb60d5061cef545e2b3ed6234b1e2f

SHA1
8ab7b2db6a846f4744509bbab6406a7b4c3e518b

SHA256
47126dc5b9b48ec6c5a352289ff5273ef15fd15795e26a5ba92343dd9856a662

SHA512
689ef6a5e48e74b70c6091904f0895b55fe604b575120244058a0d681c34f7267bb01d4e53dcc832a8da3ed2252291199eb73df069a6a39100aa620d5c3d8492

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13204.exe

Filesize
468KB

MD5
2136574ee5e94aa608a31b1102647293

SHA1
fb75297df236cf3449ed473dc7681811942ddaf2

SHA256
da2b5427b83dbab4d84b6a4abe885a29c324c149927d1f5a48ff9374373983d7

SHA512
1f28ec6f80265b9fbd3c50238308cb5739ba49987abeeea92a2c6a6a85a96fae667e79c41decd3d71853e246992cf92abc7a241ec767a60bc558f9076a996817

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19405.exe

Filesize
468KB

MD5
331a6a32381644ba3f4c4b765acab159

SHA1
e3d2b1957909fc48a27d12549378606650340e90

SHA256
dc674ca0d61a1a7b914ae559b52c479866137c473ccf2b199205149181e3ac48

SHA512
373cfdbb2b69e78c1a685825ff8849dc88915bd948e182ae9f3fbae8d944b14e5be04f6b1e175805eb5d6a555674dd9e9d5fd4841c1906a4fb8ebc3b7d0fb2d5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3225.exe

Filesize
468KB

MD5
511a32c34add1228bc34311594aad535

SHA1
19684c0049b2a3c2844d81affe32c98cad96148b

SHA256
1fa2f45242250476f168c79f40d0fcc70ee4defa50d2ec53416878993dcaab49

SHA512
51c3bd440347ca36cd9a74a21aed637b3d0312db55afea1e95468ca2911393a440c575d8a20567b68897a42af3ac9af32843c0e3bc63904b8983ffd6e94e0285

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44761.exe

Filesize
468KB

MD5
60740bc838e72a6e230bac776debb21d

SHA1
bce7f940b196fd20e97af4ef72e76456430b9fd1

SHA256
13c70fdf316ae1fea59be60df8eb8c887c2bb96a5710509163e61707f4fcf5cd

SHA512
bec170580da675251f6a33916d7b1b549b8729faeba9b286ae3ce9da2f4c069a9edbb26b4944680fb1a373c0da9bf72b61b88cd72754a230472483d9fe4ba2aa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44813.exe

Filesize
468KB

MD5
203ba3f2b80c3b82159b4455c12741f8

SHA1
188b8c9f73c16cb592d9391ba0b23f563d6f0660

SHA256
9b9d206b1e2d89a784981c02e01b628108391bab7d4085ca19aaf3e4271b68c2

SHA512
ff8a3de579a08d9842d48e73d0612eb525ef7812a1fd158b113f08dbd0382fed3bd80037ebb960f22504adae6e5b9ed47a547373a53190ac8d14aca078d0f73d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5280.exe

Filesize
468KB

MD5
1a741b307ece6d04ba3c991fdba41ac9

SHA1
ea0f4f17f122bcbc922956fa65e5b8715b5c22d5

SHA256
1d83d67121d2c17dea96c04987e2fcee97a250d545d6dfbab816975a71ecd88f

SHA512
28d7eb4de7260573f4f65db0da400c1343b97511271f4a1bf23a407e1a8834563a587e5d4294ab53cf09467049ffa96334de3e2e6355a1c5803edc78460fa729

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54137.exe

Filesize
468KB

MD5
6b51a478e459575a61f4c857cff88455

SHA1
2b9f01cbea6292ff44a6ec14a934580e908d23cb

SHA256
83dbfd9e3fd70a8bfa39dc51b186a22ea41111230f6030dbf4dce8a36a7a0f11

SHA512
f847f6f9007147ead9a57d479215bcc12ce3ac79f12f938d6e9d19c2deed8c49b4ed50f2f13ed5134133eda612d8979d6fd31f5bd55c988ce44608e1ca0d732d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55524.exe

Filesize
468KB

MD5
610c015b3e277d1c51a6f4e6a16d6298

SHA1
0a5bd428c734195037a4aa434cfab7df90d5bce6

SHA256
c5d97898ea7c30d8db8ca6cd450a4e4b875b2d5cb4304a319c5ba40d1b97dfb6

SHA512
a26aaf47f5e12c2766f5f25c9da7fe20b1ca01b44ba4d3e9734affe994bc256fde38145810991c258214fc781a9a979736fec7400bc7f7150e1a8d958044e76a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57662.exe

Filesize
468KB

MD5
b9e540fdc61db39951d0c4652d29276b

SHA1
2305d47767394a6c16026584598823b01401ceaf

SHA256
cc117c719387899d6fdc38531ceb1ecd3965a9b11d6bb904d077069162d57448

SHA512
41f67d3746b94af25a7d95f9f3085258f361b36ccedc9bb44a885dc2097761410627c366d7cd0cb51c89bd446f320c0d42b312266007432079520e24b6ee1c37

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60267.exe

Filesize
468KB

MD5
2e75b275c781fd4d5313094de9b6d60e

SHA1
d0ca50cd287cf8e6cb4c28cab354ce20dbe23469

SHA256
cf4fa30e06ecf9dcd3aad3148bca9b0cdfe1006a0ffd478b0016f075c1591cb7

SHA512
347c756c79283d8675603adf56a43c5eaada95de640e219ca88c91ecaa173d946b075f99ced0fecfd396556e1e68480b981228babccc5d393f410a51ab103052

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64526.exe

Filesize
468KB

MD5
71909eb8b5acbb4087d9632b2d97c78a

SHA1
895724f5679fac78769ccdae133800f285b6caff

SHA256
7bf032d6ae7a5a55150090d2bdcd12aeeb861c5c2c96065794cb05d7d9badd04

SHA512
9a7a59a3b5ccc52125945d31f2ec88791724ee59212316768f5146d7ccb407972e83535306dbb105551ba9c053541db422e3d24df4315df4c30596c67c0c6dd2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64626.exe

Filesize
468KB

MD5
93347dbfe43262c33034755d37c06df2

SHA1
f0f3fbd7c73a06b55bfe9a391de0575226494fbd

SHA256
ac524766ec530558d6ea995487dadea10afd0a40df4a05898db17367f6338f2e

SHA512
9fb7278dff1adc9b0dfba17fa2735bb24a4189d637854a21347c424938cfac44af429a67063195049ffb3f502200d65edba07b276a878da3a55b99201f9ae312

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7174.exe

Filesize
468KB

MD5
276cf91806df4db313896bff49cb9506

SHA1
e594d5b0d32e136ba85d318bc37be990aebfb82e

SHA256
cff7ab7dc7ca187920e9e5e08471005b78b3a13a7b5ed5ccbc615801478695e3

SHA512
a777a1f7c1b8a0c5bfe3654bdb826896a3aa5c833f1c3a31fb048b0455599f2e22e1a650825b6078c6f4d08c77aa1626d6d6ffff9283c33f7e4b66265b5223f6

Download Submit