b8365b9d58af6df9d4f1b20c6e8714e3156ad5474a5b61edc7e6efcdded92942

Analysis

max time kernel
120s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
03/09/2024, 23:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

76e0c9c1fa1b660d61b0c93a4ad03b60N.exe
Size

468KB
MD5

76e0c9c1fa1b660d61b0c93a4ad03b60
SHA1

8eebefd9f84722f7bd8cfd6a873b3bd5b2e3df1c
SHA256

b8365b9d58af6df9d4f1b20c6e8714e3156ad5474a5b61edc7e6efcdded92942
SHA512

54d1de395bd284f7e3bf84bf6446ee9a56737e5ec34b904121f3d869c1fdeef46a6d87465491675ff5e4dffe05d7483e29c7e858601b912f51824e9ce0b40cb8
SSDEEP

3072:nu0VogWGII5AtGYJzYITff8wFCWCIppIJEHCYV1udqDLgJ3u1vlj:nueoJIAtVzVTff9fKjdqHM3u1

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2300	Unicorn-37901.exe
2316	Unicorn-51305.exe
1056	Unicorn-713.exe
2784	Unicorn-16350.exe
2832	Unicorn-10219.exe
2164	Unicorn-42992.exe
2584	Unicorn-4652.exe
2660	Unicorn-47159.exe
3040	Unicorn-60158.exe
1824	Unicorn-53381.exe
2608	Unicorn-41129.exe
2876	Unicorn-34998.exe
2284	Unicorn-46344.exe
2724	Unicorn-35218.exe
1028	Unicorn-672.exe
2060	Unicorn-44227.exe
2180	Unicorn-44974.exe
1248	Unicorn-5908.exe
872	Unicorn-44895.exe
1700	Unicorn-46941.exe
1384	Unicorn-12130.exe
336	Unicorn-51388.exe
112	Unicorn-4325.exe
2288	Unicorn-63085.exe
2516	Unicorn-63085.exe
2972	Unicorn-2187.exe
2088	Unicorn-22053.exe
2188	Unicorn-38481.exe
2152	Unicorn-51637.exe
1796	Unicorn-47056.exe
2116	Unicorn-3469.exe
912	Unicorn-54708.exe
2980	Unicorn-51108.exe
1620	Unicorn-4600.exe
1864	Unicorn-59276.exe
1724	Unicorn-64107.exe
2632	Unicorn-26604.exe
1856	Unicorn-42483.exe
2788	Unicorn-42748.exe
2800	Unicorn-39218.exe
2644	Unicorn-39218.exe
2656	Unicorn-38664.exe
2844	Unicorn-38664.exe
2532	Unicorn-28934.exe
2540	Unicorn-28934.exe
2596	Unicorn-53530.exe
2552	Unicorn-39794.exe
2388	Unicorn-50101.exe
2856	Unicorn-345.exe
1688	Unicorn-80.exe
2884	Unicorn-4792.exe
1988	Unicorn-2099.exe
2768	Unicorn-40994.exe
380	Unicorn-21128.exe
2440	Unicorn-40994.exe
2576	Unicorn-10459.exe
1912	Unicorn-50531.exe
1400	Unicorn-8413.exe
2380	Unicorn-52676.exe
1932	Unicorn-34855.exe
984	Unicorn-41631.exe
1636	Unicorn-55275.exe
1596	Unicorn-39685.exe
1668	Unicorn-59551.exe

Loads dropped DLL 64 IoCs

pid	Process
1172	76e0c9c1fa1b660d61b0c93a4ad03b60N.exe
1172	76e0c9c1fa1b660d61b0c93a4ad03b60N.exe
2300	Unicorn-37901.exe
2300	Unicorn-37901.exe
1172	76e0c9c1fa1b660d61b0c93a4ad03b60N.exe
1172	76e0c9c1fa1b660d61b0c93a4ad03b60N.exe
1172	76e0c9c1fa1b660d61b0c93a4ad03b60N.exe
1056	Unicorn-713.exe
1056	Unicorn-713.exe
1172	76e0c9c1fa1b660d61b0c93a4ad03b60N.exe
2316	Unicorn-51305.exe
2316	Unicorn-51305.exe
2300	Unicorn-37901.exe
2300	Unicorn-37901.exe
2784	Unicorn-16350.exe
2784	Unicorn-16350.exe
1056	Unicorn-713.exe
1056	Unicorn-713.exe
2584	Unicorn-4652.exe
2584	Unicorn-4652.exe
2164	Unicorn-42992.exe
2300	Unicorn-37901.exe
2164	Unicorn-42992.exe
2300	Unicorn-37901.exe
2316	Unicorn-51305.exe
1172	76e0c9c1fa1b660d61b0c93a4ad03b60N.exe
2832	Unicorn-10219.exe
2316	Unicorn-51305.exe
1172	76e0c9c1fa1b660d61b0c93a4ad03b60N.exe
2832	Unicorn-10219.exe
2660	Unicorn-47159.exe
2784	Unicorn-16350.exe
2660	Unicorn-47159.exe
2784	Unicorn-16350.exe
3040	Unicorn-60158.exe
3040	Unicorn-60158.exe
1056	Unicorn-713.exe
1056	Unicorn-713.exe
1028	Unicorn-672.exe
1824	Unicorn-53381.exe
1028	Unicorn-672.exe
1824	Unicorn-53381.exe
2832	Unicorn-10219.exe
2832	Unicorn-10219.exe
2584	Unicorn-4652.exe
2584	Unicorn-4652.exe
2284	Unicorn-46344.exe
2608	Unicorn-41129.exe
2284	Unicorn-46344.exe
2608	Unicorn-41129.exe
2164	Unicorn-42992.exe
2876	Unicorn-34998.exe
2164	Unicorn-42992.exe
2876	Unicorn-34998.exe
2316	Unicorn-51305.exe
2316	Unicorn-51305.exe
2300	Unicorn-37901.exe
2300	Unicorn-37901.exe
1172	76e0c9c1fa1b660d61b0c93a4ad03b60N.exe
1172	76e0c9c1fa1b660d61b0c93a4ad03b60N.exe
2180	Unicorn-44974.exe
2180	Unicorn-44974.exe
2784	Unicorn-16350.exe
2784	Unicorn-16350.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
448	2532	WerFault.exe	74
2716	2540	WerFault.exe	75
4664	3652	WerFault.exe	291

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63085.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12187.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22700.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7080.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64437.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14455.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18540.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47595.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53282.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27923.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51637.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63282.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35513.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10585.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44362.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37097.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54711.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34998.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-80.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18466.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58560.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54611.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20569.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40684.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48528.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44305.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42939.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8847.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48528.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57636.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63376.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28357.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59079.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11117.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54393.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43131.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6988.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19900.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54711.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47159.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10298.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55239.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4280.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24461.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48528.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55421.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42992.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51674.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41403.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48528.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53282.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42483.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19172.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53818.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58544.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7080.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62919.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35803.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55139.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59676.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12945.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50620.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39794.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48528.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1172	76e0c9c1fa1b660d61b0c93a4ad03b60N.exe
2300	Unicorn-37901.exe
1056	Unicorn-713.exe
2316	Unicorn-51305.exe
2784	Unicorn-16350.exe
2832	Unicorn-10219.exe
2164	Unicorn-42992.exe
2584	Unicorn-4652.exe
2660	Unicorn-47159.exe
3040	Unicorn-60158.exe
1824	Unicorn-53381.exe
2608	Unicorn-41129.exe
2724	Unicorn-35218.exe
2284	Unicorn-46344.exe
2876	Unicorn-34998.exe
1028	Unicorn-672.exe
2180	Unicorn-44974.exe
2060	Unicorn-44227.exe
1248	Unicorn-5908.exe
872	Unicorn-44895.exe
1700	Unicorn-46941.exe
112	Unicorn-4325.exe
1384	Unicorn-12130.exe
2288	Unicorn-63085.exe
336	Unicorn-51388.exe
2088	Unicorn-22053.exe
2516	Unicorn-63085.exe
2972	Unicorn-2187.exe
2188	Unicorn-38481.exe
2152	Unicorn-51637.exe
1796	Unicorn-47056.exe
2116	Unicorn-3469.exe
2980	Unicorn-51108.exe
912	Unicorn-54708.exe
1620	Unicorn-4600.exe
1864	Unicorn-59276.exe
1724	Unicorn-64107.exe
2632	Unicorn-26604.exe
1856	Unicorn-42483.exe
2788	Unicorn-42748.exe
2644	Unicorn-39218.exe
2800	Unicorn-39218.exe
2844	Unicorn-38664.exe
2656	Unicorn-38664.exe
2540	Unicorn-28934.exe
2532	Unicorn-28934.exe
2596	Unicorn-53530.exe
2552	Unicorn-39794.exe
2388	Unicorn-50101.exe
2856	Unicorn-345.exe
1688	Unicorn-80.exe
2884	Unicorn-4792.exe
1988	Unicorn-2099.exe
380	Unicorn-21128.exe
2768	Unicorn-40994.exe
2440	Unicorn-40994.exe
2576	Unicorn-10459.exe
1912	Unicorn-50531.exe
1400	Unicorn-8413.exe
2380	Unicorn-52676.exe
984	Unicorn-41631.exe
1932	Unicorn-34855.exe
1636	Unicorn-55275.exe
1596	Unicorn-39685.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1172 wrote to memory of 2300	1172	76e0c9c1fa1b660d61b0c93a4ad03b60N.exe	31
PID 1172 wrote to memory of 2300	1172	76e0c9c1fa1b660d61b0c93a4ad03b60N.exe	31
PID 1172 wrote to memory of 2300	1172	76e0c9c1fa1b660d61b0c93a4ad03b60N.exe	31
PID 1172 wrote to memory of 2300	1172	76e0c9c1fa1b660d61b0c93a4ad03b60N.exe	31
PID 2300 wrote to memory of 2316	2300	Unicorn-37901.exe	32
PID 2300 wrote to memory of 2316	2300	Unicorn-37901.exe	32
PID 2300 wrote to memory of 2316	2300	Unicorn-37901.exe	32
PID 2300 wrote to memory of 2316	2300	Unicorn-37901.exe	32
PID 1172 wrote to memory of 1056	1172	76e0c9c1fa1b660d61b0c93a4ad03b60N.exe	33
PID 1172 wrote to memory of 1056	1172	76e0c9c1fa1b660d61b0c93a4ad03b60N.exe	33
PID 1172 wrote to memory of 1056	1172	76e0c9c1fa1b660d61b0c93a4ad03b60N.exe	33
PID 1172 wrote to memory of 1056	1172	76e0c9c1fa1b660d61b0c93a4ad03b60N.exe	33
PID 1056 wrote to memory of 2784	1056	Unicorn-713.exe	35
PID 1056 wrote to memory of 2784	1056	Unicorn-713.exe	35
PID 1056 wrote to memory of 2784	1056	Unicorn-713.exe	35
PID 1056 wrote to memory of 2784	1056	Unicorn-713.exe	35
PID 1172 wrote to memory of 2832	1172	76e0c9c1fa1b660d61b0c93a4ad03b60N.exe	34
PID 1172 wrote to memory of 2832	1172	76e0c9c1fa1b660d61b0c93a4ad03b60N.exe	34
PID 1172 wrote to memory of 2832	1172	76e0c9c1fa1b660d61b0c93a4ad03b60N.exe	34
PID 1172 wrote to memory of 2832	1172	76e0c9c1fa1b660d61b0c93a4ad03b60N.exe	34
PID 2316 wrote to memory of 2164	2316	Unicorn-51305.exe	36
PID 2316 wrote to memory of 2164	2316	Unicorn-51305.exe	36
PID 2316 wrote to memory of 2164	2316	Unicorn-51305.exe	36
PID 2316 wrote to memory of 2164	2316	Unicorn-51305.exe	36
PID 2300 wrote to memory of 2584	2300	Unicorn-37901.exe	37
PID 2300 wrote to memory of 2584	2300	Unicorn-37901.exe	37
PID 2300 wrote to memory of 2584	2300	Unicorn-37901.exe	37
PID 2300 wrote to memory of 2584	2300	Unicorn-37901.exe	37
PID 2784 wrote to memory of 2660	2784	Unicorn-16350.exe	38
PID 2784 wrote to memory of 2660	2784	Unicorn-16350.exe	38
PID 2784 wrote to memory of 2660	2784	Unicorn-16350.exe	38
PID 2784 wrote to memory of 2660	2784	Unicorn-16350.exe	38
PID 1056 wrote to memory of 3040	1056	Unicorn-713.exe	39
PID 1056 wrote to memory of 3040	1056	Unicorn-713.exe	39
PID 1056 wrote to memory of 3040	1056	Unicorn-713.exe	39
PID 1056 wrote to memory of 3040	1056	Unicorn-713.exe	39
PID 2584 wrote to memory of 1824	2584	Unicorn-4652.exe	40
PID 2584 wrote to memory of 1824	2584	Unicorn-4652.exe	40
PID 2584 wrote to memory of 1824	2584	Unicorn-4652.exe	40
PID 2584 wrote to memory of 1824	2584	Unicorn-4652.exe	40
PID 2164 wrote to memory of 2608	2164	Unicorn-42992.exe	41
PID 2164 wrote to memory of 2608	2164	Unicorn-42992.exe	41
PID 2164 wrote to memory of 2608	2164	Unicorn-42992.exe	41
PID 2164 wrote to memory of 2608	2164	Unicorn-42992.exe	41
PID 2300 wrote to memory of 2876	2300	Unicorn-37901.exe	42
PID 2300 wrote to memory of 2876	2300	Unicorn-37901.exe	42
PID 2300 wrote to memory of 2876	2300	Unicorn-37901.exe	42
PID 2300 wrote to memory of 2876	2300	Unicorn-37901.exe	42
PID 2316 wrote to memory of 2284	2316	Unicorn-51305.exe	43
PID 2316 wrote to memory of 2284	2316	Unicorn-51305.exe	43
PID 2316 wrote to memory of 2284	2316	Unicorn-51305.exe	43
PID 2316 wrote to memory of 2284	2316	Unicorn-51305.exe	43
PID 1172 wrote to memory of 2724	1172	76e0c9c1fa1b660d61b0c93a4ad03b60N.exe	44
PID 1172 wrote to memory of 2724	1172	76e0c9c1fa1b660d61b0c93a4ad03b60N.exe	44
PID 1172 wrote to memory of 2724	1172	76e0c9c1fa1b660d61b0c93a4ad03b60N.exe	44
PID 1172 wrote to memory of 2724	1172	76e0c9c1fa1b660d61b0c93a4ad03b60N.exe	44
PID 2832 wrote to memory of 1028	2832	Unicorn-10219.exe	45
PID 2832 wrote to memory of 1028	2832	Unicorn-10219.exe	45
PID 2832 wrote to memory of 1028	2832	Unicorn-10219.exe	45
PID 2832 wrote to memory of 1028	2832	Unicorn-10219.exe	45
PID 2660 wrote to memory of 2060	2660	Unicorn-47159.exe	46
PID 2660 wrote to memory of 2060	2660	Unicorn-47159.exe	46
PID 2660 wrote to memory of 2060	2660	Unicorn-47159.exe	46
PID 2660 wrote to memory of 2060	2660	Unicorn-47159.exe	46

C:\Users\Admin\AppData\Local\Temp\76e0c9c1fa1b660d61b0c93a4ad03b60N.exe
"C:\Users\Admin\AppData\Local\Temp\76e0c9c1fa1b660d61b0c93a4ad03b60N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1172
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37901.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37901.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51305.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51305.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42992.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42992.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41129.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63085.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37355.exe
        7⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33122.exe
        8⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19172.exe
        8⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1465.exe
        8⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
        8⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1618.exe
        8⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13862.exe
        7⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38773.exe
        7⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40780.exe
        7⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9164.exe
        7⤵
        
        PID:5824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39794.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46972.exe
        7⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39898.exe
        7⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54393.exe
        7⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4280.exe
        7⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
        7⤵
        
        PID:6516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60733.exe
        6⤵
        
        PID:2688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16982.exe
        6⤵
        
        PID:3900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45728.exe
        6⤵
        
        PID:4488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53282.exe
        6⤵
        
        PID:5404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2148.exe
        6⤵
        
        PID:6368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2187.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38664.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18540.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44362.exe
        7⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48528.exe
        7⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
        7⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1618.exe
        7⤵
        
        PID:6540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16956.exe
        6⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51674.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53267.exe
        7⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7080.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10283.exe
        7⤵
        
        PID:6312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32907.exe
        6⤵
        
        PID:3212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7330.exe
        6⤵
        
        PID:4864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9542.exe
        6⤵
        
        PID:6064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
        6⤵
        
        PID:6676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53530.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38175.exe
        6⤵
        
        PID:2508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16982.exe
        6⤵
        
        PID:3884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45728.exe
        6⤵
        
        PID:4516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53282.exe
        6⤵
        
        PID:5556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2148.exe
        6⤵
        
        PID:6352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33568.exe
        5⤵
        
        PID:1872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1300.exe
        6⤵
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30246.exe
        6⤵
        
        PID:3584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48528.exe
        6⤵
        
        PID:4760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1618.exe
        6⤵
        
        PID:6628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57907.exe
        5⤵
        
        PID:980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20562.exe
        5⤵
        
        PID:3396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46258.exe
        5⤵
        
        PID:4212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48816.exe
        5⤵
        
        PID:5492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40819.exe
        5⤵
        
        PID:6232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46344.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63085.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28934.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 200
        7⤵
        Program crash
        
        PID:448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35513.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25891.exe
        6⤵
        
        PID:3576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54393.exe
        6⤵
        
        PID:4616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4280.exe
        6⤵
        
        PID:5796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
        6⤵
        
        PID:6460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50101.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48223.exe
        6⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40605.exe
        7⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62919.exe
        7⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48528.exe
        7⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
        7⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1618.exe
        7⤵
        
        PID:6556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2841.exe
        6⤵
        
        PID:1812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11117.exe
        6⤵
        
        PID:3940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57316.exe
        6⤵
        
        PID:4988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57636.exe
        6⤵
        
        PID:5860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42093.exe
        5⤵
        
        PID:2612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1300.exe
        6⤵
        
        PID:2148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30246.exe
        6⤵
        
        PID:3664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-444.exe
        6⤵
        
        PID:4952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49935.exe
        6⤵
        
        PID:6728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56458.exe
        5⤵
        
        PID:2792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35727.exe
        5⤵
        
        PID:3652
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 188
        6⤵
        Program crash
        
        PID:4664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59919.exe
        5⤵
        
        PID:4184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4810.exe
        5⤵
        
        PID:5596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46154.exe
        5⤵
        
        PID:6328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38481.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28934.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2540
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 200
        6⤵
        Program crash
        
        PID:2716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35513.exe
        5⤵
        
        PID:1644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25891.exe
        5⤵
        
        PID:3204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54393.exe
        5⤵
        
        PID:4620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4280.exe
        5⤵
        
        PID:5408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
        5⤵
        
        PID:6452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-80.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-80.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36329.exe
        5⤵
        
        PID:1096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62919.exe
        5⤵
        
        PID:4064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48528.exe
        5⤵
        
        PID:4716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
        5⤵
        
        PID:5660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1618.exe
        5⤵
        
        PID:6612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53849.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53849.exe
      4⤵
      PID:1160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57319.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57319.exe
      4⤵
      PID:3916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64732.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64732.exe
      4⤵
      PID:4824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48816.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48816.exe
      4⤵
      PID:5472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40819.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40819.exe
      4⤵
      PID:6240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4652.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4652.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53381.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53381.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46941.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42748.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8596.exe
        7⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54611.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62919.exe
        8⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48528.exe
        8⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
        8⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1618.exe
        8⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31237.exe
        7⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11117.exe
        7⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54393.exe
        7⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4280.exe
        7⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
        7⤵
        
        PID:6500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28357.exe
        6⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44305.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62919.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48528.exe
        7⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12711.exe
        7⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57182.exe
        7⤵
        
        PID:6832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44973.exe
        6⤵
        
        PID:2524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16982.exe
        6⤵
        
        PID:3892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45728.exe
        6⤵
        
        PID:4480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53282.exe
        6⤵
        
        PID:5644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2148.exe
        6⤵
        
        PID:6384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39218.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18327.exe
        6⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37481.exe
        7⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59489.exe
        7⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46107.exe
        7⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21647.exe
        7⤵
        
        PID:1500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46972.exe
        6⤵
        
        PID:328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50824.exe
        6⤵
        
        PID:4500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29571.exe
        6⤵
        
        PID:5572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33757.exe
        6⤵
        
        PID:7144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63919.exe
        5⤵
        
        PID:628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35260.exe
        6⤵
        
        PID:1072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19172.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48528.exe
        6⤵
        
        PID:4656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
        6⤵
        
        PID:5376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1618.exe
        6⤵
        
        PID:6588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32857.exe
        5⤵
        
        PID:2292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35826.exe
        6⤵
        
        PID:4784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34979.exe
        6⤵
        
        PID:5700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22700.exe
        6⤵
        
        PID:6052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30107.exe
        5⤵
        
        PID:3160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57846.exe
        5⤵
        
        PID:5012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39356.exe
        5⤵
        
        PID:5896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4325.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4325.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38664.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55296.exe
        6⤵
        
        PID:904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44362.exe
        6⤵
        
        PID:4088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1465.exe
        6⤵
        
        PID:1288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10585.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
        6⤵
        
        PID:6508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37568.exe
        5⤵
        
        PID:2840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38746.exe
        5⤵
        
        PID:3592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54393.exe
        5⤵
        
        PID:4604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4280.exe
        5⤵
        
        PID:5544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
        5⤵
        
        PID:6272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47226.exe
      4⤵
      PID:2812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49069.exe
        5⤵
        
        PID:4004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36380.exe
        5⤵
        
        PID:4744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52114.exe
        5⤵
        
        PID:5608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27923.exe
        5⤵
        
        PID:6176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29401.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29401.exe
      4⤵
      PID:3468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35803.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35803.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3383.exe
      4⤵
      PID:5000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64437.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64437.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34998.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34998.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22053.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22053.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-345.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20272.exe
        6⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6988.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56220.exe
        7⤵
        
        PID:6304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38773.exe
        6⤵
        
        PID:3148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45728.exe
        6⤵
        
        PID:4456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53282.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2148.exe
        6⤵
        
        PID:6288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28357.exe
        5⤵
        
        PID:2772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47595.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42882.exe
        6⤵
        
        PID:3852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-444.exe
        6⤵
        
        PID:4972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60357.exe
        6⤵
        
        PID:5932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43603.exe
        5⤵
        
        PID:2100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62483.exe
        5⤵
        
        PID:3868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45728.exe
        5⤵
        
        PID:4424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53282.exe
        5⤵
        
        PID:5300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2148.exe
        5⤵
        
        PID:6376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4792.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4792.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20272.exe
        5⤵
        
        PID:468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42318.exe
        6⤵
        
        PID:2220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6827.exe
        6⤵
        
        PID:5980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38773.exe
        5⤵
        
        PID:3140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45728.exe
        5⤵
        
        PID:4472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53282.exe
        5⤵
        
        PID:5324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2148.exe
        5⤵
        
        PID:6344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42093.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42093.exe
      4⤵
      PID:2712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46012.exe
        5⤵
        
        PID:1616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56618.exe
        5⤵
        
        PID:3824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57316.exe
        5⤵
        
        PID:4956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57636.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62514.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62514.exe
      4⤵
      PID:1816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8317.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8317.exe
      4⤵
      PID:3860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47666.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47666.exe
      4⤵
      PID:4872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10072.exe
      4⤵
      PID:6080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46154.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46154.exe
      4⤵
      PID:6428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51637.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51637.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10459.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10459.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21581.exe
        5⤵
        
        PID:2176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38332.exe
        6⤵
        
        PID:3524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41403.exe
        6⤵
        
        PID:4296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40464.exe
        6⤵
        
        PID:5204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28566.exe
        6⤵
        
        PID:1952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18466.exe
        5⤵
        
        PID:3460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55139.exe
        5⤵
        
        PID:4400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46329.exe
        5⤵
        
        PID:5180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54711.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43131.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43131.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24461.exe
        5⤵
        
        PID:684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62919.exe
        5⤵
        
        PID:3092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48528.exe
        5⤵
        
        PID:4528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
        5⤵
        
        PID:5524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1618.exe
        5⤵
        
        PID:6532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1610.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1610.exe
      4⤵
      PID:484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16982.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16982.exe
      4⤵
      PID:3876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40780.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40780.exe
      4⤵
      PID:4964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9164.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9164.exe
      4⤵
      PID:5832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52676.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52676.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33122.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33122.exe
      4⤵
      PID:2092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19172.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19172.exe
      4⤵
      PID:3180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48528.exe
      4⤵
      PID:4592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
      4⤵
      PID:5508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1618.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1618.exe
      4⤵
      PID:6596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20100.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20100.exe
    3⤵
    PID:320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30638.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30638.exe
    3⤵
    PID:3184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57787.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57787.exe
      4⤵
      PID:3744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34792.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34792.exe
      4⤵
      PID:4440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7080.exe
      4⤵
      PID:5432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10283.exe
      4⤵
      PID:6320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40684.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40684.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42054.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42054.exe
    3⤵
    PID:5016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63302.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63302.exe
    3⤵
    PID:5988
- C:\Users\Admin\AppData\Local\Temp\Unicorn-713.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-713.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16350.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16350.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47159.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47159.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44227.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51108.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55275.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63547.exe
        8⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13293.exe
        9⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56220.exe
        9⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55139.exe
        8⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11518.exe
        8⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19900.exe
        8⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58456.exe
        7⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56618.exe
        7⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57316.exe
        7⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43821.exe
        7⤵
        
        PID:5908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39685.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1300.exe
        7⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30246.exe
        7⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13717.exe
        7⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
        7⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1618.exe
        7⤵
        
        PID:6580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60707.exe
        6⤵
        
        PID:1016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2784.exe
        6⤵
        
        PID:3760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45728.exe
        6⤵
        
        PID:4512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58544.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2148.exe
        6⤵
        
        PID:6360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4600.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49245.exe
        6⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10298.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55139.exe
        7⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46329.exe
        7⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54711.exe
        7⤵
        
        PID:2932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27620.exe
        6⤵
        
        PID:3060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42036.exe
        6⤵
        
        PID:3712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54393.exe
        6⤵
        
        PID:4648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4280.exe
        6⤵
        
        PID:5636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
        6⤵
        
        PID:6524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5974.exe
        5⤵
        
        PID:1112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10070.exe
        6⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5078.exe
        7⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22644.exe
        7⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24646.exe
        7⤵
        
        PID:6048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62919.exe
        6⤵
        
        PID:3980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-444.exe
        6⤵
        
        PID:4980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8634.exe
        6⤵
        
        PID:5836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38202.exe
        5⤵
        
        PID:2128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8317.exe
        5⤵
        
        PID:3844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29192.exe
        5⤵
        
        PID:4432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4810.exe
        5⤵
        
        PID:5504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46154.exe
        5⤵
        
        PID:6400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44974.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3469.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34855.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18431.exe
        7⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12156.exe
        7⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48528.exe
        7⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16807.exe
        7⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32384.exe
        7⤵
        
        PID:6736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43681.exe
        6⤵
        
        PID:1452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56618.exe
        6⤵
        
        PID:3872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54393.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4280.exe
        6⤵
        
        PID:5380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62169.exe
        6⤵
        
        PID:6752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41631.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53277.exe
        6⤵
        
        PID:3548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55139.exe
        6⤵
        
        PID:4344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46329.exe
        6⤵
        
        PID:5172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54711.exe
        6⤵
        
        PID:3624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7340.exe
        5⤵
        
        PID:3484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52339.exe
        5⤵
        
        PID:4224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17044.exe
        5⤵
        
        PID:5020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38713.exe
        5⤵
        
        PID:5148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54708.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59551.exe
        5⤵
        Executes dropped EXE
        
        PID:1668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34165.exe
        6⤵
        
        PID:1516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28300.exe
        6⤵
        
        PID:3716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48528.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18207.exe
        6⤵
        
        PID:6072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1618.exe
        6⤵
        
        PID:6668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46972.exe
        5⤵
        
        PID:2224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39898.exe
        5⤵
        
        PID:3808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54393.exe
        5⤵
        
        PID:4640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4280.exe
        5⤵
        
        PID:5444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
        5⤵
        
        PID:6492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
      4⤵
      PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12400.exe
        5⤵
        
        PID:1776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5358.exe
        5⤵
        
        PID:3520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48528.exe
        5⤵
        
        PID:4532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
        5⤵
        
        PID:5368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1618.exe
        5⤵
        
        PID:6548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28166.exe
      4⤵
      PID:1164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34568.exe
      4⤵
      PID:3612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46258.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46258.exe
      4⤵
      PID:4160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48816.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48816.exe
      4⤵
      PID:5460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40819.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40819.exe
      4⤵
      PID:6224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60158.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60158.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:3040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5908.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5908.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59276.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14434.exe
        6⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43127.exe
        7⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52421.exe
        7⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48528.exe
        7⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
        7⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1618.exe
        7⤵
        
        PID:6660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17231.exe
        6⤵
        
        PID:2836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53904.exe
        6⤵
        
        PID:3588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29571.exe
        6⤵
        
        PID:5528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6923.exe
        6⤵
        
        PID:6160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21019.exe
        5⤵
        
        PID:784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49240.exe
        6⤵
        
        PID:3192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41403.exe
        6⤵
        
        PID:4336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40464.exe
        6⤵
        
        PID:4916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27923.exe
        6⤵
        
        PID:6248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53608.exe
        5⤵
        
        PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62867.exe
        5⤵
        
        PID:3724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45728.exe
        5⤵
        
        PID:4468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53282.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2148.exe
        5⤵
        
        PID:6336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64107.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64107.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61606.exe
        5⤵
        
        PID:1344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64227.exe
        6⤵
        
        PID:4068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60116.exe
        6⤵
        
        PID:4940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48026.exe
        6⤵
        
        PID:5884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42939.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46059.exe
        5⤵
        
        PID:4836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49314.exe
        5⤵
        
        PID:5600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3365.exe
        5⤵
        
        PID:4920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42093.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42093.exe
      4⤵
      PID:1536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65493.exe
        5⤵
        
        PID:1340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58643.exe
        5⤵
        
        PID:3660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48528.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
        5⤵
        
        PID:5752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1618.exe
        5⤵
        
        PID:6652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63282.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53818.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53818.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29192.exe
      4⤵
      PID:4192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4810.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4810.exe
      4⤵
      PID:5424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46154.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46154.exe
      4⤵
      PID:6408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44895.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44895.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26604.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26604.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20272.exe
        5⤵
        
        PID:2764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51436.exe
        6⤵
        
        PID:6148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42939.exe
        5⤵
        
        PID:4012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55981.exe
        5⤵
        
        PID:4728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46107.exe
        5⤵
        
        PID:5548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38175.exe
        5⤵
        
        PID:6004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28357.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28357.exe
      4⤵
      PID:3032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38332.exe
        5⤵
        
        PID:3512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41403.exe
        5⤵
        
        PID:4288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12259.exe
        5⤵
        
        PID:5252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28566.exe
        5⤵
        
        PID:5244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32201.exe
      4⤵
      PID:3412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61004.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61004.exe
      4⤵
      PID:4240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33579.exe
      4⤵
      PID:2964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55288.exe
      4⤵
      PID:7136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42483.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42483.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48223.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48223.exe
      4⤵
      PID:580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1300.exe
        5⤵
        
        PID:2344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16328.exe
        5⤵
        
        PID:3596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55139.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11518.exe
        5⤵
        
        PID:1716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19900.exe
        5⤵
        
        PID:5200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39872.exe
      4⤵
      PID:3100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57002.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57002.exe
      4⤵
      PID:3732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19582.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19582.exe
      4⤵
      PID:4144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4280.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4280.exe
      4⤵
      PID:5384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
      4⤵
      PID:6436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39293.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39293.exe
    3⤵
    PID:788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59079.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59079.exe
      4⤵
      PID:1168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62919.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62919.exe
      4⤵
      PID:4044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48528.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
      4⤵
      PID:5724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1618.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1618.exe
      4⤵
      PID:6644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15139.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15139.exe
    3⤵
    PID:2944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8847.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8847.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24727.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24727.exe
    3⤵
    PID:4172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43481.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43481.exe
    3⤵
    PID:5784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45019.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45019.exe
    3⤵
    PID:6392
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10219.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10219.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-672.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-672.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12130.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2099.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48223.exe
        6⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38332.exe
        7⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41403.exe
        7⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40464.exe
        7⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27923.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18466.exe
        6⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55239.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26728.exe
        7⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2280.exe
        7⤵
        
        PID:5212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55139.exe
        6⤵
        
        PID:4320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42245.exe
        6⤵
        
        PID:4932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21846.exe
        6⤵
        
        PID:6044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28357.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38332.exe
        6⤵
        
        PID:3492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41403.exe
        6⤵
        
        PID:4304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12259.exe
        6⤵
        
        PID:5260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27923.exe
        6⤵
        
        PID:6212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48346.exe
        5⤵
        
        PID:3700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55421.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6827.exe
        6⤵
        
        PID:5920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61004.exe
        5⤵
        
        PID:4248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9459.exe
        5⤵
        
        PID:5272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38175.exe
        5⤵
        
        PID:3636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21128.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48223.exe
        5⤵
        
        PID:2604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38332.exe
        6⤵
        
        PID:3500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41403.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40464.exe
        6⤵
        
        PID:5228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27923.exe
        6⤵
        
        PID:6208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18466.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55139.exe
        5⤵
        
        PID:4352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11518.exe
        5⤵
        
        PID:3708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19900.exe
        5⤵
        
        PID:5196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42093.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42093.exe
      4⤵
      PID:1560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58560.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41403.exe
        5⤵
        
        PID:4280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12259.exe
        5⤵
        
        PID:5284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63376.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37875.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37875.exe
      4⤵
      PID:3668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52339.exe
      4⤵
      PID:4232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51855.exe
      4⤵
      PID:4900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55241.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55241.exe
      4⤵
      PID:5876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51388.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51388.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40994.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59079.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49069.exe
        6⤵
        
        PID:3996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1570.exe
        6⤵
        
        PID:4696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48907.exe
        6⤵
        
        PID:5580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46848.exe
        6⤵
        
        PID:6132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44362.exe
        5⤵
        
        PID:2344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48528.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
        5⤵
        
        PID:5352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1618.exe
        5⤵
        
        PID:6564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20739.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20739.exe
      4⤵
      PID:2888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11117.exe
      4⤵
      PID:3948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54393.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54393.exe
      4⤵
      PID:4720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4280.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4280.exe
      4⤵
      PID:5672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
      4⤵
      PID:6476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8413.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8413.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48223.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48223.exe
      4⤵
      PID:1984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63547.exe
        5⤵
        
        PID:1760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42882.exe
        5⤵
        
        PID:3120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48528.exe
        5⤵
        
        PID:4132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
        5⤵
        
        PID:5568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1618.exe
        5⤵
        
        PID:6296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23645.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23645.exe
      4⤵
      PID:1980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25891.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25891.exe
      4⤵
      PID:3568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54393.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54393.exe
      4⤵
      PID:4688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4280.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4280.exe
      4⤵
      PID:5440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47958.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47958.exe
    3⤵
    PID:3028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29203.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29203.exe
      4⤵
      PID:4032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35229.exe
        5⤵
        
        PID:3820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20978.exe
        5⤵
        
        PID:944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7080.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10283.exe
        5⤵
        
        PID:6264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55139.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55139.exe
      4⤵
      PID:4392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65462.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65462.exe
      4⤵
      PID:5772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54711.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29401.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29401.exe
    3⤵
    PID:3476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35525.exe
      4⤵
      PID:5004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59676.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59676.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22700.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22700.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35803.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35803.exe
    3⤵
    PID:4272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34110.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34110.exe
    3⤵
    PID:5048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-846.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-846.exe
    3⤵
    PID:1360
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35218.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35218.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39218.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39218.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39323.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39323.exe
      4⤵
      PID:2624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62779.exe
        5⤵
        
        PID:2008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62919.exe
        5⤵
        
        PID:4076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48528.exe
        5⤵
        
        PID:4680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
        5⤵
        
        PID:5616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1618.exe
        5⤵
        
        PID:6604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12187.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12187.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11117.exe
      4⤵
      PID:3952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54393.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54393.exe
      4⤵
      PID:4768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4280.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4280.exe
      4⤵
      PID:5732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
      4⤵
      PID:6468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42093.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42093.exe
    3⤵
    PID:2012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53277.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53277.exe
      4⤵
      PID:3540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55139.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55139.exe
      4⤵
      PID:4384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11518.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11518.exe
      4⤵
      PID:5124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19900.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19900.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1035.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1035.exe
    3⤵
    PID:2780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37097.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37097.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29192.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29192.exe
    3⤵
    PID:4208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4810.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4810.exe
    3⤵
    PID:5716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46154.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46154.exe
    3⤵
    PID:6416
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47056.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47056.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40994.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40994.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24461.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24461.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62919.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62919.exe
      4⤵
      PID:3968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48528.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
      4⤵
      PID:5668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1618.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1618.exe
      4⤵
      PID:6636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41159.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41159.exe
    3⤵
    PID:1780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11117.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11117.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54393.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54393.exe
    3⤵
    PID:4628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4280.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4280.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
    3⤵
    PID:6444
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50531.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50531.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14455.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14455.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44362.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44362.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48528.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48528.exe
    3⤵
    PID:4588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12711.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12711.exe
    3⤵
    PID:5328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6694.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6694.exe
    3⤵
    PID:6868
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49034.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49034.exe
  2⤵
  PID:2740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20569.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20569.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55139.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55139.exe
    3⤵
    PID:4256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11518.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11518.exe
    3⤵
    PID:5132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19900.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19900.exe
    3⤵
    PID:5808
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48390.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48390.exe
  2⤵
  PID:2432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27082.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27082.exe
    3⤵
    PID:4564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30895.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30895.exe
    3⤵
    PID:5684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57511.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57511.exe
    3⤵
    PID:2472
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62293.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62293.exe
  2⤵
  PID:3688
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23592.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23592.exe
  2⤵
  PID:1284
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19946.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19946.exe
  2⤵
  PID:5456
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64620.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64620.exe
  2⤵
  PID:6252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-39685.exe

Filesize
468KB

MD5
da447d8c9495b6b6413b3590d830e814

SHA1
fa16c860749c0b5d762a25081abdf2a15b22b65c

SHA256
789f50a669a4553f87b0242916fd536f643dcc7a74093b390b499fcfeebf2bb4

SHA512
6eedaa090e634be2ae490157fb5984975ba07ce6947442ea44301558d00f035d5ddbb633878d33bfca29b193f199c87eea5dbee556bdb4d73490f0b16332f32b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39794.exe

Filesize
468KB

MD5
39cded3465776482bdbfc50793d31b69

SHA1
02a2d3b241818f222139c0ef00835f99a5564d36

SHA256
fabfb32798d9dfa49ffbf0ef03f304e2b55cfb09702287897c56c9e8c45edb3a

SHA512
15cd5f893889675156aefab4ce85b44051ec3b9c825a633aa71412e292782a4ef207dea66d29e242bc490efaee90b50d1d23ac6e82ef8473c6d1b00b40f4df77

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39872.exe

Filesize
468KB

MD5
7569750a147fa7e69ea18ab14e903e20

SHA1
f2f07097c0eb21448aa802af0b4b991037a21395

SHA256
3a7542008a0ea2d3206fff050e06067cf1aece9c3e3f5f2952bef4ffd4aec729

SHA512
16445e81b30a394db2b12f0a96b464b92cdaca37c944705498ee8021669362a4352153df8e8baf753c3e1eacda400878058613b8b102b6c79287c5000269d0f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42245.exe

Filesize
468KB

MD5
07a73133bc30f8ff1ffcf9ddb9aac29a

SHA1
28a120957d3b2343102a2fe3b58e625223e2d868

SHA256
1c1eb6d0810bd9badb413f0f4cb4dc6e7ec58308ad2efd6efc44f30f3ed99b65

SHA512
b5fdbd25b4f3dff016f7dadcdf9d4682c9358ed6b42bb672f674aa23d248f76939798e99f0d9bdfbce7095151b0f20b5461f54f8ac2d4f2511fd48c07a941ec4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44974.exe

Filesize
468KB

MD5
4dd72b24fb69e6c313583787e4cb8efd

SHA1
68d2059ca3cafa5b20e56024eeb1327a2f4b8b40

SHA256
dc7458979cb3b1317342e5769d0ab43d25fed3b6f5501dde132fea3b4fc4333f

SHA512
1495e7bdfe50bc822e3eea5a414e9b70724c1a86e2a94f737ef16a6426456e461faf4e76c1235c2fe58dc5c75c983b965a6b171931ed83b4587b57a9e9286a6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47159.exe

Filesize
468KB

MD5
fe0c1af0d489e0f3cce486081c17f655

SHA1
1d34a88639fc4f564334e64c91cb4fee0bb0b6f3

SHA256
3ef555f8a52bd12aed52a26192156dc1d6232c66024965c2e6c3854538686602

SHA512
510bad75449e4a77511cfc6f29b90f092ca1af67352375a267946513c8dc0143c6782e4afa87de8ecc95f6862c20f9a3d4328e020ae18958809baf96207f75a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51305.exe

Filesize
468KB

MD5
60ade6649e975d79572348824f36abfb

SHA1
bdb396c7bf16de69635eb0d5ac870ecc9cee56e6

SHA256
9a4c0fad4deeb8ba1e830a42607e7cad0b05afd12c8f1ac0b99bbac624651b9b

SHA512
4f1f5ddd6053310973155ecb74f69024b260114b7ea33adf342b8d3ba3a1358080ccda6e5cd9460c797d54e57019d5aed31f86749da29b86de671680a3a0f46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5358.exe

Filesize
468KB

MD5
1bdde6a6ebe63fd759e771c91c679038

SHA1
d39fc2136ceb5d13d53402e0e2d36c219550afbc

SHA256
836e6bd6d8f2f35813e3aa8d68902af9b758b525fa6cfb38c926e4abe6b27291

SHA512
17d4f7a6e4770430316283114f16cd5c6a9b2b67a6a530efe7377a9591233cd3ce1258db84443ff6ccf1e275d6bd49c21e53333bb04a442d647a2f525951afc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-713.exe

Filesize
468KB

MD5
36a19f6138258fe500b5d43023f95832

SHA1
ca303d50afbec563c9b5c378c4eb2533810eb81a

SHA256
3185736062841252227794169e5410bf27c5ad06d8dcbb3ba8277d55c889d795

SHA512
e23f8eadea40e21ace8d1f8dbd81532fad337c8a12e4efe68e451e6a6fecc5b5f4f187a7c80e31ee06b3835cbe36de5a9e8544ca752c0d629b3470e77d8af30f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10219.exe

Filesize
468KB

MD5
eab90fffc934d2ffd8c231975418a957

SHA1
e40fcbef792456c610e003a68c15dc39c63e3af4

SHA256
1181de6ff2bb4abf84ca25b9c4dfcc0861b6807b87869bc7189fac1ff17b2521

SHA512
20d07692da1894fc31be8c40f0c4abb3986bb06e2a43e1869e75d8cd111c91ed29b35c01461d11ffa5942b31f0a9ef0394f09ad4662a9bcc522004740a483f6a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16350.exe

Filesize
468KB

MD5
df13b662473d6aed3b20a4b31bfe7638

SHA1
c4a432b73cc9a87e6d31d6c2553108c3e826c3c5

SHA256
ab159e87002ac4a7f3f9aef8ca81ac0be5e9930d6b2194ceef25a79701cd0c27

SHA512
9968fcab7e18a2c0cdaea0defab00b89e377ecae74094763eb6a2ad6ef47d3cc550da94d5ce08d8a2b874b259d8d07dc65368c647e4d4791d53fbf160c5a3f6f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34998.exe

Filesize
468KB

MD5
fb95c21fe0e83b2595c6e87aec4d463b

SHA1
23782265d3ecc38fa93d82c9a23438d77d76f9bd

SHA256
737f4f7a3d46d1af929352164e0e50d5be48ce0aafa33242f475c7cd1a73e87a

SHA512
bc3c1dcd5e463cbaf310803f7dbb7631ac08059e70c6e0a3fc029b2045d4391e504839a996b48c1b5874a14f324a40971cd31dc26f1b1fff27bc2b474fd4c3e9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35218.exe

Filesize
468KB

MD5
aaece4653846a366bcc5ed63b41b6e98

SHA1
7e68d023d2652ad34819ba2e7c7036fc99571e4b

SHA256
44e85364a4bc9d9eadadbcba007f257adc5423b4bb9b9805280fadb8ba8c75e7

SHA512
83939e3aa184261d8b1c24f9f03c6a21f213e0f4cfe535674761ba40366724a64ce97c043e895d6752c4fefb1ee4a87fa52a42195dbf3b7375227237bb8c11ff

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37901.exe

Filesize
468KB

MD5
4c6c0362352121c4e99e50820cdf1f58

SHA1
258d3154534bb0f6d1b2ba0d595a168f07c604b0

SHA256
d8b2b3a356e9571e063f1fd0b21ad6fba9aa5a7a7d7bc1ac84d65a04b68b3270

SHA512
54778a3dbdd374f7b60cf71f53687cd510ad7a12f119a3a0711ad45b856e156095f99410aed62ae11dc29fdb7d97d4afee25d19b0c23b46cf4ebfa68fd4d7a7f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41129.exe

Filesize
468KB

MD5
45d19c3ce23a644cc1cd6e5ac1a97d87

SHA1
743e3ca3f542b57f6568d2ecbb70c31115cf063e

SHA256
6e9573dae919546c4398aa1c716d29de04acdf0abfc375a80745efedcc3fea42

SHA512
7d858be3b11575003d909f456f33c4a04de5f05504a42543dace10a754b873409f7505b29314d0ab3285454db40d9eb0ab6711cb9896cea2f1e8ff9385566941

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42992.exe

Filesize
468KB

MD5
8684ae96886dc1255b71ac69ed019985

SHA1
944309c88be4a57aa863affd676b5ab4cda50246

SHA256
6e52eaeb0293589ed2f74f4c23311e989ae142db8d95d206c77513b7560c9703

SHA512
11a0a5b9696c274c44a49388847c00af291dd2d22088bd64673db7ff109707e0dc722fe8b5bf5ff9b15b510fa738371f3199ea0bf9d75612dacd7acb67adcacc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44227.exe

Filesize
468KB

MD5
8321cdb17962eeae0343b04fb90cd34d

SHA1
c6a4b9ef4e7fb9585e383fbee541c202488d0e08

SHA256
2d10f832c206e0da53dfc2e209ff526e35d6c39c0257f3b0bb24a6d6281ee13c

SHA512
66a81e0b9133d81b863b14613e3c4bdb4ad6e91145f197ab99693f2fab1bb53d2639234b09787c51b9ef4fd32564d5ae71224884add38f8560cc89d8e6e17cf5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44895.exe

Filesize
468KB

MD5
02536a7b4f02c32b9a7c88602b911bfa

SHA1
07b7edb822ce3567fc874843885d227a2a350b88

SHA256
f6dae1a179ce1b0db5b1d317a2a696541af72ee443a1f14626b1cbce35b596de

SHA512
91ea436e69b18719f95ba9f1812b51918a908eb8f3efe2895c615996b16a067879f36f9848662004e5840a6da509bcc29b6b677619a92ab5e2cb8b3cc96bac00

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46344.exe

Filesize
468KB

MD5
4fe90a4e9e57b4e23a11997c24ee1aba

SHA1
80b097a3c48b305499a31596e529dd73f1b667b6

SHA256
22e3a9b3febc6060dacc9bd93b10bd45e3c1890e3f73490030852193475ba06b

SHA512
cef09b8d466f0b01a5e071de4ec04b8df2a9828b6804a6637ca1c0aacb3a9d87620d0aeaa999db4aefc373880fffb3b420895863f1ab7d6de2e7cd17b6d936ef

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4652.exe

Filesize
468KB

MD5
f210e90bd4f62edee84cfd5b408cdeb6

SHA1
a742c2380e1fc53012a8b8b9a0b04e5c53754ad6

SHA256
0eab8d1fa6862b68e8c20475462be9ab623e9d5f02a9017aa67512d186e59b5a

SHA512
084d917816c2e4b35f7a5125a06e288f742045189051a2477f749dec63de6fb1f6d62893c44a265625ec410b73c009418b21048f2e936cb47f91c69635ddc4c6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53381.exe

Filesize
468KB

MD5
96e46787f79f2d3cea26e81d20d834bd

SHA1
aa1ad59ee1fa4b1833206ba7fdd5f447ee10f34a

SHA256
58f6c7f996830cd8b527b6dbdc1b9993c7263d72a2cc6f84d42e701f83f20117

SHA512
8eee839db596eed2d0bc65760505f9126dd57dca49d1b189da863eeafdcd1423effabc054f4a422e43d77e93e25a3728394f7a62a3baad5d384a4d5796d18f94

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5908.exe

Filesize
468KB

MD5
bb67e463965af8a0a0c68dfb27443ba4

SHA1
8f9d3f737e41c46c33d6208b4628d9551bf72c27

SHA256
6f19a014888f112a9670f4461d328508a4eb6a5d96c83a76e40aa52a2840cfe2

SHA512
bfdb48f5c3b7eb741f0a78a7f726e1e9008473fa928af5c80b23e19dfb092eb86af2fccfa3e34ec6eba0e3cc313a12b4fe0e13522206055ff644fdaf186eb452

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60158.exe

Filesize
468KB

MD5
e1ceec27bbe24c79ceee16256a5b0285

SHA1
af5e48ec958052e7cff8c53a32433841ee6471d7

SHA256
83939619d5e780d1a5e6707e2c35661d7a5e3da143dce168db0db7bfa6968c18

SHA512
463f11409195c1e4ea49172222c5b9577b31c1d150536d6149f6a04e15aa3d1e70692c22a51d41cacdc377076f4ccd0b9b950c0e27686f041986445e0de36369

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-672.exe

Filesize
468KB

MD5
b8514c59acab06439df5440add89c4e9

SHA1
0667643853661713ca3ff12f98e34e3ae5acdd01

SHA256
065f32c27c03837c3bfb15dc705cd3cfa1eb67b3bb13158f9459738723f868a4

SHA512
118d856dbcb53c56cc32edb700a3a57b8db8d24e891373d9d789918b05aa5486f8bc4ea4e1e35306780acf3e42dcebe741f801724a43b2d6cbd22a42902b07e6

Download Submit