e845e627b1901e14341684d7c191baf4bea98cfd39e0666bc0e70978dcbdea34

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05/09/2024, 11:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

28a4d74e8f849eedffe571abbc442c80N.exe
Size

468KB
MD5

28a4d74e8f849eedffe571abbc442c80
SHA1

701edf8b824cec52b32845706c758126f2302b9c
SHA256

e845e627b1901e14341684d7c191baf4bea98cfd39e0666bc0e70978dcbdea34
SHA512

5adfe15e12cea5eb2389cc4ed9f1ee02202be44c0e902334582ae0b2d74bae7a0e44228937eeaf5c787014c126eeb90781148e4d8b669aa64bb832a7a1400db7
SSDEEP

3072:ab8uorld503YtbY2PzcIffT/ECpZtumpnsH1OVhDbaPaMS/7tjYS:ab1oxOYtBP4Iffrh6kbaiH/7t

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2912	Unicorn-14004.exe
2280	Unicorn-9017.exe
1884	Unicorn-50605.exe
1648	Unicorn-40943.exe
2196	Unicorn-36859.exe
3036	Unicorn-16993.exe
2644	Unicorn-63401.exe
2660	Unicorn-32941.exe
2752	Unicorn-58000.exe
2480	Unicorn-76.exe
2556	Unicorn-56988.exe
112	Unicorn-19794.exe
2512	Unicorn-57253.exe
796	Unicorn-6059.exe
812	Unicorn-32038.exe
2220	Unicorn-9396.exe
2000	Unicorn-5312.exe
1564	Unicorn-53766.exe
2744	Unicorn-13288.exe
2536	Unicorn-29070.exe
1580	Unicorn-10687.exe
284	Unicorn-12733.exe
2204	Unicorn-37792.exe
440	Unicorn-48728.exe
1220	Unicorn-57658.exe
3028	Unicorn-35192.exe
1488	Unicorn-41322.exe
2748	Unicorn-24529.exe
3048	Unicorn-14762.exe
1500	Unicorn-44098.exe
3024	Unicorn-32635.exe
1432	Unicorn-1808.exe
2116	Unicorn-7938.exe
1496	Unicorn-38565.exe
2788	Unicorn-57502.exe
2200	Unicorn-11830.exe
2888	Unicorn-54901.exe
2080	Unicorn-57824.exe
1612	Unicorn-24083.exe
1880	Unicorn-57310.exe
2308	Unicorn-11638.exe
2800	Unicorn-62463.exe
2952	Unicorn-57367.exe
1536	Unicorn-57632.exe
2776	Unicorn-41296.exe
2484	Unicorn-60755.exe
2876	Unicorn-54103.exe
1364	Unicorn-38556.exe
1516	Unicorn-11813.exe
1040	Unicorn-43002.exe
1044	Unicorn-62603.exe
1976	Unicorn-58784.exe
2032	Unicorn-25157.exe
1688	Unicorn-30004.exe
2780	Unicorn-46895.exe
764	Unicorn-57305.exe
480	Unicorn-57305.exe
1188	Unicorn-37439.exe
1568	Unicorn-51175.exe
888	Unicorn-40512.exe
1360	Unicorn-15203.exe
1356	Unicorn-28887.exe
968	Unicorn-36501.exe
1848	Unicorn-37055.exe

Loads dropped DLL 64 IoCs

pid	Process
2792	28a4d74e8f849eedffe571abbc442c80N.exe
2792	28a4d74e8f849eedffe571abbc442c80N.exe
2912	Unicorn-14004.exe
2792	28a4d74e8f849eedffe571abbc442c80N.exe
2912	Unicorn-14004.exe
2792	28a4d74e8f849eedffe571abbc442c80N.exe
2280	Unicorn-9017.exe
2280	Unicorn-9017.exe
1884	Unicorn-50605.exe
1884	Unicorn-50605.exe
2912	Unicorn-14004.exe
2912	Unicorn-14004.exe
2792	28a4d74e8f849eedffe571abbc442c80N.exe
2792	28a4d74e8f849eedffe571abbc442c80N.exe
1648	Unicorn-40943.exe
1648	Unicorn-40943.exe
2280	Unicorn-9017.exe
2280	Unicorn-9017.exe
2644	Unicorn-63401.exe
2644	Unicorn-63401.exe
2196	Unicorn-36859.exe
2792	28a4d74e8f849eedffe571abbc442c80N.exe
2792	28a4d74e8f849eedffe571abbc442c80N.exe
2196	Unicorn-36859.exe
1884	Unicorn-50605.exe
2912	Unicorn-14004.exe
1884	Unicorn-50605.exe
2912	Unicorn-14004.exe
2660	Unicorn-32941.exe
2660	Unicorn-32941.exe
3036	Unicorn-16993.exe
3036	Unicorn-16993.exe
1648	Unicorn-40943.exe
1648	Unicorn-40943.exe
2480	Unicorn-76.exe
2480	Unicorn-76.exe
2644	Unicorn-63401.exe
2644	Unicorn-63401.exe
2752	Unicorn-58000.exe
2752	Unicorn-58000.exe
2280	Unicorn-9017.exe
2280	Unicorn-9017.exe
2556	Unicorn-56988.exe
2556	Unicorn-56988.exe
2792	28a4d74e8f849eedffe571abbc442c80N.exe
2196	Unicorn-36859.exe
2792	28a4d74e8f849eedffe571abbc442c80N.exe
2196	Unicorn-36859.exe
796	Unicorn-6059.exe
796	Unicorn-6059.exe
1884	Unicorn-50605.exe
1884	Unicorn-50605.exe
112	Unicorn-19794.exe
112	Unicorn-19794.exe
2912	Unicorn-14004.exe
2912	Unicorn-14004.exe
812	Unicorn-32038.exe
812	Unicorn-32038.exe
2660	Unicorn-32941.exe
2660	Unicorn-32941.exe
2220	Unicorn-9396.exe
2220	Unicorn-9396.exe
3036	Unicorn-16993.exe
2000	Unicorn-5312.exe

Program crash 4 IoCs

pid	pid_target	Process	procid_target
1740	2536	WerFault.exe	47
2376	3028	WerFault.exe	53
2336	1744	WerFault.exe	109
6248	2820	WerFault.exe	160

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14623.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16595.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5702.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57038.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13239.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27379.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35356.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14982.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61208.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28543.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20443.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17495.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61765.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59462.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54960.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22536.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62296.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48704.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20670.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55814.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13219.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3850.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63427.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7934.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14313.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25684.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44760.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10156.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8439.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7019.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50420.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27857.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57824.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39774.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61958.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12182.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38024.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6580.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7354.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56830.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54960.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42714.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14562.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27419.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13219.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62296.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48439.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48704.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7019.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14004.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9396.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29070.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37439.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35506.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38556.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42404.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14439.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20847.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18289.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46895.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58164.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1755.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62828.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8044.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2792	28a4d74e8f849eedffe571abbc442c80N.exe
2912	Unicorn-14004.exe
2280	Unicorn-9017.exe
1884	Unicorn-50605.exe
1648	Unicorn-40943.exe
3036	Unicorn-16993.exe
2196	Unicorn-36859.exe
2644	Unicorn-63401.exe
2660	Unicorn-32941.exe
2752	Unicorn-58000.exe
2512	Unicorn-57253.exe
2480	Unicorn-76.exe
796	Unicorn-6059.exe
112	Unicorn-19794.exe
2556	Unicorn-56988.exe
812	Unicorn-32038.exe
2220	Unicorn-9396.exe
2000	Unicorn-5312.exe
1564	Unicorn-53766.exe
2744	Unicorn-13288.exe
2536	Unicorn-29070.exe
1580	Unicorn-10687.exe
284	Unicorn-12733.exe
2204	Unicorn-37792.exe
440	Unicorn-48728.exe
1220	Unicorn-57658.exe
3028	Unicorn-35192.exe
1488	Unicorn-41322.exe
2748	Unicorn-24529.exe
3048	Unicorn-14762.exe
1500	Unicorn-44098.exe
3024	Unicorn-32635.exe
1432	Unicorn-1808.exe
2116	Unicorn-7938.exe
1496	Unicorn-38565.exe
2200	Unicorn-11830.exe
2788	Unicorn-57502.exe
2080	Unicorn-57824.exe
2888	Unicorn-54901.exe
1612	Unicorn-24083.exe
1880	Unicorn-57310.exe
2308	Unicorn-11638.exe
2800	Unicorn-62463.exe
2952	Unicorn-57367.exe
1536	Unicorn-57632.exe
2776	Unicorn-41296.exe
2484	Unicorn-60755.exe
2876	Unicorn-54103.exe
1364	Unicorn-38556.exe
1040	Unicorn-43002.exe
1516	Unicorn-11813.exe
1044	Unicorn-62603.exe
1976	Unicorn-58784.exe
1688	Unicorn-30004.exe
2032	Unicorn-25157.exe
2780	Unicorn-46895.exe
764	Unicorn-57305.exe
1188	Unicorn-37439.exe
1568	Unicorn-51175.exe
480	Unicorn-57305.exe
888	Unicorn-40512.exe
1360	Unicorn-15203.exe
1356	Unicorn-28887.exe
968	Unicorn-36501.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2792 wrote to memory of 2912	2792	28a4d74e8f849eedffe571abbc442c80N.exe	28
PID 2792 wrote to memory of 2912	2792	28a4d74e8f849eedffe571abbc442c80N.exe	28
PID 2792 wrote to memory of 2912	2792	28a4d74e8f849eedffe571abbc442c80N.exe	28
PID 2792 wrote to memory of 2912	2792	28a4d74e8f849eedffe571abbc442c80N.exe	28
PID 2912 wrote to memory of 2280	2912	Unicorn-14004.exe	29
PID 2912 wrote to memory of 2280	2912	Unicorn-14004.exe	29
PID 2912 wrote to memory of 2280	2912	Unicorn-14004.exe	29
PID 2912 wrote to memory of 2280	2912	Unicorn-14004.exe	29
PID 2792 wrote to memory of 1884	2792	28a4d74e8f849eedffe571abbc442c80N.exe	30
PID 2792 wrote to memory of 1884	2792	28a4d74e8f849eedffe571abbc442c80N.exe	30
PID 2792 wrote to memory of 1884	2792	28a4d74e8f849eedffe571abbc442c80N.exe	30
PID 2792 wrote to memory of 1884	2792	28a4d74e8f849eedffe571abbc442c80N.exe	30
PID 2280 wrote to memory of 1648	2280	Unicorn-9017.exe	31
PID 2280 wrote to memory of 1648	2280	Unicorn-9017.exe	31
PID 2280 wrote to memory of 1648	2280	Unicorn-9017.exe	31
PID 2280 wrote to memory of 1648	2280	Unicorn-9017.exe	31
PID 1884 wrote to memory of 2196	1884	Unicorn-50605.exe	32
PID 1884 wrote to memory of 2196	1884	Unicorn-50605.exe	32
PID 1884 wrote to memory of 2196	1884	Unicorn-50605.exe	32
PID 1884 wrote to memory of 2196	1884	Unicorn-50605.exe	32
PID 2912 wrote to memory of 3036	2912	Unicorn-14004.exe	33
PID 2912 wrote to memory of 3036	2912	Unicorn-14004.exe	33
PID 2912 wrote to memory of 3036	2912	Unicorn-14004.exe	33
PID 2912 wrote to memory of 3036	2912	Unicorn-14004.exe	33
PID 2792 wrote to memory of 2644	2792	28a4d74e8f849eedffe571abbc442c80N.exe	34
PID 2792 wrote to memory of 2644	2792	28a4d74e8f849eedffe571abbc442c80N.exe	34
PID 2792 wrote to memory of 2644	2792	28a4d74e8f849eedffe571abbc442c80N.exe	34
PID 2792 wrote to memory of 2644	2792	28a4d74e8f849eedffe571abbc442c80N.exe	34
PID 1648 wrote to memory of 2660	1648	Unicorn-40943.exe	35
PID 1648 wrote to memory of 2660	1648	Unicorn-40943.exe	35
PID 1648 wrote to memory of 2660	1648	Unicorn-40943.exe	35
PID 1648 wrote to memory of 2660	1648	Unicorn-40943.exe	35
PID 2280 wrote to memory of 2752	2280	Unicorn-9017.exe	36
PID 2280 wrote to memory of 2752	2280	Unicorn-9017.exe	36
PID 2280 wrote to memory of 2752	2280	Unicorn-9017.exe	36
PID 2280 wrote to memory of 2752	2280	Unicorn-9017.exe	36
PID 2644 wrote to memory of 2480	2644	Unicorn-63401.exe	37
PID 2644 wrote to memory of 2480	2644	Unicorn-63401.exe	37
PID 2644 wrote to memory of 2480	2644	Unicorn-63401.exe	37
PID 2644 wrote to memory of 2480	2644	Unicorn-63401.exe	37
PID 2792 wrote to memory of 2556	2792	28a4d74e8f849eedffe571abbc442c80N.exe	39
PID 2792 wrote to memory of 2556	2792	28a4d74e8f849eedffe571abbc442c80N.exe	39
PID 2792 wrote to memory of 2556	2792	28a4d74e8f849eedffe571abbc442c80N.exe	39
PID 2792 wrote to memory of 2556	2792	28a4d74e8f849eedffe571abbc442c80N.exe	39
PID 2196 wrote to memory of 2512	2196	Unicorn-36859.exe	38
PID 2196 wrote to memory of 2512	2196	Unicorn-36859.exe	38
PID 2196 wrote to memory of 2512	2196	Unicorn-36859.exe	38
PID 2196 wrote to memory of 2512	2196	Unicorn-36859.exe	38
PID 1884 wrote to memory of 796	1884	Unicorn-50605.exe	40
PID 1884 wrote to memory of 796	1884	Unicorn-50605.exe	40
PID 1884 wrote to memory of 796	1884	Unicorn-50605.exe	40
PID 1884 wrote to memory of 796	1884	Unicorn-50605.exe	40
PID 2912 wrote to memory of 112	2912	Unicorn-14004.exe	41
PID 2912 wrote to memory of 112	2912	Unicorn-14004.exe	41
PID 2912 wrote to memory of 112	2912	Unicorn-14004.exe	41
PID 2912 wrote to memory of 112	2912	Unicorn-14004.exe	41
PID 2660 wrote to memory of 812	2660	Unicorn-32941.exe	42
PID 2660 wrote to memory of 812	2660	Unicorn-32941.exe	42
PID 2660 wrote to memory of 812	2660	Unicorn-32941.exe	42
PID 2660 wrote to memory of 812	2660	Unicorn-32941.exe	42
PID 3036 wrote to memory of 2220	3036	Unicorn-16993.exe	43
PID 3036 wrote to memory of 2220	3036	Unicorn-16993.exe	43
PID 3036 wrote to memory of 2220	3036	Unicorn-16993.exe	43
PID 3036 wrote to memory of 2220	3036	Unicorn-16993.exe	43

C:\Users\Admin\AppData\Local\Temp\28a4d74e8f849eedffe571abbc442c80N.exe
"C:\Users\Admin\AppData\Local\Temp\28a4d74e8f849eedffe571abbc442c80N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2792
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14004.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14004.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9017.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9017.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40943.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32941.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32038.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14762.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57305.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21215.exe
        9⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14439.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34052.exe
        10⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18277.exe
        9⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42000.exe
        9⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64806.exe
        9⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        9⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21770.exe
        8⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28337.exe
        9⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2719.exe
        9⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12445.exe
        8⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29250.exe
        8⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15790.exe
        8⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18289.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37439.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48678.exe
        8⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48704.exe
        9⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50209.exe
        9⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36135.exe
        9⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3850.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17759.exe
        9⤵
        
        PID:7748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27903.exe
        8⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16021.exe
        8⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7019.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51904.exe
        8⤵
        
        PID:7200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64312.exe
        7⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59093.exe
        8⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62420.exe
        8⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44578.exe
        8⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        8⤵
        
        PID:7668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28943.exe
        7⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7356.exe
        7⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56021.exe
        7⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55409.exe
        7⤵
        
        PID:6448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44098.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48657.exe
        7⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1755.exe
        8⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50220.exe
        9⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48985.exe
        9⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5702.exe
        9⤵
        
        PID:7184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18277.exe
        8⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54881.exe
        8⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54960.exe
        8⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58938.exe
        8⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60970.exe
        7⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15477.exe
        7⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37219.exe
        7⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32856.exe
        7⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62296.exe
        7⤵
        
        PID:7596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51175.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48844.exe
        7⤵
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33765.exe
        8⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2719.exe
        8⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6580.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13411.exe
        7⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28049.exe
        7⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41872.exe
        7⤵
        
        PID:6996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54007.exe
        6⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48704.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14240.exe
        7⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15684.exe
        7⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41859.exe
        7⤵
        
        PID:6836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39774.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8044.exe
        6⤵
        
        PID:3316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54285.exe
        6⤵
        
        PID:5264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11325.exe
        6⤵
        
        PID:1868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56960.exe
        6⤵
        
        PID:7620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5312.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7938.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15203.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36810.exe
        8⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48704.exe
        9⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10156.exe
        9⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15684.exe
        9⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26098.exe
        9⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28838.exe
        8⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16021.exe
        8⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2935.exe
        8⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41851.exe
        8⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28812.exe
        7⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49628.exe
        8⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61958.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5735.exe
        8⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15651.exe
        8⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39222.exe
        7⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16021.exe
        7⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7019.exe
        7⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38343.exe
        7⤵
        
        PID:6228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28887.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1755.exe
        7⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18277.exe
        7⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54881.exe
        7⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54960.exe
        7⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18289.exe
        7⤵
        
        PID:7776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60970.exe
        6⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37449.exe
        7⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45895.exe
        7⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20559.exe
        7⤵
        
        PID:7784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61838.exe
        6⤵
        
        PID:3988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12182.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36210.exe
        6⤵
        
        PID:6356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2638.exe
        6⤵
        
        PID:7264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38565.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12572.exe
        6⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9866.exe
        7⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45352.exe
        8⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-650.exe
        9⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42300.exe
        9⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8758.exe
        9⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14993.exe
        9⤵
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27379.exe
        8⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54881.exe
        8⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54960.exe
        8⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18289.exe
        8⤵
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4874.exe
        7⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33510.exe
        8⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61765.exe
        8⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14623.exe
        8⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17759.exe
        8⤵
        
        PID:7864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27379.exe
        7⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13219.exe
        7⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27857.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45956.exe
        7⤵
        
        PID:8016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14313.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27379.exe
        7⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63049.exe
        7⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54960.exe
        7⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18289.exe
        7⤵
        
        PID:7768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27903.exe
        6⤵
        
        PID:3380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53755.exe
        6⤵
        
        PID:5248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28042.exe
        6⤵
        
        PID:6512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18289.exe
        6⤵
        
        PID:7840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28644.exe
        5⤵
        
        PID:2528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39415.exe
        6⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24937.exe
        7⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4542.exe
        7⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56555.exe
        7⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40991.exe
        7⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17759.exe
        7⤵
        
        PID:7856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21215.exe
        6⤵
        
        PID:1208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18277.exe
        6⤵
        
        PID:3808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46084.exe
        6⤵
        
        PID:5452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56830.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        6⤵
        
        PID:7564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39613.exe
        5⤵
        
        PID:1772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33744.exe
        6⤵
        
        PID:5732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28136.exe
        6⤵
        
        PID:6548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6828.exe
        6⤵
        
        PID:7884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53493.exe
        5⤵
        
        PID:3484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7886.exe
        5⤵
        
        PID:4792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51555.exe
        5⤵
        
        PID:5604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        5⤵
        
        PID:6392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58000.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58000.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29070.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2536
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 224
        6⤵
        Program crash
        
        PID:1740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43002.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54272.exe
        6⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13421.exe
        7⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63546.exe
        7⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22536.exe
        7⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4558.exe
        7⤵
        
        PID:7916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33245.exe
        6⤵
        
        PID:3648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37418.exe
        6⤵
        
        PID:5476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40294.exe
        6⤵
        
        PID:6316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14205.exe
        6⤵
        
        PID:7892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7109.exe
        5⤵
        
        PID:2632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14888.exe
        6⤵
        
        PID:6920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39989.exe
        6⤵
        
        PID:7456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8044.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37949.exe
        5⤵
        
        PID:5468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35829.exe
        5⤵
        
        PID:6236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36156.exe
        5⤵
        
        PID:8100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10687.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10687.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11638.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54080.exe
        6⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41076.exe
        7⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44303.exe
        7⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3850.exe
        7⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17759.exe
        7⤵
        
        PID:7700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55009.exe
        6⤵
        
        PID:3632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10156.exe
        6⤵
        
        PID:5036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52746.exe
        6⤵
        
        PID:6476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41872.exe
        6⤵
        
        PID:7180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1158.exe
        5⤵
        
        PID:636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61894.exe
        6⤵
        
        PID:7064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24579.exe
        5⤵
        
        PID:3788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37219.exe
        5⤵
        
        PID:5128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32856.exe
        5⤵
        
        PID:5292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62296.exe
        5⤵
        
        PID:7476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57367.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57367.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51994.exe
        5⤵
        
        PID:2448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48704.exe
        6⤵
        
        PID:3280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50209.exe
        6⤵
        
        PID:4544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7354.exe
        6⤵
        
        PID:5752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36523.exe
        6⤵
        
        PID:6900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2108.exe
        6⤵
        
        PID:7308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28838.exe
        5⤵
        
        PID:3128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47800.exe
        5⤵
        
        PID:4324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13219.exe
        5⤵
        
        PID:5788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22536.exe
        5⤵
        
        PID:6408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4558.exe
        5⤵
        
        PID:8024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23987.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23987.exe
      4⤵
      PID:1744
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 240
        5⤵
        Program crash
        
        PID:2336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26964.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26964.exe
      4⤵
      PID:1020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25110.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25110.exe
      4⤵
      PID:3312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32754.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32754.exe
      4⤵
      PID:5228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5990.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5990.exe
      4⤵
      PID:3064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63901.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63901.exe
      4⤵
      PID:7448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16993.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16993.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9396.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9396.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32635.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24057.exe
        6⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37744.exe
        7⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37641.exe
        8⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44190.exe
        8⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20559.exe
        8⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6580.exe
        7⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54881.exe
        7⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54960.exe
        7⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2638.exe
        7⤵
        
        PID:7272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47427.exe
        6⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33510.exe
        7⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61765.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14623.exe
        7⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17759.exe
        7⤵
        
        PID:7848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55973.exe
        6⤵
        
        PID:3652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24932.exe
        6⤵
        
        PID:4832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32325.exe
        6⤵
        
        PID:5280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        6⤵
        
        PID:7468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17787.exe
        5⤵
        
        PID:1836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58164.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48704.exe
        7⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54881.exe
        7⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54960.exe
        7⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8258.exe
        7⤵
        
        PID:7616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17510.exe
        6⤵
        
        PID:3436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10156.exe
        6⤵
        
        PID:5028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15684.exe
        6⤵
        
        PID:5980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2902.exe
        6⤵
        
        PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35506.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2820
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 220
        6⤵
        Program crash
        
        PID:6248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13156.exe
        5⤵
        
        PID:3496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11440.exe
        5⤵
        
        PID:4752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56021.exe
        5⤵
        
        PID:5972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55409.exe
        5⤵
        
        PID:7140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1808.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57305.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48543.exe
        6⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58382.exe
        7⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56555.exe
        7⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40991.exe
        7⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17759.exe
        7⤵
        
        PID:7716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55009.exe
        6⤵
        
        PID:3612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10156.exe
        6⤵
        
        PID:5044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22536.exe
        6⤵
        
        PID:6440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4558.exe
        6⤵
        
        PID:7904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-774.exe
        5⤵
        
        PID:2676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4127.exe
        6⤵
        
        PID:3756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61958.exe
        6⤵
        
        PID:4924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5735.exe
        6⤵
        
        PID:5512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1515.exe
        6⤵
        
        PID:7048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7291.exe
        5⤵
        
        PID:3524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16021.exe
        5⤵
        
        PID:4988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7019.exe
        5⤵
        
        PID:932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5479.exe
        5⤵
        
        PID:6232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40512.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48844.exe
        5⤵
        
        PID:1724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24253.exe
        6⤵
        
        PID:5316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17924.exe
        6⤵
        
        PID:7404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6580.exe
        5⤵
        
        PID:3708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33832.exe
        5⤵
        
        PID:4728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32325.exe
        5⤵
        
        PID:5592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        5⤵
        
        PID:7544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39914.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39914.exe
      4⤵
      PID:972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27911.exe
        5⤵
        
        PID:4260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1595.exe
        5⤵
        
        PID:6060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63522.exe
        5⤵
        
        PID:6724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26425.exe
        5⤵
        
        PID:7876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4310.exe
      4⤵
      PID:3444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4166.exe
      4⤵
      PID:1404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30494.exe
      4⤵
      PID:6216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61161.exe
      4⤵
      PID:7608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19794.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19794.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41322.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41322.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41296.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9866.exe
        6⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58351.exe
        7⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13644.exe
        7⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56555.exe
        7⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40991.exe
        7⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63995.exe
        7⤵
        
        PID:3852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28838.exe
        6⤵
        
        PID:3120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35356.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13219.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36217.exe
        6⤵
        
        PID:6816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45956.exe
        6⤵
        
        PID:8092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30841.exe
        5⤵
        
        PID:2296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31268.exe
        6⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56881.exe
        7⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41141.exe
        7⤵
        
        PID:7240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27379.exe
        6⤵
        
        PID:652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62420.exe
        6⤵
        
        PID:5212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32325.exe
        6⤵
        
        PID:6088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45956.exe
        6⤵
        
        PID:7976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46051.exe
        5⤵
        
        PID:1988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64682.exe
        6⤵
        
        PID:1260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13644.exe
        6⤵
        
        PID:3920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56555.exe
        6⤵
        
        PID:5144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39072.exe
        6⤵
        
        PID:6428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21792.exe
        6⤵
        
        PID:7944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32430.exe
        5⤵
        
        PID:1908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24579.exe
        5⤵
        
        PID:3848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37219.exe
        5⤵
        
        PID:5136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32856.exe
        5⤵
        
        PID:1716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62296.exe
        5⤵
        
        PID:7484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54103.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20933.exe
        5⤵
        
        PID:1668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42404.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33510.exe
        7⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59156.exe
        7⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30657.exe
        7⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1536.exe
        7⤵
        
        PID:6376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42237.exe
        6⤵
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14982.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61411.exe
        6⤵
        
        PID:6384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62492.exe
        6⤵
        
        PID:7964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44760.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63427.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16595.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61208.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18277.exe
        5⤵
        
        PID:3912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13219.exe
        5⤵
        
        PID:5804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27857.exe
        5⤵
        
        PID:6880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45956.exe
        5⤵
        
        PID:8040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39307.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39307.exe
      4⤵
      PID:2256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26067.exe
        5⤵
        
        PID:2976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18277.exe
        5⤵
        
        PID:3944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63049.exe
        5⤵
        
        PID:5460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54960.exe
        5⤵
        
        PID:6760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18289.exe
        5⤵
        
        PID:7660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1490.exe
      4⤵
      PID:1840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14888.exe
        5⤵
        
        PID:6832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15485.exe
        5⤵
        
        PID:7388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53173.exe
      4⤵
      PID:3948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65268.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65268.exe
      4⤵
      PID:5076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57360.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57360.exe
      4⤵
      PID:6328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62296.exe
      4⤵
      PID:7532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24529.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24529.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58784.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58784.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45663.exe
        5⤵
        
        PID:1224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48704.exe
        6⤵
        
        PID:3220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54881.exe
        6⤵
        
        PID:5716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54960.exe
        6⤵
        
        PID:6768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18289.exe
        6⤵
        
        PID:7724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27903.exe
        5⤵
        
        PID:3372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20105.exe
        5⤵
        
        PID:4760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7019.exe
        5⤵
        
        PID:6084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38343.exe
        5⤵
        
        PID:6224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55538.exe
      4⤵
      PID:1860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9337.exe
        5⤵
        
        PID:3584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61958.exe
        5⤵
        
        PID:5004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5735.exe
        5⤵
        
        PID:5372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31988.exe
        5⤵
        
        PID:7076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-986.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-986.exe
      4⤵
      PID:3972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16021.exe
      4⤵
      PID:4980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7019.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7019.exe
      4⤵
      PID:6140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51904.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51904.exe
      4⤵
      PID:7192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25157.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25157.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24209.exe
      4⤵
      PID:768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58687.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58687.exe
      4⤵
      PID:3052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4127.exe
        5⤵
        
        PID:3780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61958.exe
        5⤵
        
        PID:4956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9819.exe
        5⤵
        
        PID:5160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1707.exe
        5⤵
        
        PID:6284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9072.exe
      4⤵
      PID:3516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7356.exe
      4⤵
      PID:4912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51937.exe
      4⤵
      PID:5580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58917.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58917.exe
      4⤵
      PID:1632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51993.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51993.exe
    3⤵
    PID:2760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59062.exe
      4⤵
      PID:2936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13644.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13644.exe
      4⤵
      PID:324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56555.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56555.exe
      4⤵
      PID:5176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40991.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40991.exe
      4⤵
      PID:6124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17759.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17759.exe
      4⤵
      PID:7644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47538.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47538.exe
    3⤵
    PID:2736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3579.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3579.exe
    3⤵
    PID:4120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27419.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27419.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10190.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10190.exe
    3⤵
    PID:5276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33425.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33425.exe
    3⤵
    PID:7504
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50605.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50605.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36859.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36859.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57253.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57253.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57502.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56078.exe
        6⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20443.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13644.exe
        7⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63546.exe
        7⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5958.exe
        7⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        7⤵
        
        PID:7708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50930.exe
        6⤵
        
        PID:920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27379.exe
        6⤵
        
        PID:3452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54881.exe
        6⤵
        
        PID:5544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54960.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18289.exe
        6⤵
        
        PID:7556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49948.exe
        5⤵
        
        PID:2664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58351.exe
        6⤵
        
        PID:2692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13644.exe
        6⤵
        
        PID:3684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7354.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40607.exe
        6⤵
        
        PID:6940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62492.exe
        6⤵
        
        PID:8084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48439.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32555.exe
        5⤵
        
        PID:4292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8439.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24303.exe
        5⤵
        
        PID:6984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37407.exe
        5⤵
        
        PID:7212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37792.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37792.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38556.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45144.exe
        6⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55451.exe
        7⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8619.exe
        7⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20559.exe
        7⤵
        
        PID:7756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19948.exe
        6⤵
        
        PID:3856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62420.exe
        6⤵
        
        PID:4852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32325.exe
        6⤵
        
        PID:6176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45956.exe
        6⤵
        
        PID:7988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16233.exe
        5⤵
        
        PID:2360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29468.exe
        6⤵
        
        PID:6004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28136.exe
        6⤵
        
        PID:6844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25844.exe
        6⤵
        
        PID:3776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24579.exe
        5⤵
        
        PID:3432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20883.exe
        5⤵
        
        PID:5432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32856.exe
        5⤵
        
        PID:5928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62296.exe
        5⤵
        
        PID:7580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11813.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11813.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1755.exe
        5⤵
        
        PID:2896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21513.exe
        6⤵
        
        PID:5968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17924.exe
        6⤵
        
        PID:7416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18277.exe
        5⤵
        
        PID:3900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50168.exe
        5⤵
        
        PID:5392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48662.exe
        5⤵
        
        PID:6496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45956.exe
        5⤵
        
        PID:7936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1490.exe
      4⤵
      PID:3000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33360.exe
        5⤵
        
        PID:6016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28136.exe
        5⤵
        
        PID:6520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25844.exe
        5⤵
        
        PID:8072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53173.exe
      4⤵
      PID:3956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61184.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61184.exe
      4⤵
      PID:4828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32856.exe
      4⤵
      PID:6184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46644.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46644.exe
      4⤵
      PID:7284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6059.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6059.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57658.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57658.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30004.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57038.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48704.exe
        7⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29980.exe
        7⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7354.exe
        7⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40607.exe
        7⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63995.exe
        7⤵
        
        PID:7256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28838.exe
        6⤵
        
        PID:3104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43716.exe
        6⤵
        
        PID:4272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42000.exe
        6⤵
        
        PID:5700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64806.exe
        6⤵
        
        PID:6644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        6⤵
        
        PID:7808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38324.exe
        5⤵
        
        PID:1472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45352.exe
        6⤵
        
        PID:3604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61958.exe
        6⤵
        
        PID:4964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5735.exe
        6⤵
        
        PID:5576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1515.exe
        6⤵
        
        PID:7060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30861.exe
        5⤵
        
        PID:3692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11745.exe
        5⤵
        
        PID:5068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7019.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38343.exe
        5⤵
        
        PID:6860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46895.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46895.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11402.exe
        5⤵
        
        PID:1996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33510.exe
        6⤵
        
        PID:4184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22399.exe
        6⤵
        
        PID:5628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51462.exe
        6⤵
        
        PID:6540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14993.exe
        6⤵
        
        PID:8144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6580.exe
        5⤵
        
        PID:3680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17495.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23965.exe
        5⤵
        
        PID:6596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41872.exe
        5⤵
        
        PID:8136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42714.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42714.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16287.exe
        5⤵
        
        PID:5084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61621.exe
        5⤵
        
        PID:6108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5702.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8044.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8044.exe
      4⤵
      PID:3356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42033.exe
      4⤵
      PID:5384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12736.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12736.exe
      4⤵
      PID:6348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47429.exe
      4⤵
      PID:7492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35192.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35192.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3028
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 240
      4⤵
      Program crash
      PID:2376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62603.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62603.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9866.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9866.exe
      4⤵
      PID:2332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1755.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29468.exe
        6⤵
        
        PID:5996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28136.exe
        6⤵
        
        PID:6424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6828.exe
        6⤵
        
        PID:7764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18277.exe
        5⤵
        
        PID:3860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42000.exe
        5⤵
        
        PID:5668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60722.exe
        5⤵
        
        PID:6800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45956.exe
        5⤵
        
        PID:8076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14562.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14562.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33510.exe
        5⤵
        
        PID:4152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50199.exe
        5⤵
        
        PID:5296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30711.exe
        5⤵
        
        PID:6196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53030.exe
        5⤵
        
        PID:7460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55973.exe
      4⤵
      PID:3980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20847.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20847.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32325.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32325.exe
      4⤵
      PID:6160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
      4⤵
      PID:7824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41777.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41777.exe
    3⤵
    PID:2252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29431.exe
      4⤵
      PID:3864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38024.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8758.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8758.exe
      4⤵
      PID:6568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10773.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10773.exe
      4⤵
      PID:7248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8568.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8568.exe
    3⤵
    PID:3468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7886.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7886.exe
    3⤵
    PID:4800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51555.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51555.exe
    3⤵
    PID:6036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28543.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28543.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7128
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63401.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63401.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-76.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-76.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53766.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53766.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24083.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30287.exe
        6⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48704.exe
        7⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50209.exe
        7⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7354.exe
        7⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36523.exe
        7⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58408.exe
        7⤵
        
        PID:8180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20670.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2491.exe
        6⤵
        
        PID:4496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13219.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22536.exe
        6⤵
        
        PID:6420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4558.exe
        6⤵
        
        PID:8188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19549.exe
        5⤵
        
        PID:2600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33510.exe
        6⤵
        
        PID:4168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20732.exe
        6⤵
        
        PID:5916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14623.exe
        6⤵
        
        PID:6640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63995.exe
        6⤵
        
        PID:7172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24579.exe
        5⤵
        
        PID:3796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37219.exe
        5⤵
        
        PID:5192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32856.exe
        5⤵
        
        PID:952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62296.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62463.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62463.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24209.exe
        5⤵
        
        PID:1808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6655.exe
        6⤵
        
        PID:5328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13632.exe
        6⤵
        
        PID:6868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28146.exe
        6⤵
        
        PID:7440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24579.exe
        5⤵
        
        PID:592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59495.exe
        5⤵
        
        PID:5488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50494.exe
        5⤵
        
        PID:6656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36156.exe
        5⤵
        
        PID:7996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34379.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34379.exe
      4⤵
      PID:2408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48704.exe
        5⤵
        
        PID:3288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42040.exe
        5⤵
        
        PID:4572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7354.exe
        5⤵
        
        PID:5736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40607.exe
        5⤵
        
        PID:6888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58408.exe
        5⤵
        
        PID:7124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25103.exe
      4⤵
      PID:3476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60442.exe
      4⤵
      PID:4768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7549.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7549.exe
      4⤵
      PID:5908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33878.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33878.exe
      4⤵
      PID:6280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13288.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13288.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11830.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11830.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36501.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13239.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16287.exe
        7⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57537.exe
        7⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44659.exe
        7⤵
        
        PID:6200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55009.exe
        6⤵
        
        PID:3640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10156.exe
        6⤵
        
        PID:5052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11600.exe
        6⤵
        
        PID:5600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41859.exe
        6⤵
        
        PID:7036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58719.exe
        5⤵
        
        PID:2044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62685.exe
        6⤵
        
        PID:5532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62039.exe
        6⤵
        
        PID:7108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23659.exe
        6⤵
        
        PID:8172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3207.exe
        5⤵
        
        PID:3540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4746.exe
        5⤵
        
        PID:4144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15790.exe
        5⤵
        
        PID:2208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18289.exe
        5⤵
        
        PID:7512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37055.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37055.exe
      4⤵
      Executes dropped EXE
      PID:1848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25684.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13665.exe
        6⤵
        
        PID:4856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53597.exe
        6⤵
        
        PID:5876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14623.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62492.exe
        6⤵
        
        PID:8116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33245.exe
        5⤵
        
        PID:3660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33334.exe
        5⤵
        
        PID:5584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48270.exe
        5⤵
        
        PID:6668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63022.exe
        5⤵
        
        PID:8028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52034.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52034.exe
      4⤵
      PID:864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61676.exe
        5⤵
        
        PID:6628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48158.exe
        5⤵
        
        PID:7400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3780.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3780.exe
      4⤵
      PID:3424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53748.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53748.exe
      4⤵
      PID:4732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53276.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53276.exe
      4⤵
      PID:6368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37407.exe
      4⤵
      PID:7224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54901.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54901.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48543.exe
      4⤵
      PID:2372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2653.exe
        5⤵
        
        PID:1712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13644.exe
        5⤵
        
        PID:3752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40219.exe
        5⤵
        
        PID:5424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36523.exe
        5⤵
        
        PID:6964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24223.exe
        5⤵
        
        PID:2940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19352.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19352.exe
      4⤵
      PID:1664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27379.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27379.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13219.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13219.exe
      4⤵
      PID:5820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22536.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4558.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4558.exe
      4⤵
      PID:8156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48278.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48278.exe
    3⤵
    PID:2796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40536.exe
      4⤵
      PID:3304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25704.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25704.exe
      4⤵
      PID:4216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63546.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63546.exe
      4⤵
      PID:5540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22536.exe
      4⤵
      PID:6508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4558.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4558.exe
      4⤵
      PID:8036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36421.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36421.exe
    3⤵
    PID:3572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56358.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56358.exe
    3⤵
    PID:4868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7549.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7549.exe
    3⤵
    PID:1532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41662.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41662.exe
    3⤵
    PID:1228
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56988.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56988.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12733.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12733.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57824.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37653.exe
        5⤵
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48844.exe
        6⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33318.exe
        7⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-312.exe
        7⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14623.exe
        7⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62492.exe
        7⤵
        
        PID:8008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55009.exe
        6⤵
        
        PID:3624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10156.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52746.exe
        6⤵
        
        PID:6452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41872.exe
        6⤵
        
        PID:8148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30322.exe
        5⤵
        
        PID:2384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45414.exe
        6⤵
        
        PID:1528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13644.exe
        6⤵
        
        PID:3336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56555.exe
        6⤵
        
        PID:4816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40991.exe
        6⤵
        
        PID:6152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17759.exe
        6⤵
        
        PID:7588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60581.exe
        5⤵
        
        PID:2040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33245.exe
        5⤵
        
        PID:3160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53755.exe
        5⤵
        
        PID:5220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46106.exe
        5⤵
        
        PID:6488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18289.exe
        5⤵
        
        PID:7684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25763.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25763.exe
      4⤵
      PID:2320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37744.exe
        5⤵
        
        PID:2248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55814.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1595.exe
        6⤵
        
        PID:6072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34741.exe
        6⤵
        
        PID:6872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5620.exe
        6⤵
        
        PID:8064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6580.exe
        5⤵
        
        PID:3732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33832.exe
        5⤵
        
        PID:940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56830.exe
        5⤵
        
        PID:6204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        5⤵
        
        PID:7692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61162.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61162.exe
      4⤵
      PID:2300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52622.exe
        5⤵
        
        PID:2972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13644.exe
        5⤵
        
        PID:3172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7354.exe
        5⤵
        
        PID:5796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40607.exe
        5⤵
        
        PID:6928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9207.exe
        5⤵
        
        PID:7908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52165.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52165.exe
      4⤵
      PID:1492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24579.exe
      4⤵
      PID:3832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37219.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37219.exe
      4⤵
      PID:5164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32856.exe
      4⤵
      PID:5888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62296.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57310.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57310.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51994.exe
      4⤵
      PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13945.exe
        5⤵
        
        PID:2836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4542.exe
        5⤵
        
        PID:3840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36135.exe
        5⤵
        
        PID:5676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7934.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62492.exe
        5⤵
        
        PID:8052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28096.exe
      4⤵
      PID:680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27379.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27379.exe
      4⤵
      PID:3096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54881.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54881.exe
      4⤵
      PID:5560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54960.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54960.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18289.exe
      4⤵
      PID:7792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26787.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26787.exe
    3⤵
    PID:1192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6580.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6580.exe
      4⤵
      PID:3700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33832.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33832.exe
      4⤵
      PID:4740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22536.exe
      4⤵
      PID:6412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4558.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4558.exe
      4⤵
      PID:7960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48439.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48439.exe
    3⤵
    PID:3144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45000.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45000.exe
    3⤵
    PID:4300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16799.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16799.exe
    3⤵
    PID:5660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65336.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65336.exe
    3⤵
    PID:6676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62296.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62296.exe
    3⤵
    PID:7740
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48728.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48728.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57632.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57632.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32918.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32918.exe
      4⤵
      PID:2356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48704.exe
        5⤵
        
        PID:3256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50209.exe
        5⤵
        
        PID:4552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59462.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18452.exe
        5⤵
        
        PID:7004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4558.exe
        5⤵
        
        PID:8004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12310.exe
      4⤵
      PID:3364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10851.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10851.exe
      4⤵
      PID:4440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46084.exe
      4⤵
      PID:5444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56830.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56830.exe
      4⤵
      PID:6264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45956.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45956.exe
      4⤵
      PID:7952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33280.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33280.exe
    3⤵
    PID:2352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56706.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56706.exe
      4⤵
      PID:2584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13644.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13644.exe
      4⤵
      PID:3420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7354.exe
      4⤵
      PID:5760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36523.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36523.exe
      4⤵
      PID:6956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62492.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62492.exe
      4⤵
      PID:8124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62828.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62828.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33245.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33245.exe
    3⤵
    PID:3556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4554.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4554.exe
    3⤵
    PID:5772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11322.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11322.exe
    3⤵
    PID:7092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63022.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63022.exe
    3⤵
    PID:8108
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60755.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60755.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48844.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48844.exe
    3⤵
    PID:1864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48704.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48704.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54293.exe
      4⤵
      PID:4480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31858.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31858.exe
      4⤵
      PID:5648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3850.exe
      4⤵
      PID:6736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17759.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17759.exe
      4⤵
      PID:7676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54459.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54459.exe
    3⤵
    PID:3392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6020.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6020.exe
    3⤵
    PID:4348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21195.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21195.exe
    3⤵
    PID:6044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48662.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48662.exe
    3⤵
    PID:6432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
    3⤵
    PID:7572
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40444.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40444.exe
  2⤵
  PID:1304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29489.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29489.exe
    3⤵
    PID:6092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17924.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17924.exe
    3⤵
    PID:7424
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49027.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49027.exe
  2⤵
  PID:3512
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50641.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50641.exe
  2⤵
  PID:4784
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50420.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50420.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5952
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5007.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5007.exe
  2⤵
  PID:7080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11813.exe

Filesize
468KB

MD5
16559a79cd0ee69d8183ed459a176afc

SHA1
31c1f02af4a88afa52b2cefd6696c8eb6706e6ba

SHA256
f4f1ccaa35076b035b5bf6aa8b2585e133cd3fc525e3bddf197dd401ff70e34a

SHA512
32204b9636ad393be0e0f4c8be64aed92c5e6342f6105b1dc6b6af7331d2037a685e941bb598a1df45df1e6fed48b07a693fb01e62c73f99d38f7cec597bfa66

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19794.exe

Filesize
468KB

MD5
87fea151a3eed8821216eb9d9e9169ef

SHA1
4b5cbb9cba1617ee4a04d6fac9130eddc6538bca

SHA256
be0b79402018f93f7714c6c8cada78bf6737e229dfe8871c07d601f074cdb531

SHA512
ccc5ddf4928a5559152b85a31123ed637aea22ab7b4615a14106bd039000bcfb633c28ef4fa1c0c9e101e5084b650bbbd827ec86cc62120cb8b0835f2509d01b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33334.exe

Filesize
468KB

MD5
3bcebe60bf81a6058dd0c76ffa70cd8f

SHA1
6ffb5d93567f750ac511c7fdc5d85c4be9f70ebf

SHA256
828a8e11c05cd3bb4d0be7651d440aa3f3f2a564b79a974b125b8bc24d9c8b20

SHA512
e5ea9dffefe9e3dddc756ea1bc033a1da0a96ca1283b9d3a6741a5458cc01d1c5aaaf3689c8bc10c553de3fc43333ad408e23cb45672f46f5f49459c591f2874

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36859.exe

Filesize
468KB

MD5
a475079ad8ba4ab9d63fb7bb783ed2e3

SHA1
5cf5310f006b6b5877b9f11c196ee7bae11894fe

SHA256
b12816cf8201b92702a592c4f5513059924e0a82a04685e243c01384d3f404f6

SHA512
1f8bf8aaf771dd553fc44afca9c42d26eca80342ea8ee33563c0a9eb26495ac3b7311ad4a62e04bdf0fd2c81619d4a4ed77e2fd4e125f21f097160fbd7a17522

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44190.exe

Filesize
468KB

MD5
cd928544a1aa88e022db44831d22144b

SHA1
52577139378857c41b123a47581f490ad7fa63ef

SHA256
3adcc676a6e49d99730f3d7f7bbf768fd32dfed2a8a4841b6a49892aef7e2695

SHA512
311d12d5ff5edffb1df06012f9be392bf74b97bf14ce6d6cf3e35b078a0b24869196251023f34c33ab559e11c84ae80e30ef8625bcdbac240d458b0147968557

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57253.exe

Filesize
468KB

MD5
a8b9e9de504246c65530642f75925d95

SHA1
55cd5464be4c48adebc691574e71600e87cf355d

SHA256
319a6f43bc28763982b105074b314449cc609eaa298d9bf58efb864c490afece

SHA512
1c3890b65daab3595a5d0e32c0fa0f15d68833687acb87541e2e35959ef4f575c4095e28c726398fe22aa2c6e5a8f9927c3f104dd9b5aa2b26493a866d73db68

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60722.exe

Filesize
468KB

MD5
df3c78361aef7e368969479604658bbf

SHA1
27ecfb39fc52dc2bc2caf3e002224d09948a7ae2

SHA256
2533ec9618b932b0524478edacc99a248a6830da00c4db42084592a6ecffd3a5

SHA512
200ee52cd86b55ce3826e89f87b93978b10a95bd8afc0ee87ec1af2d3c700d34ad637242bd362dd1fe7cca9223155f8272d04e5c7742115b94190383a22eaf2e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14004.exe

Filesize
468KB

MD5
f643495e286d7607880da88665a499f3

SHA1
f65e5bb816ba9148ea6bc54d1ee8931ab61f2450

SHA256
d48c14cfed14e18c13944bbb4115a5174989db8ac8d76a2922842a519308dbbe

SHA512
cab48c0ecf3bb675508c76f9e0ad017e85d3e53b90882dfaf85218a7da5576c23bb95063dd1009d26090508d215873aebeb9890810abea82c3e06356e8cfdddb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16993.exe

Filesize
468KB

MD5
594861cc565a391a2a20f806ae3dc49c

SHA1
406ba53524c0e61f3e21e260cabfbb984865bfc2

SHA256
ccd1f806f82b98a630bbd7aab81ce20590554a0ae32223747b08698c86500128

SHA512
9e1c6b245a584f221a4a1338820471722d640a14387779cfd53bcab092f1be06ff4414800ad02e6d08f198d21de695f36d4efefb88d50c548ba1bc024024e3e7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32038.exe

Filesize
468KB

MD5
dcee92e108f650a94331378aaf340a39

SHA1
afe39055c94b130ce31cf23117c05ace14af15d8

SHA256
f188c23968ab314cc671f79312cc5a7cbe4d24a137be884af1bb2fa8ffd75820

SHA512
e0754403a176693bd4cf9212a48f2c7fbec18c6ef7ca2f3ca429775f52fe563d2fc60797cebfbf3f52e843df92f0d0dafa0810eeb3b94a47f423c9199eb9ceb0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32941.exe

Filesize
468KB

MD5
efff028f536508e86c20b131d6cf9c6a

SHA1
c8255fd03a74b7c86e422559fc3dbbd31393eae6

SHA256
1433cc44b9b9c1cc37997a5b0fa64756f5ac045484f2f7ac00a26d420bbe1d9d

SHA512
54f0c2f0807ffed1b739c846a4f76818b324365620a988459f2a36813dce9261fad7a35a2b64042371f2f6353e0adc8c54c58dfc249dd2a19eaf09c5499e824f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40943.exe

Filesize
468KB

MD5
e57ccbb93482733f7c16e949e38333b9

SHA1
a6f80cbb342a5b478b538aa118c54d1121310e14

SHA256
cc0d8ab6aaf842f04a00a8463d2832d79a6bb027c3dcb9c2c94e83c64e6a9c79

SHA512
c6c96916159fcb82c6d9e5683a514acdc398742cabfd60c621e7ec7b034c7c02739d0f666f0c23ccbcddb6f8bb52fa5a9202c38ffea60b41007fb343631990c8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50605.exe

Filesize
468KB

MD5
be17140d1bfda52b866ab1147d4a203f

SHA1
4303bc7ae4ca26b61b16afe398d0e4d9b18e8983

SHA256
0844e10e76826b168158c00feb41ca3afc4fd0b269bba41bdbef280eb1f09189

SHA512
9a4336441a49255e862afb7f881054fac638735eaf189d491174f7bf0b61e70c9c7a326422b5c268dfc2d6a99dc6c56d0df43da185b0158b1e45a3e237c7363a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5312.exe

Filesize
468KB

MD5
d3e924e40916e915762c8c2e0a8ad155

SHA1
2d2cb7d114e70ed624c456f7f3ecad06fbd75d8d

SHA256
60e9175fc4098e594efcd280e411956dc7613a2a92d909891eefbccd2cbf14ee

SHA512
7cd2612d6554ea30cb40626bda97d2191ee19f33072038f242e144d0dded24c020b9b46cb80de45a5ca1b406abda6967c85d0352c3acbda3961c6df4b79f0f6d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53766.exe

Filesize
468KB

MD5
da989cbd2c5cbdd4f456a3d1e4c234d7

SHA1
431b25fd6f3ffe054865567326a21920f7019e09

SHA256
e62fb7da16aab2b61b079161627ae618dc761e881afa051337431be5e963f66b

SHA512
2456a13f6e237af42f9713819de407827dff58823b3466f08725aafd46d2e40b7df368c3e7d504e6a62e36b725251c2131d1bcf155ac4aa76b87c11e1ef79b2e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56988.exe

Filesize
468KB

MD5
2be31552db14eab9a2a38a5853601359

SHA1
f334ece7c25c5e71a4835615bb630c10c42bdb8b

SHA256
f3873cf6d8be23d0ac090279743c1cd8c9f0f35a6fd800b4f7f6fbb6e0cb4b68

SHA512
54629bd25543926cca28c148de18a1883a0b54fe9607d787576ca6f95b5ff122078ce5f70a7f5094b1f2a774d5afb4890850abd6ac1a0807005cea8d3a293730

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58000.exe

Filesize
468KB

MD5
c797de44bb2c88c52753a859d4963b10

SHA1
0805c175e683fe856028e6a3717e8643c125b3f6

SHA256
f0cce8e6c7c92085b8722f6fb5b0cb16b87ebef29a469e5b295787bd6b30b92d

SHA512
62e46f38fd73b0da7e0bd1d2f614c3b038ba1d8fc1ca4d2ca988b44af8866810ce6c2bc2cc2da04e6f8ff12afa2f4c4cbf5be1457bdbf883a850b3057561673e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6059.exe

Filesize
468KB

MD5
6975488177be246ae420749b7f2d9676

SHA1
f808971b51195c891acca7e26ddf5802951f2f22

SHA256
2e6b78c782ca771a5c60cea3127c2ec789ca39516336f334269322965020362c

SHA512
65c5f2b76546b8f0f6697bb5b33aa7d40ccee68dbf3a2cefb889b3e5918f956ff08d8ded7bc1ca76716521786161ab6e2a3a2d04226a67ae66c662a2dae9871b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63401.exe

Filesize
468KB

MD5
1d6d6463a1ee839a7b23915eb84ec0d5

SHA1
9845301f857585ae7dfdbb6ff6f19b64b0f2cd34

SHA256
ba4a57c3bb57d900572ad85b3ba55618359fdd7123bffdd5f881368072267ecb

SHA512
5f9b05d6e472f239286a44ba13788ccec185f309e6f351412e3004db73e99fc0c5579b41546393c0d2bb756a5d269483001d1e9c3638fb34a86b003d59f996fd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-76.exe

Filesize
468KB

MD5
7f67ed01d5cf26b905a023e359e6f7ee

SHA1
0a8db81608a00154887252eb49c075b8f948e42a

SHA256
68d37988ed3e4b0cab882fcbac7ba7f54942a34b7ea7cf33f36f1ba9d1609318

SHA512
16b4981627e29dc03747f00ee68c5b261ae848d59d5065e0aebb4168c5fcd133e99653d936d451f9f7274cd2c5bc84691b7da15f6538a550d589d15ed559dd3e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9017.exe

Filesize
468KB

MD5
ab283c9ee55fa9c9fdeaaef5ab4401a0

SHA1
ba1a1b231ed0bf3d7d597e9a8b2893b823f686d6

SHA256
b7cbd8acb458e07e7b42eeeae6eaf6a0f5c80d93e9343ef23cc401c621aa1705

SHA512
6463a5099fae363e8c3c7150ebc9782d6641afb436fd424a2d52c15a40399a80b4bca7bac82b8fdddfada9fc0424a2a5b65d4b16c15ef3fd504498d4a53b69f2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9396.exe

Filesize
468KB

MD5
9be8344b4f4fc5a64a4fb1fb12ad1143

SHA1
c1b4003a27809a4e3bf9a292265f678c2fae8b45

SHA256
56ffa57dfae107b2e0e2d689de5038263e539d4a118e1014ef1200861d6fe453

SHA512
bc5f8211c7d3ba3ca18cd701a5673edd7222f5c51ec8b961e49b943e1d6ef60552dd110ddd18792ad190dec9b6633304e83c2f6624f8fc92dbee6dcb7f3db977

Download Submit