ec394f3697216c2c711444d4220d3442bef63b02272c4ef034dd7a63b3f8523b

Analysis

max time kernel
116s
max time network
17s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05-09-2024 12:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ae870ecc96eac49eb70a1cf1251ac020N.exe
Size

468KB
MD5

ae870ecc96eac49eb70a1cf1251ac020
SHA1

3fcb11334934eac2abab41a41a31bd3c92154906
SHA256

ec394f3697216c2c711444d4220d3442bef63b02272c4ef034dd7a63b3f8523b
SHA512

e1fa78d2d4f665503344d36f2403e05f968b563b0dce7b317ec9becad93cb3af76f6e3e45889235fc88cf68c3384696aefa67e01958acc72cc345706b0007f24
SSDEEP

3072:/bCBovIwU35/tbYUPgtL8fF/E5RwOIXXgmHo3rBaO0swrXRuT1lf:/bIoIJ/t/PML8f62kYO0ZrRuT

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2672	Unicorn-54893.exe
2652	Unicorn-46569.exe
2784	Unicorn-62350.exe
2772	Unicorn-8126.exe
2696	Unicorn-6080.exe
2540	Unicorn-12210.exe
2992	Unicorn-513.exe
2196	Unicorn-15583.exe
880	Unicorn-36366.exe
2824	Unicorn-8100.exe
2844	Unicorn-8847.exe
1660	Unicorn-28713.exe
2832	Unicorn-30750.exe
2972	Unicorn-36881.exe
1816	Unicorn-5095.exe
844	Unicorn-40446.exe
2148	Unicorn-65313.exe
2944	Unicorn-7389.exe
2172	Unicorn-23179.exe
1736	Unicorn-61790.exe
1936	Unicorn-41370.exe
108	Unicorn-1084.exe
2936	Unicorn-22987.exe
2384	Unicorn-29118.exe
980	Unicorn-33202.exe
1348	Unicorn-44500.exe
2464	Unicorn-45817.exe
2440	Unicorn-145.exe
2496	Unicorn-20492.exe
484	Unicorn-9060.exe
1700	Unicorn-39507.exe
2096	Unicorn-18192.exe
1652	Unicorn-24323.exe
1596	Unicorn-12070.exe
2724	Unicorn-57742.exe
2676	Unicorn-45490.exe
2780	Unicorn-3710.exe
2544	Unicorn-11613.exe
2568	Unicorn-36575.exe
2588	Unicorn-65526.exe
2516	Unicorn-19855.exe
1748	Unicorn-36937.exe
3012	Unicorn-31915.exe
2380	Unicorn-56611.exe
1516	Unicorn-50481.exe
1980	Unicorn-42496.exe
1440	Unicorn-32994.exe
568	Unicorn-21313.exe
1104	Unicorn-34328.exe
1100	Unicorn-37642.exe
1036	Unicorn-46388.exe
592	Unicorn-46388.exe
644	Unicorn-55303.exe
2236	Unicorn-54748.exe
2180	Unicorn-48618.exe
1144	Unicorn-60678.exe
1040	Unicorn-1271.exe
2340	Unicorn-46943.exe
1876	Unicorn-54919.exe
2432	Unicorn-5199.exe
776	Unicorn-5199.exe
1940	Unicorn-18934.exe
876	Unicorn-24800.exe
3032	Unicorn-5199.exe

Loads dropped DLL 64 IoCs

pid	Process
1600	ae870ecc96eac49eb70a1cf1251ac020N.exe
1600	ae870ecc96eac49eb70a1cf1251ac020N.exe
2672	Unicorn-54893.exe
1600	ae870ecc96eac49eb70a1cf1251ac020N.exe
1600	ae870ecc96eac49eb70a1cf1251ac020N.exe
2672	Unicorn-54893.exe
1600	ae870ecc96eac49eb70a1cf1251ac020N.exe
2652	Unicorn-46569.exe
1600	ae870ecc96eac49eb70a1cf1251ac020N.exe
2652	Unicorn-46569.exe
2784	Unicorn-62350.exe
2784	Unicorn-62350.exe
2672	Unicorn-54893.exe
2672	Unicorn-54893.exe
2772	Unicorn-8126.exe
2772	Unicorn-8126.exe
2652	Unicorn-46569.exe
2652	Unicorn-46569.exe
2540	Unicorn-12210.exe
2540	Unicorn-12210.exe
2784	Unicorn-62350.exe
2992	Unicorn-513.exe
2784	Unicorn-62350.exe
2992	Unicorn-513.exe
2672	Unicorn-54893.exe
2672	Unicorn-54893.exe
2696	Unicorn-6080.exe
2696	Unicorn-6080.exe
1600	ae870ecc96eac49eb70a1cf1251ac020N.exe
1600	ae870ecc96eac49eb70a1cf1251ac020N.exe
2196	Unicorn-15583.exe
2196	Unicorn-15583.exe
2772	Unicorn-8126.exe
2772	Unicorn-8126.exe
880	Unicorn-36366.exe
880	Unicorn-36366.exe
2652	Unicorn-46569.exe
2652	Unicorn-46569.exe
2972	Unicorn-36881.exe
2972	Unicorn-36881.exe
2844	Unicorn-8847.exe
2844	Unicorn-8847.exe
2696	Unicorn-6080.exe
2696	Unicorn-6080.exe
2784	Unicorn-62350.exe
1816	Unicorn-5095.exe
2784	Unicorn-62350.exe
1816	Unicorn-5095.exe
1660	Unicorn-28713.exe
1660	Unicorn-28713.exe
1600	ae870ecc96eac49eb70a1cf1251ac020N.exe
1600	ae870ecc96eac49eb70a1cf1251ac020N.exe
2992	Unicorn-513.exe
2992	Unicorn-513.exe
2824	Unicorn-8100.exe
2824	Unicorn-8100.exe
2672	Unicorn-54893.exe
2672	Unicorn-54893.exe
2540	Unicorn-12210.exe
2540	Unicorn-12210.exe
2148	Unicorn-65313.exe
2148	Unicorn-65313.exe
2772	Unicorn-8126.exe
844	Unicorn-40446.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2740	2384	WerFault.exe	53
2168	2708	WerFault.exe	113

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21313.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5199.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61288.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42722.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46388.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64211.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62836.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13634.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32904.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45009.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6787.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26231.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27819.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22109.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43252.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8609.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1271.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59722.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25926.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63231.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11641.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14209.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7389.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45284.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10443.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40121.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9722.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29951.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19042.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34897.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25926.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49727.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36343.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50481.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32421.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43246.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4892.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26784.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15979.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57236.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27354.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18540.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16899.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8214.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18192.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39939.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46614.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16349.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36343.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58926.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45490.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59836.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25555.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36343.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22826.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40121.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12409.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18540.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8544.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38021.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63231.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58517.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44500.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18934.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1600	ae870ecc96eac49eb70a1cf1251ac020N.exe
2672	Unicorn-54893.exe
2652	Unicorn-46569.exe
2784	Unicorn-62350.exe
2772	Unicorn-8126.exe
2540	Unicorn-12210.exe
2696	Unicorn-6080.exe
2992	Unicorn-513.exe
2196	Unicorn-15583.exe
880	Unicorn-36366.exe
2824	Unicorn-8100.exe
2844	Unicorn-8847.exe
2832	Unicorn-30750.exe
1660	Unicorn-28713.exe
2972	Unicorn-36881.exe
1816	Unicorn-5095.exe
844	Unicorn-40446.exe
2148	Unicorn-65313.exe
2944	Unicorn-7389.exe
2172	Unicorn-23179.exe
1736	Unicorn-61790.exe
1936	Unicorn-41370.exe
108	Unicorn-1084.exe
2384	Unicorn-29118.exe
2936	Unicorn-22987.exe
980	Unicorn-33202.exe
2464	Unicorn-45817.exe
2440	Unicorn-145.exe
1348	Unicorn-44500.exe
2496	Unicorn-20492.exe
484	Unicorn-9060.exe
1700	Unicorn-39507.exe
2096	Unicorn-18192.exe
1652	Unicorn-24323.exe
1596	Unicorn-12070.exe
2724	Unicorn-57742.exe
2676	Unicorn-45490.exe
2780	Unicorn-3710.exe
2544	Unicorn-11613.exe
2588	Unicorn-65526.exe
2568	Unicorn-36575.exe
2516	Unicorn-19855.exe
1748	Unicorn-36937.exe
3012	Unicorn-31915.exe
1516	Unicorn-50481.exe
2380	Unicorn-56611.exe
1980	Unicorn-42496.exe
1440	Unicorn-32994.exe
568	Unicorn-21313.exe
1104	Unicorn-34328.exe
1100	Unicorn-37642.exe
1036	Unicorn-46388.exe
592	Unicorn-46388.exe
644	Unicorn-55303.exe
2236	Unicorn-54748.exe
2180	Unicorn-48618.exe
2340	Unicorn-46943.exe
1040	Unicorn-1271.exe
1144	Unicorn-60678.exe
1876	Unicorn-54919.exe
3032	Unicorn-5199.exe
2432	Unicorn-5199.exe
2392	Unicorn-5199.exe
1940	Unicorn-18934.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1600 wrote to memory of 2672	1600	ae870ecc96eac49eb70a1cf1251ac020N.exe	30
PID 1600 wrote to memory of 2672	1600	ae870ecc96eac49eb70a1cf1251ac020N.exe	30
PID 1600 wrote to memory of 2672	1600	ae870ecc96eac49eb70a1cf1251ac020N.exe	30
PID 1600 wrote to memory of 2672	1600	ae870ecc96eac49eb70a1cf1251ac020N.exe	30
PID 1600 wrote to memory of 2652	1600	ae870ecc96eac49eb70a1cf1251ac020N.exe	32
PID 1600 wrote to memory of 2652	1600	ae870ecc96eac49eb70a1cf1251ac020N.exe	32
PID 1600 wrote to memory of 2652	1600	ae870ecc96eac49eb70a1cf1251ac020N.exe	32
PID 1600 wrote to memory of 2652	1600	ae870ecc96eac49eb70a1cf1251ac020N.exe	32
PID 2672 wrote to memory of 2784	2672	Unicorn-54893.exe	31
PID 2672 wrote to memory of 2784	2672	Unicorn-54893.exe	31
PID 2672 wrote to memory of 2784	2672	Unicorn-54893.exe	31
PID 2672 wrote to memory of 2784	2672	Unicorn-54893.exe	31
PID 1600 wrote to memory of 2696	1600	ae870ecc96eac49eb70a1cf1251ac020N.exe	33
PID 1600 wrote to memory of 2696	1600	ae870ecc96eac49eb70a1cf1251ac020N.exe	33
PID 1600 wrote to memory of 2696	1600	ae870ecc96eac49eb70a1cf1251ac020N.exe	33
PID 1600 wrote to memory of 2696	1600	ae870ecc96eac49eb70a1cf1251ac020N.exe	33
PID 2652 wrote to memory of 2772	2652	Unicorn-46569.exe	34
PID 2652 wrote to memory of 2772	2652	Unicorn-46569.exe	34
PID 2652 wrote to memory of 2772	2652	Unicorn-46569.exe	34
PID 2652 wrote to memory of 2772	2652	Unicorn-46569.exe	34
PID 2784 wrote to memory of 2540	2784	Unicorn-62350.exe	35
PID 2784 wrote to memory of 2540	2784	Unicorn-62350.exe	35
PID 2784 wrote to memory of 2540	2784	Unicorn-62350.exe	35
PID 2784 wrote to memory of 2540	2784	Unicorn-62350.exe	35
PID 2672 wrote to memory of 2992	2672	Unicorn-54893.exe	36
PID 2672 wrote to memory of 2992	2672	Unicorn-54893.exe	36
PID 2672 wrote to memory of 2992	2672	Unicorn-54893.exe	36
PID 2672 wrote to memory of 2992	2672	Unicorn-54893.exe	36
PID 2772 wrote to memory of 2196	2772	Unicorn-8126.exe	37
PID 2772 wrote to memory of 2196	2772	Unicorn-8126.exe	37
PID 2772 wrote to memory of 2196	2772	Unicorn-8126.exe	37
PID 2772 wrote to memory of 2196	2772	Unicorn-8126.exe	37
PID 2652 wrote to memory of 880	2652	Unicorn-46569.exe	38
PID 2652 wrote to memory of 880	2652	Unicorn-46569.exe	38
PID 2652 wrote to memory of 880	2652	Unicorn-46569.exe	38
PID 2652 wrote to memory of 880	2652	Unicorn-46569.exe	38
PID 2540 wrote to memory of 2824	2540	Unicorn-12210.exe	39
PID 2540 wrote to memory of 2824	2540	Unicorn-12210.exe	39
PID 2540 wrote to memory of 2824	2540	Unicorn-12210.exe	39
PID 2540 wrote to memory of 2824	2540	Unicorn-12210.exe	39
PID 2784 wrote to memory of 2844	2784	Unicorn-62350.exe	40
PID 2784 wrote to memory of 2844	2784	Unicorn-62350.exe	40
PID 2784 wrote to memory of 2844	2784	Unicorn-62350.exe	40
PID 2784 wrote to memory of 2844	2784	Unicorn-62350.exe	40
PID 2992 wrote to memory of 1660	2992	Unicorn-513.exe	41
PID 2992 wrote to memory of 1660	2992	Unicorn-513.exe	41
PID 2992 wrote to memory of 1660	2992	Unicorn-513.exe	41
PID 2992 wrote to memory of 1660	2992	Unicorn-513.exe	41
PID 2672 wrote to memory of 2832	2672	Unicorn-54893.exe	42
PID 2672 wrote to memory of 2832	2672	Unicorn-54893.exe	42
PID 2672 wrote to memory of 2832	2672	Unicorn-54893.exe	42
PID 2672 wrote to memory of 2832	2672	Unicorn-54893.exe	42
PID 2696 wrote to memory of 2972	2696	Unicorn-6080.exe	43
PID 2696 wrote to memory of 2972	2696	Unicorn-6080.exe	43
PID 2696 wrote to memory of 2972	2696	Unicorn-6080.exe	43
PID 2696 wrote to memory of 2972	2696	Unicorn-6080.exe	43
PID 1600 wrote to memory of 1816	1600	ae870ecc96eac49eb70a1cf1251ac020N.exe	44
PID 1600 wrote to memory of 1816	1600	ae870ecc96eac49eb70a1cf1251ac020N.exe	44
PID 1600 wrote to memory of 1816	1600	ae870ecc96eac49eb70a1cf1251ac020N.exe	44
PID 1600 wrote to memory of 1816	1600	ae870ecc96eac49eb70a1cf1251ac020N.exe	44
PID 2196 wrote to memory of 844	2196	Unicorn-15583.exe	45
PID 2196 wrote to memory of 844	2196	Unicorn-15583.exe	45
PID 2196 wrote to memory of 844	2196	Unicorn-15583.exe	45
PID 2196 wrote to memory of 844	2196	Unicorn-15583.exe	45

C:\Users\Admin\AppData\Local\Temp\ae870ecc96eac49eb70a1cf1251ac020N.exe
"C:\Users\Admin\AppData\Local\Temp\ae870ecc96eac49eb70a1cf1251ac020N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1600
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54893.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54893.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62350.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62350.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12210.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12210.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8100.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-145.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1271.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37434.exe
        8⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53521.exe
        9⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63578.exe
        9⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29031.exe
        9⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36903.exe
        9⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42722.exe
        9⤵
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64211.exe
        8⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39291.exe
        8⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51508.exe
        8⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36343.exe
        8⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14209.exe
        8⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13292.exe
        7⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44206.exe
        8⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40749.exe
        8⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34897.exe
        8⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22508.exe
        8⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14209.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44124.exe
        7⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53894.exe
        7⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26762.exe
        7⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31741.exe
        7⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20662.exe
        7⤵
        
        PID:7284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54919.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22826.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8544.exe
        8⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10484.exe
        8⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63231.exe
        8⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36343.exe
        8⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14209.exe
        8⤵
        
        PID:7516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64211.exe
        7⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39291.exe
        7⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55592.exe
        7⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36343.exe
        7⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14209.exe
        7⤵
        
        PID:7532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45284.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46307.exe
        7⤵
        
        PID:7684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19042.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24238.exe
        6⤵
        
        PID:5088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19683.exe
        6⤵
        
        PID:5952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15343.exe
        6⤵
        
        PID:7092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4409.exe
        6⤵
        
        PID:7804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9060.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54748.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33158.exe
        7⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1881.exe
        8⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63578.exe
        8⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29031.exe
        8⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36903.exe
        8⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42722.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13619.exe
        7⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11776.exe
        7⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34897.exe
        7⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31252.exe
        7⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49766.exe
        7⤵
        
        PID:7256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54325.exe
        6⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6479.exe
        7⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45784.exe
        7⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27819.exe
        7⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36343.exe
        7⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14209.exe
        7⤵
        
        PID:7880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12409.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24736.exe
        6⤵
        
        PID:4980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46927.exe
        6⤵
        
        PID:5664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19808.exe
        6⤵
        
        PID:6360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31275.exe
        6⤵
        
        PID:7980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60678.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22826.exe
        6⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46457.exe
        7⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27769.exe
        7⤵
        
        PID:6860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16899.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27056.exe
        6⤵
        
        PID:5064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55436.exe
        6⤵
        
        PID:5560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58544.exe
        6⤵
        
        PID:6784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1948.exe
        5⤵
        
        PID:2084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26089.exe
        6⤵
        
        PID:6780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58234.exe
        5⤵
        
        PID:4020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8214.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7156.exe
        5⤵
        
        PID:5312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57410.exe
        5⤵
        
        PID:6656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8847.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8847.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41370.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19855.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51414.exe
        7⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28359.exe
        8⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14007.exe
        8⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33544.exe
        8⤵
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64979.exe
        7⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39291.exe
        7⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55592.exe
        7⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36343.exe
        7⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14209.exe
        7⤵
        
        PID:7608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64029.exe
        6⤵
        
        PID:272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26324.exe
        7⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5135.exe
        7⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49727.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14008.exe
        7⤵
        
        PID:6624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13177.exe
        6⤵
        
        PID:3168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45156.exe
        6⤵
        
        PID:4784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46927.exe
        6⤵
        
        PID:5632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44917.exe
        6⤵
        
        PID:7176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36937.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46754.exe
        6⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37168.exe
        7⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63198.exe
        7⤵
        
        PID:7476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8544.exe
        6⤵
        
        PID:3148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10484.exe
        6⤵
        
        PID:4568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63231.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36343.exe
        6⤵
        
        PID:6476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14209.exe
        6⤵
        
        PID:7872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4142.exe
        5⤵
        
        PID:2788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8544.exe
        6⤵
        
        PID:3140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10484.exe
        6⤵
        
        PID:760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63231.exe
        6⤵
        
        PID:5940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36343.exe
        6⤵
        
        PID:6456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14209.exe
        6⤵
        
        PID:7904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46479.exe
        5⤵
        
        PID:3756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56686.exe
        5⤵
        
        PID:4308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55096.exe
        5⤵
        
        PID:5852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15343.exe
        5⤵
        
        PID:6980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4409.exe
        5⤵
        
        PID:7620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22987.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22987.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56611.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5996.exe
        6⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28276.exe
        7⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16808.exe
        7⤵
        
        PID:6616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8544.exe
        6⤵
        
        PID:3128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10484.exe
        6⤵
        
        PID:4576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11702.exe
        6⤵
        
        PID:5612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47528.exe
        6⤵
        
        PID:7312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10443.exe
        5⤵
        
        PID:2620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59836.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47457.exe
        5⤵
        
        PID:5548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15343.exe
        5⤵
        
        PID:6956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4409.exe
        5⤵
        
        PID:7728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32994.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63090.exe
        5⤵
        
        PID:1668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8544.exe
        6⤵
        
        PID:3100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10484.exe
        6⤵
        
        PID:4552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33491.exe
        6⤵
        
        PID:5516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58926.exe
        6⤵
        
        PID:6920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64211.exe
        5⤵
        
        PID:3436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18870.exe
        5⤵
        
        PID:4972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19153.exe
        5⤵
        
        PID:6032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10454.exe
        5⤵
        
        PID:6156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41524.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41524.exe
      4⤵
      PID:1960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24741.exe
        5⤵
        
        PID:3256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16349.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16956.exe
        5⤵
        
        PID:5512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14538.exe
        5⤵
        
        PID:7144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58611.exe
      4⤵
      PID:3452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4540.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4540.exe
      4⤵
      PID:4592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21842.exe
      4⤵
      PID:5372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10008.exe
      4⤵
      PID:6252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8609.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8609.exe
      4⤵
      PID:7860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-513.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-513.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28713.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28713.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33202.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46388.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-511.exe
        7⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40121.exe
        8⤵
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19499.exe
        8⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46927.exe
        8⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14538.exe
        8⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15295.exe
        7⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16899.exe
        7⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27056.exe
        7⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38030.exe
        7⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36874.exe
        7⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9744.exe
        7⤵
        
        PID:7840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41906.exe
        6⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40121.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56672.exe
        8⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25408.exe
        8⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33544.exe
        8⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19499.exe
        7⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10902.exe
        7⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10454.exe
        7⤵
        
        PID:6548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59722.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1008.exe
        7⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11641.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59836.exe
        6⤵
        
        PID:4452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60440.exe
        6⤵
        
        PID:5148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53325.exe
        6⤵
        
        PID:6540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55303.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5425.exe
        6⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54014.exe
        7⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63578.exe
        7⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29031.exe
        7⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35450.exe
        7⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47540.exe
        7⤵
        
        PID:8072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61288.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17641.exe
        6⤵
        
        PID:4152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26231.exe
        6⤵
        
        PID:4112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11702.exe
        6⤵
        
        PID:4444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43252.exe
        6⤵
        
        PID:7416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55499.exe
        5⤵
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44206.exe
        6⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37185.exe
        7⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63578.exe
        7⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29031.exe
        7⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35450.exe
        7⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5581.exe
        7⤵
        
        PID:7496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12409.exe
        6⤵
        
        PID:3520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32904.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46927.exe
        6⤵
        
        PID:5648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19808.exe
        6⤵
        
        PID:6324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31275.exe
        6⤵
        
        PID:7996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34896.exe
        5⤵
        
        PID:2744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8544.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10484.exe
        6⤵
        
        PID:4548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63231.exe
        6⤵
        
        PID:5864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36343.exe
        6⤵
        
        PID:7020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14209.exe
        6⤵
        
        PID:7712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9609.exe
        5⤵
        
        PID:3504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19955.exe
        5⤵
        
        PID:4696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47457.exe
        5⤵
        
        PID:5556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63690.exe
        5⤵
        
        PID:5996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10008.exe
        5⤵
        
        PID:6372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8609.exe
        5⤵
        
        PID:7776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45817.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45817.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31915.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63090.exe
        6⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25276.exe
        7⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64772.exe
        7⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22674.exe
        7⤵
        
        PID:6804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22279.exe
        6⤵
        
        PID:4048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16349.exe
        6⤵
        
        PID:4356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16956.exe
        6⤵
        
        PID:5492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10454.exe
        6⤵
        
        PID:7108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30588.exe
        5⤵
        
        PID:2888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1881.exe
        6⤵
        
        PID:2436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2125.exe
        6⤵
        
        PID:4196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29031.exe
        6⤵
        
        PID:4108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36903.exe
        6⤵
        
        PID:2872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42722.exe
        6⤵
        
        PID:7380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27354.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17641.exe
        5⤵
        
        PID:3836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26231.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14717.exe
        5⤵
        
        PID:5292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43252.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50481.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38695.exe
        5⤵
        
        PID:1784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53521.exe
        6⤵
        
        PID:3288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63578.exe
        6⤵
        
        PID:4168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29031.exe
        6⤵
        
        PID:2308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36903.exe
        6⤵
        
        PID:6112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42722.exe
        6⤵
        
        PID:7372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64211.exe
        5⤵
        
        PID:3444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39291.exe
        5⤵
        
        PID:4736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19153.exe
        5⤵
        
        PID:5908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10454.exe
        5⤵
        
        PID:7100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46406.exe
      4⤵
      PID:2904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18540.exe
        5⤵
        
        PID:3696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25555.exe
        5⤵
        
        PID:4880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27819.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36343.exe
        5⤵
        
        PID:6428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14209.exe
        5⤵
        
        PID:7572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9609.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9609.exe
      4⤵
      PID:3472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19955.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19955.exe
      4⤵
      PID:4764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63690.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63690.exe
      4⤵
      PID:5904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10008.exe
      4⤵
      PID:6964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8609.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8609.exe
      4⤵
      PID:7484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30750.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30750.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18934.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18934.exe
      4⤵
      PID:2184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14356.exe
        5⤵
        
        PID:2536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18540.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25555.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27819.exe
        6⤵
        
        PID:6040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36343.exe
        6⤵
        
        PID:6988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14209.exe
        6⤵
        
        PID:7632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55659.exe
        5⤵
        
        PID:3948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39291.exe
        5⤵
        
        PID:4840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55592.exe
        5⤵
        
        PID:5728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36343.exe
        5⤵
        
        PID:6996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14209.exe
        5⤵
        
        PID:7596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22067.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22067.exe
      4⤵
      PID:2012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52518.exe
        5⤵
        
        PID:6736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19809.exe
        5⤵
        
        PID:7540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55370.exe
      4⤵
      PID:4432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20591.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20591.exe
      4⤵
      PID:5448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63383.exe
      4⤵
      PID:6564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20492.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20492.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42496.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42496.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5036.exe
        5⤵
        
        PID:2368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16494.exe
        6⤵
        
        PID:6844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19809.exe
        6⤵
        
        PID:7736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11034.exe
        5⤵
        
        PID:3984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35722.exe
        5⤵
        
        PID:4144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6434.exe
        5⤵
        
        PID:5764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14538.exe
        5⤵
        
        PID:7156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26203.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26203.exe
      4⤵
      PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18540.exe
        5⤵
        
        PID:3676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25555.exe
        5⤵
        
        PID:4680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45643.exe
        5⤵
        
        PID:5320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14008.exe
        5⤵
        
        PID:6604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12409.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12409.exe
      4⤵
      PID:3464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45156.exe
      4⤵
      PID:4752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21769.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21769.exe
      4⤵
      PID:6108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54460.exe
      4⤵
      PID:6864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21313.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21313.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51414.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51414.exe
      4⤵
      PID:2212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21429.exe
        5⤵
        
        PID:6832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3473.exe
        5⤵
        
        PID:7188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64979.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64979.exe
      4⤵
      PID:3184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18870.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18870.exe
      4⤵
      PID:4956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55592.exe
      4⤵
      PID:5720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36343.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14209.exe
      4⤵
      PID:7896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58429.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58429.exe
    3⤵
    PID:2956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38021.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60496.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60496.exe
      4⤵
      PID:5832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39144.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39144.exe
      4⤵
      PID:6216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39410.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39410.exe
      4⤵
      PID:7820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10907.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10907.exe
    3⤵
    PID:3212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15490.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15490.exe
    3⤵
    PID:4796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20591.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20591.exe
    3⤵
    PID:5440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29674.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29674.exe
    3⤵
    PID:6568
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46569.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46569.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8126.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8126.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15583.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15583.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40446.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24323.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39939.exe
        7⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18540.exe
        8⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25555.exe
        8⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21239.exe
        8⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58926.exe
        8⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18274.exe
        7⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36490.exe
        7⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19683.exe
        7⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15343.exe
        7⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4409.exe
        7⤵
        
        PID:7796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17259.exe
        6⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40121.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40749.exe
        7⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34897.exe
        7⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2747.exe
        7⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14209.exe
        7⤵
        
        PID:7492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5149.exe
        6⤵
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18540.exe
        7⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25555.exe
        7⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45643.exe
        7⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45009.exe
        7⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30744.exe
        7⤵
        
        PID:7444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38479.exe
        6⤵
        
        PID:3800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5231.exe
        6⤵
        
        PID:5220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49649.exe
        6⤵
        
        PID:6296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20477.exe
        6⤵
        
        PID:8020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57742.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5425.exe
        6⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11279.exe
        7⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8544.exe
        8⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10484.exe
        8⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63231.exe
        8⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36343.exe
        8⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14209.exe
        8⤵
        
        PID:7640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64211.exe
        7⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39291.exe
        7⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31088.exe
        7⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36343.exe
        7⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14209.exe
        7⤵
        
        PID:7432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5149.exe
        6⤵
        
        PID:616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16899.exe
        6⤵
        
        PID:3268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37158.exe
        6⤵
        
        PID:4184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21577.exe
        6⤵
        
        PID:5308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54460.exe
        6⤵
        
        PID:6880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18934.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55389.exe
        6⤵
        
        PID:2144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46614.exe
        6⤵
        
        PID:3392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26231.exe
        6⤵
        
        PID:2616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37066.exe
        6⤵
        
        PID:6812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9744.exe
        6⤵
        
        PID:7332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30236.exe
        5⤵
        
        PID:1664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63779.exe
        6⤵
        
        PID:7088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19479.exe
        5⤵
        
        PID:4064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56686.exe
        5⤵
        
        PID:4508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55096.exe
        5⤵
        
        PID:5840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15343.exe
        5⤵
        
        PID:7112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4409.exe
        5⤵
        
        PID:7460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65313.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65313.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39507.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56869.exe
        6⤵
        
        PID:2796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11364.exe
        6⤵
        
        PID:4424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25926.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10008.exe
        6⤵
        
        PID:7164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8609.exe
        6⤵
        
        PID:7668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5199.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43246.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7362.exe
        7⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34235.exe
        7⤵
        
        PID:6760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51575.exe
        6⤵
        
        PID:3900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18870.exe
        6⤵
        
        PID:4964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55592.exe
        6⤵
        
        PID:5744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36343.exe
        6⤵
        
        PID:6436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14209.exe
        6⤵
        
        PID:7564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45476.exe
        5⤵
        
        PID:2984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2203.exe
        6⤵
        
        PID:3724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2011.exe
        6⤵
        
        PID:4248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27819.exe
        6⤵
        
        PID:6028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36343.exe
        6⤵
        
        PID:6364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14209.exe
        6⤵
        
        PID:7912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29951.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36490.exe
        5⤵
        
        PID:4744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40488.exe
        5⤵
        
        PID:5468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53209.exe
        5⤵
        
        PID:6160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18192.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5425.exe
        5⤵
        
        PID:1676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1881.exe
        6⤵
        
        PID:2312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13634.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55592.exe
        6⤵
        
        PID:5736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36343.exe
        6⤵
        
        PID:6460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14209.exe
        6⤵
        
        PID:7924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15979.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17641.exe
        5⤵
        
        PID:3352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26231.exe
        5⤵
        
        PID:5168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18417.exe
        5⤵
        
        PID:6168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37907.exe
        5⤵
        
        PID:7544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24800.exe
      4⤵
      Executes dropped EXE
      PID:876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-760.exe
        5⤵
        
        PID:1240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18442.exe
        6⤵
        
        PID:5276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48714.exe
        6⤵
        
        PID:6384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17208.exe
        6⤵
        
        PID:7196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8544.exe
        5⤵
        
        PID:4088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10484.exe
        5⤵
        
        PID:4512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63231.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36343.exe
        5⤵
        
        PID:7004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14209.exe
        5⤵
        
        PID:7336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1342.exe
      4⤵
      PID:2896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53909.exe
        5⤵
        
        PID:6896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19809.exe
        5⤵
        
        PID:7644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2944.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2944.exe
      4⤵
      PID:3856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8214.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8214.exe
      4⤵
      PID:2292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50970.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50970.exe
      4⤵
      PID:5404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10008.exe
      4⤵
      PID:6908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8609.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8609.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36366.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36366.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7389.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7389.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12070.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39939.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-157.exe
        7⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20468.exe
        7⤵
        
        PID:8104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28145.exe
        6⤵
        
        PID:4056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7684.exe
        6⤵
        
        PID:4448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7237.exe
        6⤵
        
        PID:4520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20662.exe
        6⤵
        
        PID:7300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5199.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44206.exe
        6⤵
        
        PID:2052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40749.exe
        6⤵
        
        PID:3944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34897.exe
        6⤵
        
        PID:5028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26784.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14593.exe
        6⤵
        
        PID:8168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59722.exe
        5⤵
        
        PID:1044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37948.exe
        5⤵
        
        PID:3924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9696.exe
        5⤵
        
        PID:5240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33319.exe
        5⤵
        
        PID:6448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9744.exe
        5⤵
        
        PID:7676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45490.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25065.exe
        5⤵
        
        PID:712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15295.exe
        5⤵
        
        PID:596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19116.exe
        6⤵
        
        PID:3360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13303.exe
        6⤵
        
        PID:5072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49727.exe
        6⤵
        
        PID:5688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14008.exe
        6⤵
        
        PID:6592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16899.exe
        5⤵
        
        PID:3320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27056.exe
        5⤵
        
        PID:5096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34022.exe
        5⤵
        
        PID:5384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44434.exe
        5⤵
        
        PID:7220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18934.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18934.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11279.exe
        5⤵
        
        PID:756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1383.exe
        5⤵
        
        PID:3236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29856.exe
        5⤵
        
        PID:5052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63231.exe
        5⤵
        
        PID:5912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36343.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14209.exe
        5⤵
        
        PID:7948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11014.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11014.exe
      4⤵
      PID:1456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11364.exe
      4⤵
      PID:4488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1422.exe
      4⤵
      PID:5756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10008.exe
      4⤵
      PID:6932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8609.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8609.exe
      4⤵
      PID:7356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23179.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23179.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3710.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3710.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39939.exe
        5⤵
        
        PID:1776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18540.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9219.exe
        6⤵
        
        PID:5012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49727.exe
        6⤵
        
        PID:5680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45009.exe
        6⤵
        
        PID:6528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30744.exe
        6⤵
        
        PID:7752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9722.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36490.exe
        5⤵
        
        PID:4816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19683.exe
        5⤵
        
        PID:5968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15343.exe
        5⤵
        
        PID:6948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5199.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5199.exe
      4⤵
      Executes dropped EXE
      PID:776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46754.exe
        5⤵
        
        PID:700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48434.exe
        6⤵
        
        PID:6772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19809.exe
        6⤵
        
        PID:7716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8544.exe
        5⤵
        
        PID:3092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10484.exe
        5⤵
        
        PID:4440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63231.exe
        5⤵
        
        PID:5888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36343.exe
        5⤵
        
        PID:7036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14209.exe
        5⤵
        
        PID:7660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31578.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31578.exe
      4⤵
      PID:944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8544.exe
        5⤵
        
        PID:3076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62359.exe
        5⤵
        
        PID:4176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21047.exe
        5⤵
        
        PID:5272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58926.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26059.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26059.exe
      4⤵
      PID:3824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16070.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16070.exe
      4⤵
      PID:4924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30391.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30391.exe
      4⤵
      PID:5604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58544.exe
      4⤵
      PID:6752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11613.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11613.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39249.exe
      4⤵
      PID:2452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11279.exe
        5⤵
        
        PID:872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28276.exe
        6⤵
        
        PID:6132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25408.exe
        6⤵
        
        PID:6184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40749.exe
        5⤵
        
        PID:3928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34897.exe
        5⤵
        
        PID:5160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34952.exe
        5⤵
        
        PID:1384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45345.exe
        5⤵
        
        PID:7524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5149.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5149.exe
      4⤵
      PID:1860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16899.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16899.exe
      4⤵
      PID:3220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27056.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27056.exe
      4⤵
      PID:5060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34022.exe
      4⤵
      PID:5520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58544.exe
      4⤵
      PID:6580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32421.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32421.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44206.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44206.exe
      4⤵
      PID:2660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41719.exe
        5⤵
        
        PID:6464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19809.exe
        5⤵
        
        PID:7748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40749.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40749.exe
      4⤵
      PID:4052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34897.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34897.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10448.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10448.exe
      4⤵
      PID:6272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34245.exe
      4⤵
      PID:7864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9695.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9695.exe
    3⤵
    PID:2848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20009.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20009.exe
    3⤵
    PID:4008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52220.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52220.exe
    3⤵
    PID:4384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28230.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28230.exe
    3⤵
    PID:5508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14208.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14208.exe
    3⤵
    PID:7120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46410.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46410.exe
    3⤵
    PID:7508
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6080.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6080.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36881.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36881.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61790.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36575.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39939.exe
        6⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48504.exe
        7⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16808.exe
        7⤵
        
        PID:6628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11364.exe
        6⤵
        
        PID:4468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25926.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10008.exe
        6⤵
        
        PID:6972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8609.exe
        6⤵
        
        PID:7680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5199.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46754.exe
        6⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18540.exe
        7⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9219.exe
        7⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27819.exe
        7⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36343.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14209.exe
        7⤵
        
        PID:7888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64211.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22954.exe
        6⤵
        
        PID:4996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19153.exe
        6⤵
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19808.exe
        6⤵
        
        PID:6340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31275.exe
        6⤵
        
        PID:7988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35663.exe
        5⤵
        
        PID:1016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58517.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61366.exe
        6⤵
        
        PID:7072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8234.exe
        5⤵
        
        PID:3248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10521.exe
        5⤵
        
        PID:4128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12491.exe
        5⤵
        
        PID:2348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53209.exe
        5⤵
        
        PID:6512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65526.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65526.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29183.exe
        5⤵
        
        PID:2708
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 220
        6⤵
        Program crash
        
        PID:2168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15295.exe
        5⤵
        
        PID:3008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37948.exe
        5⤵
        
        PID:3864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9696.exe
        5⤵
        
        PID:5212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6983.exe
        5⤵
        
        PID:6556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4409.exe
        5⤵
        
        PID:7604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52985.exe
      4⤵
      PID:1052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33485.exe
        5⤵
        
        PID:3160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63578.exe
        5⤵
        
        PID:3560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29031.exe
        5⤵
        
        PID:2016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39918.exe
        5⤵
        
        PID:5256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46998.exe
        5⤵
        
        PID:7292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42073.exe
      4⤵
      PID:3188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4892.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9696.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9696.exe
      4⤵
      PID:5232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35483.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35483.exe
      4⤵
      PID:6176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4124.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4124.exe
      4⤵
      PID:7704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1084.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1084.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46388.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46388.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1061.exe
        5⤵
        
        PID:2628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28410.exe
        6⤵
        
        PID:3340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62286.exe
        6⤵
        
        PID:4560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57366.exe
        6⤵
        
        PID:5596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45009.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30744.exe
        6⤵
        
        PID:7816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6458.exe
        5⤵
        
        PID:3812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39291.exe
        5⤵
        
        PID:4824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19153.exe
        5⤵
        
        PID:6012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10454.exe
        5⤵
        
        PID:7128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23380.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23380.exe
      4⤵
      PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21107.exe
        5⤵
        
        PID:6504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3473.exe
        5⤵
        
        PID:7208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65310.exe
      4⤵
      PID:3892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28820.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28820.exe
      4⤵
      PID:5020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46927.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46927.exe
      4⤵
      PID:5640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19808.exe
      4⤵
      PID:6244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31275.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31275.exe
      4⤵
      PID:7972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48618.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48618.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22333.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22333.exe
      4⤵
      PID:2164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49930.exe
        5⤵
        
        PID:1444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16349.exe
        5⤵
        
        PID:4528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54566.exe
        5⤵
        
        PID:5876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19808.exe
        5⤵
        
        PID:6260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31275.exe
        5⤵
        
        PID:7964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47553.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47553.exe
      4⤵
      PID:2092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15860.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15860.exe
      4⤵
      PID:4204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34897.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34897.exe
      4⤵
      PID:4268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28237.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28237.exe
      4⤵
      PID:6124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26186.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26186.exe
      4⤵
      PID:7448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63100.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63100.exe
    3⤵
    PID:316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2930.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2930.exe
      4⤵
      PID:4368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43630.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43630.exe
      4⤵
      PID:5620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39144.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39144.exe
      4⤵
      PID:6352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39410.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39410.exe
      4⤵
      PID:7788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57236.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57236.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27587.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27587.exe
    3⤵
    PID:3368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33565.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33565.exe
    3⤵
    PID:5504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10008.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10008.exe
    3⤵
    PID:6220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8609.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8609.exe
    3⤵
    PID:7768
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5095.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5095.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29118.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29118.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2384
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 240
      4⤵
      Program crash
      PID:2740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46943.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46943.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45244.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45244.exe
      4⤵
      PID:2976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1912.exe
        5⤵
        
        PID:2808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15830.exe
        6⤵
        
        PID:8136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46614.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26231.exe
        5⤵
        
        PID:5204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59450.exe
        5⤵
        
        PID:6304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43143.exe
        5⤵
        
        PID:8048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10443.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10443.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61274.exe
        5⤵
        
        PID:3280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62286.exe
        5⤵
        
        PID:4340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42157.exe
        5⤵
        
        PID:5460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9924.exe
        5⤵
        
        PID:6232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16899.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16899.exe
      4⤵
      PID:3316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27056.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27056.exe
      4⤵
      PID:5068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34022.exe
      4⤵
      PID:5356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54460.exe
      4⤵
      PID:6928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13540.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13540.exe
    3⤵
    PID:3016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11279.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11279.exe
      4⤵
      PID:1616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62836.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29856.exe
      4⤵
      PID:4992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15099.exe
      4⤵
      PID:5672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36343.exe
      4⤵
      PID:7052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14209.exe
      4⤵
      PID:7652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11014.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11014.exe
    3⤵
    PID:1096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11364.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11364.exe
    3⤵
    PID:4496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25926.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25926.exe
    3⤵
    PID:5432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10008.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10008.exe
    3⤵
    PID:6940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8609.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8609.exe
    3⤵
    PID:7756
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44500.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44500.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34328.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34328.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5425.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5425.exe
      4⤵
      PID:1740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18540.exe
        5⤵
        
        PID:3644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10484.exe
        5⤵
        
        PID:4360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33491.exe
        5⤵
        
        PID:5532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58926.exe
        5⤵
        
        PID:7068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12409.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12409.exe
      4⤵
      PID:3512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45156.exe
      4⤵
      PID:4776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2618.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2618.exe
      4⤵
      PID:5980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58544.exe
      4⤵
      PID:6800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17259.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17259.exe
    3⤵
    PID:1640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40121.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40121.exe
      4⤵
      PID:1796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19499.exe
      4⤵
      PID:4400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21769.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21769.exe
      4⤵
      PID:6128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54460.exe
      4⤵
      PID:6892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29030.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29030.exe
    3⤵
    PID:2548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9323.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9323.exe
      4⤵
      PID:4656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64772.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64772.exe
      4⤵
      PID:5808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22674.exe
      4⤵
      PID:6576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21413.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21413.exe
    3⤵
    PID:3780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26762.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26762.exe
    3⤵
    PID:5176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54984.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54984.exe
    3⤵
    PID:6312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16277.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16277.exe
    3⤵
    PID:8040
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37642.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37642.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53796.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53796.exe
    3⤵
    PID:2768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21482.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21482.exe
      4⤵
      PID:900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40854.exe
        5⤵
        
        PID:3384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62286.exe
        5⤵
        
        PID:4320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57366.exe
        5⤵
        
        PID:5572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9924.exe
        5⤵
        
        PID:6228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26878.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26878.exe
      4⤵
      PID:3768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39291.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39291.exe
      4⤵
      PID:4688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51508.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51508.exe
      4⤵
      PID:5340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36343.exe
      4⤵
      PID:6332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14209.exe
      4⤵
      PID:7404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38564.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38564.exe
    3⤵
    PID:2680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47128.exe
      4⤵
      PID:3480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25555.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25555.exe
      4⤵
      PID:4856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21239.exe
      4⤵
      PID:5128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58926.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58926.exe
      4⤵
      PID:6924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65310.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65310.exe
    3⤵
    PID:3872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45156.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45156.exe
    3⤵
    PID:4664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42843.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42843.exe
    3⤵
    PID:5360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14538.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14538.exe
    3⤵
    PID:6808
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12531.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12531.exe
  2⤵
  PID:2320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16324.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16324.exe
    3⤵
    PID:2228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14377.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14377.exe
    3⤵
    PID:3244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29031.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29031.exe
    3⤵
    PID:5036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36903.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36903.exe
    3⤵
    PID:5788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22109.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22109.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7324
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6787.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6787.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1804
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48177.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48177.exe
  2⤵
  PID:4076
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4096.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4096.exe
  2⤵
  PID:5136
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50618.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50618.exe
  2⤵
  PID:6196
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34842.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34842.exe
  2⤵
  PID:7556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12210.exe

Filesize
468KB

MD5
9914877dd3c20435e1aba9018c08baf2

SHA1
7c3c8a314845bb1dbc852291363e99d5ba7b05d7

SHA256
bbf0ccc6509cd7164a2571d93ddcb2f45e15cd9030de16146c8a636179556016

SHA512
111a38d098702246b7a09c51f36ea73b62b7fbfb27d4b9a2b3eff00c816c91c2cbe6872adb391913d27a65dfe6fdba1d1302765abee9e7f8f578c091c75cece1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15583.exe

Filesize
468KB

MD5
ba4cc28dfc96e1f34988db2ace0fb3ca

SHA1
99567102b81e83911eb465d52adba2250c20c4e8

SHA256
217ed446b2a950f3e1d2226239fd5c64c85fe1964b69433c9b7101e716217711

SHA512
7fcd897d4d60b7c15a0a2e0ae47e5c3f0b479e4ed49cf24f1ea211b39cd14015c7d3a91381ef4c08b3945be2f5c0323c49fe7d395949f986778a2f8c209624ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56672.exe

Filesize
468KB

MD5
6f47c96f6def016d71fefed05b8bb80c

SHA1
c6c62cae4d412c03d4cc9ffd8b8f1a3c1f5f9812

SHA256
be25573f367b8124795d85ba36e3b5ae2c161effcf5c9384722043883f0ba51b

SHA512
34e22c6ea19fdec3cb309fab4c4164b1295f4cccef9366df89442b9945f94833343d73dca3fae40cd9b7b95cceb75f05959d0d1e91b341fad293c766cc3643e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7389.exe

Filesize
468KB

MD5
a05f79517bb33233123ab400300aee20

SHA1
796e5660797e418121ebaa699c35ad0f9e50e059

SHA256
7f475aee65735c18f1e3581800e194c6abf59f659b38ce99efffa2824fd045c0

SHA512
8e08ba5c878dac2defa4cd236e1e739e54fe4cacd87a9288d00f28ef1d2f749071c66a98cb0273db35951c6f0509059f96a06c422bb6853511052edb28656635

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8847.exe

Filesize
468KB

MD5
d3283cd9767c7a12b44cc18d23f441fd

SHA1
cf2b8df7f16b71a3e511b5152e995f9abb30dd36

SHA256
837b151197cb204ccf4f3e38604f7d835fac0cdb713327f78076acda0a0cc2a3

SHA512
c3ea768a45184cde4d368971af0378eef908a14eba684993e7b0db48e02cf7e6b00a1f653c8aa33293b104ced2f384f008d4e621a1cb17f5a8a6de7e75b074ce

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23179.exe

Filesize
468KB

MD5
28549315295520611d3975f8ffe21f4e

SHA1
736558d4bfdac6790dda36433b9a4612d7bcb958

SHA256
cd2d8af4f1426e4050502a6ab180dfc702f4e9f977529d9d0ff4e0a53843a3e3

SHA512
da8c8e4fa2d1c0622180033341b757caeedb6d0ceec0b0ecc1cfc19b7b2e1d2daf0cc1b2fef17dc247d26eb46ddbc7a5a74b2fc8c9641defc14ea23b90aef50b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28713.exe

Filesize
468KB

MD5
17a1cf6951eea35d74f6dc7ef977c159

SHA1
d4d1168cab13290cd633fa0bfd597393ea43912a

SHA256
9eed77f004c6971ffa177c6ad6b114078b1a1b2620d2236a4eacc89ceafdb09a

SHA512
3dbc3b036b30cf0111a0dd431e8b73238de3988918a2cab35381e3f101c676d83804a2bb021eec629ed6f43f9ce4026de899f74eeb31311c4697575efc49ed61

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30750.exe

Filesize
468KB

MD5
ca48a01aa08f5312472d75d3f78e710e

SHA1
45cc1963a1164712f0d06a82590397b5a324cabb

SHA256
e0269931f17a70c2227015ed82e3b565a2097942e982b38b27ac86e4c1b101fd

SHA512
0fe8f819217c53b54f519c412c3c9aff0c81f8dfda9e295e476b4a65ec9582355409dc27c3b6d48a99b739889c24acd239c45dd44cc34f50eee9ce4e2cda1dc5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36366.exe

Filesize
468KB

MD5
43b5ce5dbb6b1b9065cef7d4a27ad39b

SHA1
d69dc358ed922b7cdb7672df881cb376c36b914e

SHA256
79a06c695f2d5a8cc2681fe9bb4924caa4b9be1552f8f585f580053f1ae087a5

SHA512
e80fc15e73eb39916adf41a74d743a0b9e1db6fdb7309422fea852538a3ef7d22f6a7eb3a8710762fb7cdc2b540805caf98b42b7772350f2a13e10af68b8a8b7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36881.exe

Filesize
468KB

MD5
b641a6d56ef29f72cf828571be403834

SHA1
438525f4f78daaec80ea35af81cc1848940a78b0

SHA256
13a6a150d1d12b769f0de187a6df5d10d42df75cadc0625ca10804641abfce88

SHA512
caef5b028a86caacda0f9414fec892d2fc81168b188d506f3c3bdf8f6a01e068bae8740c75b57144fdebda9bddb00eeecea4f809c6b0b74d311831ed1c37506e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40446.exe

Filesize
468KB

MD5
95ef49d88e7f5f04d3dedd1a6a8166ae

SHA1
ea92714830a71adac32ddbfe860d1d165d7aa728

SHA256
5faf06451a0cb4799e32f874a7c83a46ca0a356cc77ad3d0d6d7a1faf29e6266

SHA512
598b521fd06c268bc94104b0ae382d10c0e58c27dc1754833387a59b0ef2f7a34bca63bd64e7cf3f463a25cef87a272f8cb295c067550aaaf2582bbba7ffb832

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46569.exe

Filesize
468KB

MD5
ca2db9c2c21a224341bcdde06eee61d1

SHA1
f114cb3772d9dee0596693856aaccc9d892c2820

SHA256
b88a9953da2a9ef0791940ee8c85cab6615f1a9ed77ac03c144e842f7d32eaa4

SHA512
c51dafbea77a93af68d6d580228d53ddd3eafb62eb3f3fc53c190f6d1534e4d3935c2589ef6ca96c76bdf43a4bfa7df9f9c51a294253220dd29a080b7a2e97fc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5095.exe

Filesize
468KB

MD5
5ab359d43aa00f2abc8dcff7e57b8241

SHA1
f0e6bb4d10d809fceee572a2120de42df9ac826b

SHA256
2dc35c5486adc08fa8bd38ce325dc63242dd67687f11733b76cddcc1c2908b10

SHA512
5ada6ab46c316d77400b8e4ef7cf24d2ea5c2b9eab63979f4952898a59189cccf44a88ced15de21efe510f4fcd0527a8e280fe584fc9fc80dae46c0fc07de1c4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-513.exe

Filesize
468KB

MD5
df78e5a92e23df6fc6b2b26654d47d94

SHA1
acebcfb3862765ba5192870e3d5b3ff46c58e85d

SHA256
7d75f1f937a34e42d87e189597befdc47c90a968000d2e9e25a1db624b1500c3

SHA512
881abfac8b1deac562cc64509895da436b0ae62578267fee0360075a7dc2e34fbc61cdf3ea041b39f84b653ae870e31fc31b1aafc8ae38b0bb42b9234ef597f1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54893.exe

Filesize
468KB

MD5
58cffbed8da2fd516ed79a2942be9e12

SHA1
0237f5a455d3a258a1e501f780573ebafea4b76f

SHA256
308ab32ab86bd59a20fb07cdc8db2654a0ce8e2a712b90985d8866a05efc5064

SHA512
16018cea32bd57087df19d790d3bd360244e19f8e8697aa8100b701e14e93d7f1f5a594eef8399043e85192ab1d64a96aa0115f8783bd7a836e41bfdeeb4c7be

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6080.exe

Filesize
468KB

MD5
ef9b364b75c867f9f67350837e239d9c

SHA1
479f7f3ec2920e8e4faaf37875e9f2b5653860a5

SHA256
8aa7ef0766327123379ab691d85537bf325aaa95d0c08a17a6e3f748f6cb849c

SHA512
d79e3049ab9303ebdf62deb0bfcf2f6d222433ced7350e9cc9f45ff103dbb24d73f07a197b8f274e349b01b99e81d74d5ac4fc1e912a965e71cbbb57178d5d84

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62350.exe

Filesize
468KB

MD5
5afb267cd2ea45ae69d40423cd7d8a8f

SHA1
4f8f6687db6afa7b20484400948d7593623fe89e

SHA256
4d0239aad5be64ef76771762053e45f442aa39e679913bb327c24fd5947b0b59

SHA512
0a0be0c3f781049c0fee024d9850c1f62f5ce9b6c9809c7922863cce265f3f2f115f281ae083dce406fcd7d84687bf0b7b9977dc0c92a2928059a58f15401158

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65313.exe

Filesize
468KB

MD5
9b5fb7a83098a24dd6640a4693fb2dbd

SHA1
2a340aa824b667116c017617adc89af6be4c8153

SHA256
3fe0960838bc01c80483671c61bfd067a6c1defa931f1a49d6093294ebcb5007

SHA512
7e2a2a386afe3f4064504ee62a12c999a215faea7ce405e7cb4238026adb0d9c4d4e5f6c97449a8f25cf5629e6164decdcde61d0f072044c1a37602d48763e47

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8100.exe

Filesize
468KB

MD5
b239d1777e8feda6e80b8e7c03db1aa6

SHA1
bb704b67d12ded837898ecfe3ac2f4e8a788d4b3

SHA256
8d20cc92ef8dcd34be72615de4c8bc197ec619bcc8ad9dfafe966c18aa4c08b6

SHA512
eea6b7bad3b6de10370c7dc4a347f7a4704d406f7560cbf6a6949cf170bf460acf05d6303577efd1d6759b6c02a435c43031de80de9a12da0f3351e5b301ddb9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8126.exe

Filesize
468KB

MD5
2ac7ceb553ee5884f100d35ac36a1e31

SHA1
1c0da79fa63937f9beb481f859955d94f79d9bbe

SHA256
b1dfd5027ab712189c143cfce1d73671b358327dbd97e227e344a9833024998e

SHA512
88b26307c1eee9399bf28768a229c38ac89091bbecff86318ed98ebd26e142e4bce8804081081a41dfa207b62d8d493fb8c747a5614f05bd85866af725cbc114

Download Submit